Apache用户认证,域名跳转，访问日志

Apache用户认证

当设置了用户认证后，用户访问网站时，需要输入用户名和密码才能访问。
可以全局设置，也可以为某几个虚拟主机单独配置。
下面以全局配置进行操作示例。

• 编辑httpd.conf进行配置

[root@test-a ~]# vim /usr/local/apache2.4/conf/httpd.conf

• 找到"<Directory"，并添加修改相应的配置内容如下

<Directory "/usr/local/apache2.4/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   AllowOverride FileInfo AuthConfig Limit
    #
    # AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    # Require all granted

    ALLOWOVERRIDE AuthConfig # 这里相当于打开了认证开关
    AuthType Basic # 认证类型，一般使用Basic
    AuthName "test" # 自定义认证的名字，作用不大
    AuthUserFile /data/.webpasswd # 认证秘钥文件（使用apche自带的工具生成)
    require valid-user # 指定需要认证的用户为全部用户
</Directory>

• 创建认证文件，添加认证用户

[root@test-a ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.webpasswd test  # -c 创建密钥文件,-m 使用md5加密
New password:
Re-type new password:
Adding password for user test

# 已有文件,添加用户
[root@test-a ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.webpasswd test1
New password:
Re-type new password:
Adding password for user test1

• 校验配置修改正确性

[root@test-a ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK

• 重新加载配置

[root@test-a ~]# /usr/local/apache2.4/bin/apachectl graceful

• 测试

[root@test-a ~]# curl -x127.0.0.1:80 www.123.com  # 返回401错误码
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

[root@test-a ~]# curl -x127.0.0.1:80 -utest:test www.123.com  # 带用户名密码,访问OK
<html><body><h1>It works!</h1></body></html>

域名跳转

• vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/tmp/web-default" # 网站资源目录
    ServerName test.com  # 域名
    ServerAlias www.test.com www.123.com # 域名别名
    <IfModule mod_rewrite.c> # 需要mod_rewrite模块支持
            RewriteEngine on  #打开rewrite功能
            RewriteCond %{HTTP_HOST} !^www.123.com$  # 定义rewrite的条件，主机名（域名）不是www.123.com满足条件
            RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] # 定义rewrite规则，当满足上面的条件时，这条规则才会执行，301是永久重定向，302是临时重定向，临时的不会增加搜索引擎的权重，一般都是用301
    </IfModule>
</VirtualHost>  

• 需要检查rewrite模块是否打开

[root@test-a apache2.4]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
# 删除httpd.conf 里 rewrite_module (shared) 前面的#
# 重新加载配置
[root@test-a apache2.4]# /usr/local/apache2.4/bin/apachectl graceful

• 测试

# curl -x127.0.0.1:80 -I www.123.com
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Nov 2018 08:10:20 GMT
Server: Apache/2.4.37 (Unix) PHP/5.6.32
Location: http://www.123.com/
Content-Type: text/html; charset=iso-8859-1

Apache访问日志

• 访问日志记录用户的每一个请求
• vim /usr/local/apache2.4/conf/httpd.conf
• 搜索LogFormat

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined LogFormat "%h %l %u %t "%r" %>s %b" common
h来源ip、l用户密码、u用户、t时间、r行为，网址、s状态码、b大小
{Referer}浏览器进入一个网站后的第二个页面，referer记录的日志的就是第一个访问页面的网址是什么、在百度中搜索进入开源中国网站首页后，referer记录的就是百度搜出来的结果页面网址
{User-Agent}用户代理（怎么获得网址内容，是浏览器还是curl）