活动目录
参考地址斗学网 网站链接
-
一台服务器可以访问多个网站,每个网站都是一个虚拟主机
-
概念:域名(主机名)、DNS、解析域名、hosts
-
任何一个域名解析到这台机器,都可以访问的虚拟主机就是默认虚拟主机
[root@bogon conf]# cd /usr/local/apache/conf
[root@bogon conf]# ls
extra httpd.conf magic mime.types original
[root@bogon conf]# vim httpd.conf
[root@bogon conf]# vim extra/httpd-vhosts.conf //虚拟目录配置文件
[root@bogon conf]# cd extra
[root@bogon extra]# cp httpd-vhosts.conf httpd-vhosts-bak //文件进行备份
Part1 默认虚拟主机
<VirtualHost *:80>
ServerAdmin [email protected] //指定管理员邮箱
DocumentRoot "/usr/local/apache/docs/abc.com" //为该虚拟主机站点的根目录
ServerName abc.com //网站的域名
ServerAlias www.abc.com www.aaa.com //网站的第二域名,别名
</VirtualHost>
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
(1)Apache服务重启
[root@bogon docs]# /usr/local/apache/bin/apachectl -t
[root@bogon docs]# /usr/local/apache/bin/apachectl graceful
[root@bogon docs]# ps -ef | grep http
(2)文件编辑
[root@bogon apache]# mkdir docs
[root@bogon apache]# ls
bin build cgi-bin conf docs error htdocs icons include logs man manual modules
[root@bogon apache]# cd docs
[root@bogon docs]# ls
[root@bogon docs]# mkdie
-bash: mkdie: 未找到命令
[root@bogon docs]# mkdir abc.com
[root@bogon docs]# mkdir 111.com
[root@bogon docs]# vim abc.com/index.html //aaa.com
[root@bogon docs]# vim 111.com/index.html //111.com
(3)配置验证
[root@bogon docs]# curl -xlocalhost:80 www.abc.com
aaa.com
[root@bogon docs]# curl -xlocalhost:80 www.aaa.com
aaa.com
[root@bogon docs]# curl -xlocalhost:80 111.com
111.com
[root@bogon 111.com]# vim index.php
[root@bogon 111.com]# cat index.php
<?php
echo "111.com";
?>
[root@bogon 111.com]# curl -xlocalhost:80 111.com/index.php
111.com
Part2 用户认证
用户认证用来对某些目录中的网页进行访问控制,当用户访问这些页面的时候需要输入用户名和密码进行认证。
[root@bogon conf]# cd extra
[root@bogon extra]# vim extra/httpd-vhosts.conf //虚拟目录配置文件
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.aaa.com
<Directory /usr/local/apache/docs/abc.com>
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /usr/local/apache/docs/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
#<VirtualHost *:80>
# ServerAdmin [email protected]
# DocumentRoot "/usr/local/apache/docs/111.com"
# ServerName 111.com
# ErrorLog "logs/111.com-error_log"
# CustomLog "logs/111.com-access_log" common
#</VirtualHost>
1.整个网站的用户认证
(1)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
Syntax OK
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
httpd not running, trying to start
[root@bogon extra]# ps -ef | grep http
(2)新建用户、密码
[root@bogon extra]# /usr/local/apache/bin/htpasswd -cm /usr/local/apache/docs/.htpasswd xuan
New password:
Re-type new password:
Adding password for user xuan
htpasswd为创建用户的工具,-c为creat
-m为指定密码加密的方式为MD5
data/.htpasswd为密码文件
(3)测试配置
#状态码401
[root@bogon extra]# curl -xlocalhost:80 abc.com -I
HTTP/1.1 401 Unauthorized
Date: Thu, 29 Dec 2022 09:14:09 GMT
Server: Apache/2.4.39 (Unix)
WWW-Authenticate: Basic realm="abc.com user auth"
Content-Type: text/html; charset=iso-8859-1
#状态码200
[root@bogon extra]# curl -xlocalhost:80 -u xuan:xuan abc.com -I
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 09:17:12 GMT
Server: Apache/2.4.39 (Unix)
Last-Modified: Thu, 29 Dec 2022 07:44:41 GMT
ETag: "8-5f0f2a865b97a"
Accept-Ranges: bytes
Content-Length: 8
Content-Type: text/html
(4)主机访问
hosts文件
CentosIP地址 abc.com www.aaa.com www.abc.com 111.com
2.单个文件的用户认证
(1)文件配置
对admin.php进行用户认证限制
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.aaa.com
<FilesMatch admin.php>
AllowOverride AuthConfig
AuthName "abc.com user auth"
AuthType Basic
AuthUserFile /usr/local/apache/docs/.htpasswd
require valid-user
</FilesMatch>
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
[root@bogon abc.com]# cd /usr/local/apache/docs/abc.com
[root@bogon abc.com]# vim admin.php
[root@bogon abc.com]# cat admin.php
<?php
echo "abc.php --admin.php"
?>
(2)生成用户密码
[root@bogon extra]# /usr/local/apache/bin/htpasswd -cm /usr/local/apache/docs/.htpasswd xuan
New password: aaa
Re-type new password: aaa
Adding password for user xuan
(3)测试配置
