这里写目录标题
前言
在企业中,部署Apache后只采用默认的配置参数,会引发网站很多问题,换言之默认配置是针对以前较低的服务器配置的,随着互联网时代的发展,之前的默认配置已经不适用于现在了。
一、网页压缩
①检查是否安装mod_deflate模块
apachectl -t -D DUMP_MODULES | grep "deflate"
②如果没有安装mod_deflate模块,重新编译安装Apache添加mod_deflate模块
systemctl stop httpd.service #停止httpd服务
cd /usr/local/httpd/conf/
mv httpd.conf httpd.conf.bak #备份配置文件
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel #安装依赖包
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate #加入mod_deflate模块
make -j 4 && make install #编译安装
③配置 mod_deflate 模块启用
vim /usr/local/httpd/conf/httpd.conf
Listen 192.168.153.10 #52行,修改IP地址
LoadModule deflate_module modules/mod_deflate.so #105行,取消注释,开启 mod_deflate 模块
ServerName www.muzi.com:80 #199行,取消注释,修改域名
--末行添加--
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
#代表对哪些内容启用gzip压缩
DeflateCompressionLevel 9 #代表压缩级别,范围为1~9
SetOutputFilter DEFLATE #代表启用deflate模块对本站点的输出进行gzip压缩
④检查安装情况,启动服务
apachectl -t 或者 httpd -t #验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "deflate" #检查 mod_deflate 模块是否以安装
deflate_module (shared) #已安装的正确结果
systemctl start httpd.service
⑤测试 mod_deflate 压缩是否生效
cd /usr/local/httpd/htdocs
先将music.jpg文件传到/usr/local/httpd/htdocs目录下
vim index.html
<html><body><hl>I opened my eyes last night and saw you in the low light.
Walking down by the bay, on the shore,staring up at the planes that aren't there anymore
I was feeling the night grow old and you were looking so cold
Like an introvert, I drew my over shirt.Around my arms and began to shiver violently before
You happened to look and see the tunnels all around me.Running into the dark underground</hl>
<img src="music.jpg"/>
</body></html>
-
方法一
在Linux系统中,打开火狐浏览器,右击点查看元素
选择 网络 —> 选择 HTML,WS,其他
访问 http://192.168.153.10 ,双击200响应消息查看响应头中包含 Content-Encoding:“gzip” -
方法二
在Windows系统中依次安装Microsoft,NET4和fiddler软件,打开fiddler 软件
选择 inspectors —> 选择 Headers
浏览器访问 http://192.168.153.10,双击200响应消息查看Content-Encoding:“gzip”
二、网页缓存
①检查是否安装 mod_expires 模块
apachectl -t -D DUMP_MODULES | grep "expires"
②如果没有安装 mod_expires 模块,重新编译安装Apache添加 mod_expires 模块
systemctl stop httpd.service
cd /usr/local/httpd/conf/
mv httpd.conf httpd.conf.bak1
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires #加入mod_expires模块
make -j 4 && make install
③配置 mod_expires 模块启用
vim /usr/local/httpd/conf/httpd.conf
Listen 1192.168.153.10:80 #修改52行
LoadModule expires_module modules/mod_expires.so #111行,取消注释,开启 mod_expires 模块
ServerName www.wt.com:80 #199行,取消注释,修改
--末行添加--
<IfModule mod_expires.c>
ExpiresActive On #打开网页缓存功能
ExpiresDefault "access plus 60 seconds" #设置缓存60秒
</IfModule>
④检查安装情况,启动服务
apachectl -t 或者 httpd -t #验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "expires" #检查 mod_expires 模块是否以安装
expires_module (shared) #已安装的正确结果
systemctl start httpd.service
⑤测试缓存是否生效
cat /usr/local/httpd/htdocs/index.html
-
方法一
在Linux系统中,打开火狐浏览器,右击点查看元素
选择 网络 —> 选择 HTML,WS,其他
访问 http://192.168.153.10,双击200响应消息查看响应头中包含 Expires 项 -
方法二
在Windows系统中依次安装Microsoft,NET4和fiddler软件,打开fiddler 软件
选择 inspectors —> 选择 Headers
浏览器访问 http://192.168.153.10,双击200响应消息查看 Expires 项
三、隐藏版本信息
vim /usr/local/httpd/conf/httpd.conf
Include conf/extra/httpd-default.conf #491行,取消注释
vim /usr/local/httpd/conf/extra/httpd-default.conf
ServerTokens Prod #55行,将原本的Full改为Prod,只显示名称,没有版本
#ServerTokens表示Server回送给客户端的响应头域是否包含关于服务器os 类型和编译过的模块描述信息。
systemctl restart httpd.service
浏览器访问 http://192.168.153.10, 双击200响应消息查看 Server 项
四、Apache防盗链
①检查是否安装mod_rewrite模块
apachectl -t -D DUMP_MODULES | grep "rewrite"
②如果没有安装mod_rewrite模块,重新编译安装 Apache 添加 mod_rewrite模块
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \ #加入mod_rewrite模块
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
make && make install
④启用mod_rewrite模块
vim /usr/ local/httpd/conf/httpd .conf
LoadModule rewrite_module modules/mod_rewrite.so #157行,取消注释
<Directory "/usr/local/httpd/htdocs"> #224行
options Indexes FollowSymLinks
AllowOverride None
Require all granted
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://wt.com/.*$ [NC] #打开rewrite功能,加入mode_rewrite模块内容
RewriteCond %{HTTP_REFERER} !^http://wt.com$ [NC] #设置匹配规则
RewriteCond %{HTTP_REFERER} !^http://www.wt.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.wt.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.wt.com/error.jpg #设置跳转动作
</Directory>
解释:
RewriteCond %{HTTP_REFERER} !^http://www.muzi.com/.*$ [NC] 的字段含义:
“%{HTTP_REFERER}”:存放一个链接的URL,表示从哪个链接访问所需的网页。
“!^”:表示不以后面的字符串开头。
“http://www.wt.com” :是本网站的路径,按整个字符串匹配。
“.*$”:表示以任意字符结尾。
“[NC]”:表示不区分大小写字母。
⑤网页准备
Web源主机配置:
cd /usr/local/httpd/htdocs
将music.jpg、error.png文件传到/usr/local/httpd/htdocs目录下
vim index.html
<html><body><h1>this is wt.com!</h1>
<img src="game.jpg"/> " "内为图片文件名
</body></html>
echo "192.168.199.10 www.wt.com" >> letc/hosts
echo "192.168.199.20 www.abc.com" >>/etc/hosts
盗链网站主机:
cd /usr/local/httpd/htdoes #yum安装的httpd服务的默认路径为/var/www/html/
vim index.html
<html><body><hl>this is abc.com!</h1>
<img src="http://www.wt.com/music.jpg"/> #" "内为图片地址
</body></html>
echo "192.168.153.10 www.wt.com" >> letc/hosts
echo "192.168.153.12 www.abc.com" >>/etc/hosts
⑥在盗图然站主机上进行浏览器验证
http://www.abc.com