1.Apache用户认证
用户在访问网站的时候,需要输入用户名和密码才能进行访问,一些重要的网站或者后台,通常会加上用户认证,目的是保证安全。
编辑虚拟主机配置文件,“vim /usr/local/apache2/conf/extra/httpd-vhosts.conf”,修改第二段,如下所示:
<VirtualHost *:80> DocumentRoot "/data/wwwroot/aaa.com" ServerName aaa.com <Directory /data/wwwroot/aaa.com> #指定认证的目录 AllowOverride AuthConfig #打开认证的开关 AuthName "aaa.com user auth" #自定义认证的名字 AuthType Basic #认证的类型,一般为Basic AuthUserFile /data/.htpasswd #指定密码文件所在位置 require valid-user #指定需要认证的用户为全部可用用户 </Directory> ServerAlias www.aaa.com ErrorLog "logs/aaa.com-error_log" CustomLog "logs/aaa.com-access_log" common </VirtualHost>
创建密码文件:
[root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/htpasswd -cm /data/.htpasswd yuioplv #htpasswd命令为创建用户密码的工具,-c为create,-m指定密码加密方式为MD5;/data/htpasswd为密码文件,yuioplv为要创建的用户,第一次执行该命令需要加-c,第二次创建的时候不用去加-c,否则会将之前的用户清空 New password: Re-type new password: Adding password for user yuioplv
验证没有问题重新加载;
[root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl graceful
使用curl直接访问aaa.com,提示401;-u选项加入用户名和密码,即可正常访问;
编辑Windows的hosts文件,将aaa.com加入到hosts中,保存后在浏览器中输入“aaa/com”,提示输入用户名及密码,输入之后,就会进入到aaa.com。
也可以针对某个目录或者某个文件进行认证,编辑虚拟主机配置文件;
<VirtualHost *:80> DocumentRoot "/data/wwwroot/aaa.com" ServerName aaa.com <FilesMatch 123.php> AllowOverride AuthConfig AuthName "aaa.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch> ServerAlias www.aaa.com ErrorLog "logs/aaa.com-error_log" CustomLog "logs/aaa.com-access_log" common </VirtualHost>
重新加载,可以看到不输入密码,提示401;
2.域名跳转
一个网站可能会有多个域名,当访问一个网站的时候,浏览器里面的网址就会变为另外一个网址,这个过程就是域名的跳转过程。主要有两个方面的作用:第一,一个站点有多个域名会对SEO有影响,也就是对百度搜索关键词的排名有影响,如果把多个域名全部跳转到指定的一个域名,这样以这个域名为中心,就可以把权重集中在这个域名上,所以搜索关键词的排名也就靠前了;第二,如果之前的某个域名不再使用了,但是搜索引擎还留着之前老域名的连接,这意味着用户可能会搜到我们的网站并且点击老的域名,所以需要把老域名做个跳转到新域名,这样用户在搜索的过程中,也可以访问到网站。
编辑虚拟主机配置文件:/usr/local/apache2/conf/extra/httpd-vhosts.conf;
<VirtualHost *:80> DocumentRoot "/data/wwwroot/aaa.com" ServerName aaa.com <IfModule mod_rewrite.c> #需要mod_rewrite模块支持 RewriteEngine on #打开rewrite功能 RewriteCond %{HTTP_HOST} !^aaa.com$ #定义rewrite的条件,主机名(域名)不是aaa.com满足条件 RewriteRule ^/(.*)$ http://aaa.com/$1 [R=301,L] #定义rewrite规则,当满足上面的条件时,这条规则才会执行 </IfModule> ServerAlias www.aaa.com ErrorLog "logs/aaa.com-error_log" CustomLog "logs/aaa.com-access_log" common </VirtualHost>
使用命令“/usr/local/apache2/bin/apachectl -M|grep -i rewrite”查看是否加载了rewrite模块,若没有输出,需要去在配置文件中设置,
编辑/usr/local/apache2/conf/httpd.conf,搜索rewrite,如图所示,删除该行的#号;
重新加载;
[root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl -M|grep -i rewrite rewrite_module (shared) [root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl graceful
配置完成后,进行测试,可以看到www.aaa.com跳转到了aaa.com上。
[root@yuioplvlinux-128 ~]# curl -x127.0.0.1:80 -I aaa.com
HTTP/1.1 200 OK
Date: Tue, 29 May 2018 14:51:08 GMT
Server: Apache/2.4.33 (Unix) PHP/7.1.6
Last-Modified: Mon, 28 May 2018 13:30:54 GMT
ETag: "8-56d4420899e92"
Accept-Ranges: bytes
Content-Length: 8
Content-Type: text/html
[root@yuioplvlinux-128 ~]# curl -x127.0.0.1:80 -I www.aaa.com #状态码为301,跳转后的网址为http://aaa.com/
HTTP/1.1 301 Moved Permanently
Date: Tue, 29 May 2018 14:51:24 GMT
Server: Apache/2.4.33 (Unix) PHP/7.1.6
Location: http://aaa.com/
Content-Type: text/html; charset=iso-8859-1
3.配置Apache访问日志
访问日志不仅可以记录网站的访问情况,还可以在网站有异常发生时帮助去定位问题。
之前定义的日志目录是:logs/aaa.com-access_log,它是存放在/usr/local/apache2/目录下;
[root@yuioplvlinux-128 ~]# cat /usr/local/apache2/logs/aaa.com-access_log 192.168.30.128 - - [28/May/2018:21:31:36 +0800] "GET HTTP://aaa.com/ HTTP/1.1" 200 8 192.168.30.1 - - [28/May/2018:23:30:17 +0800] "GET / HTTP/1.1" 200 8 192.168.30.1 - - [28/May/2018:23:30:26 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.30.1 - - [28/May/2018:23:30:59 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:31:00 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:31:01 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:31:02 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:32:36 +0800] "GET / HTTP/1.1" 401 381 192.168.30.1 - yuioplv [28/May/2018:23:32:53 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:13 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:14 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:15 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:16 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:27 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:28 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:28 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:29 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [28/May/2018:23:49:39 +0800] "GET /1.php HTTP/1.1" 404 203 192.168.30.1 - yuioplv [28/May/2018:23:49:49 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [28/May/2018:23:49:52 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [28/May/2018:23:49:53 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [28/May/2018:23:49:53 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [28/May/2018:23:49:54 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.128 - - [28/May/2018:23:50:24 +0800] "GET HTTP://aaa.com/ HTTP/1.1" 200 8 192.168.30.128 - - [28/May/2018:23:50:30 +0800] "GET HTTP://aaa.com/123.php HTTP/1.1" 401 381 192.168.30.128 - - [28/May/2018:23:50:38 +0800] "HEAD HTTP://aaa.com/123.php HTTP/1.1" 401 - 192.168.30.128 - - [28/May/2018:23:53:43 +0800] "GET HTTP://aaa.com/ HTTP/1.1" 401 381 192.168.30.128 - - [28/May/2018:23:54:25 +0800] "GET HTTP://aaa.com/ HTTP/1.1" 401 381 192.168.30.128 - - [28/May/2018:23:54:32 +0800] "HEAD HTTP://aaa.com/ HTTP/1.1" 401 - 192.168.30.128 - yuioplv [28/May/2018:23:55:10 +0800] "HEAD HTTP://aaa.com/ HTTP/1.1" 200 - 192.168.30.128 - yuioplv [29/May/2018:00:00:51 +0800] "HEAD HTTP://aaa.com/123.php HTTP/1.1" 200 - 192.168.30.128 - - [29/May/2018:00:01:17 +0800] "HEAD HTTP://aaa.com/123.php HTTP/1.1" 401 - 192.168.30.1 - yuioplv [29/May/2018:00:03:55 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [29/May/2018:00:03:57 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - yuioplv [29/May/2018:00:04:07 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.30.1 - - [29/May/2018:00:04:14 +0800] "GET / HTTP/1.1" 304 - 127.0.0.1 - - [29/May/2018:22:51:08 +0800] "HEAD HTTP://aaa.com/ HTTP/1.1" 200 - 127.0.0.1 - - [29/May/2018:22:51:24 +0800] "HEAD HTTP://www.aaa.com/ HTTP/1.1" 301 - 192.168.30.1 - - [29/May/2018:23:00:23 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [29/May/2018:23:00:24 +0800] "GET /favicon.ico HTTP/1.1" 404 209
打开主配置文件,搜索LogFormat,可以看到两个格式的日志;
%h为访问网站的IP;%l为远程登录名;%u为用户名,当使用用户认证时,这个字段为认证的用户名;%t为时间,%r为请求的动作;%s为请求的状态码,写成%>s为最后的状态码;%b为传输数据大小;%{Referer}i为referer信息(请求本次地址上一次的地址就为referer);%{User-Agent}i为浏览器标识;
编辑虚拟机主配置文件,将common改为combined;
重新加载;
[root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@yuioplvlinux-128 ~]# /usr/local/apache2/bin/apachectl graceful
加载成功后,使用curl和浏览器访问一下,可以看到生成了新的日志。
[root@yuioplvlinux-128 ~]# tail /usr/local/apache2/logs/aaa.com-access_log 127.0.0.1 - - [29/May/2018:22:51:08 +0800] "HEAD HTTP://aaa.com/ HTTP/1.1" 200 - 127.0.0.1 - - [29/May/2018:22:51:24 +0800] "HEAD HTTP://www.aaa.com/ HTTP/1.1" 301 - 192.168.30.1 - - [29/May/2018:23:00:23 +0800] "GET / HTTP/1.1" 304 - 192.168.30.1 - - [29/May/2018:23:00:24 +0800] "GET /favicon.ico HTTP/1.1" 404 209 127.0.0.1 - - [29/May/2018:23:53:51 +0800] "HEAD HTTP://www.aaa.com/ HTTP/1.1" 301 - "-" "curl/7.29.0" 192.168.30.1 - - [29/May/2018:23:55:46 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" 192.168.30.1 - - [29/May/2018:23:55:47 +0800] "GET / HTTP/1.1" 200 8 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" 192.168.30.1 - - [29/May/2018:23:55:48 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" 192.168.30.1 - - [29/May/2018:23:55:48 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" 192.168.30.1 - - [29/May/2018:23:55:49 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"