[root@bogon abc.com]# curl -xlocalhost:80/admin.php abc.com -I//状态码401
[root@bogon abc.com]# curl -xlocalhost:80/admin.php -u xuan:aaa abc.com -I //状态码200
Part3 域名跳转
当我们变更网站域名或者申多个域名指向一个网站的时候,这个时候我们就会用到域名跳转。
(1)配置文件修改
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
运用正则:不满足以开头111.com和结尾的文件跳转到111.com,状态码返回为301
(2)服务配置
[root@bogon com]# /usr/local/apache/bin/apachectl -M | grep rewrite
#无回显,没有rewrite服务
[root@bogon com]# vim /usr/local/apache/conf/httpd.conf
在httpd.conf开启rewrite服务配置
(3)Apache服务重启
[root@bogon com]# /usr/local/apache/bin/apachectl -t
[root@bogon com]# /usr/local/apache/bin/apachectl graceful
(4)配置验证
[root@bogon com]# curl -xlocalhost:80 2111.com.cn -I //状态码301
[root@bogon com]# curl -xlocalhost:80 66.com.cn -I //状态码301
[root@bogon com]# curl -xlocalhost:80 2111.com.cn/admin.php -I //状态码301
Part4 访问日志
访问日志作用很大,不仅可以记录网站的访问情况,还可以在网站有异常发生时帮助我们定位问题。
[root@localhost docs]#vi /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common //默认是common
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" combined
</VirtualHost>
(2)Apache服务重启
[root@bogon com]# /usr/local/apache/bin/apachectl -t
[root@bogon com]# /usr/local/apache/bin/apachectl graceful
(3)验证配置
[root@bogon logs]# pwd
/usr/local/apache/logs
[root@bogon logs]# ^C
[root@bogon logs]# curl -xlocalhost:80 2111.com.cn/admin.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/admin.php">here</a>.</p>
</body></html>
[root@bogon logs]# cat abc.com-access_log
#新增
::1 - - [29/Dec/2022:21:12:23 +0800] "GET HTTP://2111.com.cn/admin.php HTTP/1.1" 301 232
Part5 访问日记不记录静态文件
静态文件通常是指不是由服务器生成的文件,例如脚本,CSS文件,图像等,但是必须在请求时发送给浏览器
相关命令配置前
[root@bogon extra]# vim httpd-vhosts.conf
CustomLog "logs/abc.com-access_log" combined
[root@bogon 111.com]# cd /usr/local/apache/docs/111.com
[root@bogon 111.com]# mkdir images
[root@bogon 111.com]# ls
images index.html index.php
[root@bogon images]# cd /usr/local/apache/docs/111.com/images
[root@bogon images]# ls
2.png
#重启Apache服务
[root@bogon images]# curl -xlocalhost:80 www.111.com/images/2.png -I
#状态码200,可以进行访问
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 13:31:57 GMT
Server: Apache/2.4.39 (Unix)
Last-Modified: Thu, 29 Dec 2022 13:30:07 GMT
ETag: "4e34-5f0f77bbd7f47"
Accept-Ranges: bytes
Content-Length: 20020
Content-Type: image/png
#查看日志
::1 - - [29/Dec/2022:21:31:57 +0800] "HEAD HTTP://www.111.com/images/2.png HTTP/1.1" 200 - "-" "curl/7.29.0"
相关命令配置后
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
#<IfModule mod_rewrite.c>
# RewriteEngine on
# RewriteCond %{HTTP_HOST} !^111.com$
# RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
# </IfModule>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
CustomLog "logs/111.com-access_log" combined env=!img
ErrorLog "logs/111.com-error_log"
#CustomLog "logs/abc.com-access_log" combined
</VirtualHost>
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
(3)验证配置
[root@bogon extra]# curl -xlocalhost:80 www.111.com/images/linux.png -I
HTTP/1.1 404 Not Found
Date: Thu, 29 Dec 2022 13:48:45 GMT
Server: Apache/2.4.39 (Unix)
Content-Type: text/html; charset=iso-8859-1
#可以正常访问,但日志文件无这条记录
Part6 访问日志切割
日志一直记录总有一天会把整个磁盘占满,所有有必要让他自动切割,并删除老的日志文件
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
#<IfModule mod_rewrite.c>
# RewriteEngine on
# RewriteCond %{HTTP_HOST} !^111.com$
# RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
# </IfModule>
SetEnvIf Request_URI ".*\.gif$" img
SetEnvIf Request_URI ".*\.jpg$" img
SetEnvIf Request_URI ".*\.png$" img
SetEnvIf Request_URI ".*\.bmp$" img
SetEnvIf Request_URI ".*\.swf$" img
SetEnvIf Request_URI ".*\.js$" img
SetEnvIf Request_URI ".*\.css$" img
ErrorLog "logs/111.com-error_log"
#变化部分 CustomLog "里面的内容"
CustomLog "|/usr/local/apache/bin/rotatelogs -l logs/www.111.com-access_%Y%m%d.log 86400" combined env=!img #CustomLog "logs/abc.com-access_log" combined </VirtualHost>
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)验证配置
[root@bogon logs]# cd /usr/local/apache/logs
[root@bogon logs]# ls
www.111.com-access_20221229.log
[root@bogon extra]# curl -xlocalhost:80 www.111.com -I
#在访问www.111.com时有对应日志文件(包含日期)生成
Part7 配置静态元素过期时间
浏览器访问网站的照片时会把静态的文件缓存在本地电脑里,这样下次再访问就不用远程下载了
(1)配置文件
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/111.com"
ServerName 111.com
#静态元素过期时间
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
ErrorLog "logs/www.111.com-error_log"
CustomLog "logs/www.111.com-access_log" combined
</VirtualHost>
(2)配置文件expire放开
#检查是否有expires模块
[root@bogon conf]# /usr/local/apache2.4/bin/apachectl -M | grep -i expires
expires_module (shared)
#添加expires模块
[root@bogon conf]# cd /usr/local/apache/conf
[root@bogon conf]# vim httpd.conf
(3)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(4)验证配置
[root@bogon conf]# curl -xlocalhost:80 www.111.com/images/2.png -I
HTTP/1.1 200 OK
Date: Thu, 29 Dec 2022 15:28:04 GMT
Server: Apache/2.4.39 (Unix)
Last-Modified: Thu, 29 Dec 2022 13:30:07 GMT
ETag: "4e34-5f0f77bbd7f47"
Accept-Ranges: bytes
Content-Length: 20020
Cache-Control: max-age=86400
Expires: Fri, 30 Dec 2022 15:28:04 GMT
Content-Type: image/png
日志文件
::1 - - [29/Dec/2022:23:28:04 +0800] "HEAD HTTP://www.111.com/images/2.png HTTP/1.1" 200 - "-" "curl/7.29.0"
Part8 防盗链
不让别人盗用你网站上的资源。这个资源,通常指的是图片、视频、歌曲、文档等。
(1)配置文件
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
ErrorLog "logs/111.com-error_log"
#配置防盗链
<Directory /usr/local/apache/docs/www.111.com>
SetEnvIfNoCase Referer "http://www.111.com" local_ref
SetEnvIfNoCase Referer "http://111.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
</VirtualHost>
//首先定义允许访问链接的referer,其中^$为空referer
//当直接在浏览器里输入图片地址去访问它时,它的referer就为空
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)配置验证
curl -e "http://www.douxue.com/123.php" -xlocalhost:80 www.111.com/images/2.png -I //状态码403
curl -e "http://www.111.com/123.php" -xlocalhost:80 www.111.com/images/2.png -I //状态码200
curl -xlocalhost:80 www.111.com/images/2.png -I //自定义referer 回显200
Part9 访问控制白名单
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
#访问控制-白名单
<Directory /usr/local/apache/docs/www.111.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
(2)Apache服务开启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)验证配置
[root@bogon www.111.com]# curl -xlocalhost:80 www.111.com/admin/123.php -I//状态码403
[root@bogon www.111.com]# curl -x127.0.0.1:80 www.111.com/admin/123.php -I //状态码200
拓展:针对www.111.com下admin.php开头的网站访问
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
#访问控制-白名单
<Directory /usr/local/apache/docs/www.111.com>
<FileMatch admin.php(.*)>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FileMatch>
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[root@bogon www.111.com]# cd /usr/local/apache/docs/www.111.com
[root@bogon www.111.com]# cat admin.php
<?php
echo "www.111.com --123.php";
?>
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)验证配置
[root@bogon www.111.com]# curl -x127.0.0.1:80 www.111.com/admin.php?vcaf -I
#状态码200
Part10 访问控制-禁止解析PHP
对于使用PHP语言编写的网站,有一些目录是有需求上传文件的。如果网站代码有漏洞,让黑客上传了一个用PHP写的木马,由于网站可以执行PHP程序,最终会让黑客拿到服务器权限。
为了避免这种情况发生,我们需要把能上传文件的目录直接禁止解析PHP代码。
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
ErrorLog "logs/111.com-error_log"
#访问控制:禁止php解析
<Directory /usr/local/apache2.4/docs/www.111.com/upload>
php_admin_flag engine off
</Directory>
</Directory>
</VirtualHost>
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)验证配置
[root@bogon extra]# curl -xlocalhost:80 www.111.com/upload/123.php
<?php
echo "www.111.com --123.php";
?>
#只显示源码,未解析
Part11 访问控制-user agent
(1)文件配置
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "/usr/local/apache2.4/docs/www.111.com"
ServerName www.111.com
ServerAlias 111.com
ErrorLog "logs/111.com-error_log"
#访问控制:user_agent
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC]
RewriteRule .* - [F]
</IfModule>
</VirtualHost>
(2)Apache服务重启
[root@bogon extra]# /usr/local/apache/bin/apachectl -t
[root@bogon extra]# /usr/local/apache/bin/apachectl graceful
[root@bogon extra]# ps -ef | grep http
(3)配置验证
curl -xlocalhost:80 www.111.com/upload/123.php //状态码403