171220---LAMP Apache用户认证, 域名跳转 ,Apache访问日志

最新推荐文章于 2024-01-22 14:48:51 发布

原创最新推荐文章于 2024-01-22 14:48:51 发布 · 402 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#centos

本文介绍如何在Apache中配置用户认证，包括为整个站点或单个文件设置基本认证的过程，以及如何创建和使用.htpasswd文件存储用户名密码。此外，还介绍了如何配置Apache访问日志，以便记录用户的每一次请求。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Apache用户认证

用户认证的目的很简单：就是用户在访问的时候需要数用户名和密码，为了提高更好的安全性。

[root@node25 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>

创建密码文件

使用htpasswd命令

[root@node25 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
New password:
Re-type new password:
Adding password for user aming
[root@node25 ~]# cat /data/.htpasswd
aming:$apr1$EbCi5PBt$mmAFEZoVfX.s6Yn8tiJ3d.
[root@node25 ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[root@node25 ~]# cat /data/.htpasswd
aming:$apr1$EbCi5PBt$mmAFEZoVfX.s6Yn8tiJ3d.
zhangsan:$apr1$vlvUNv4V$5ofnhcurY8r9LXQbCcVVo1

[root@node25 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node25 ~]# /usr/local/apache2.4/bin/apachectl restart

[root@node35 php-5.6.30]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[root@node35 php-5.6.30]#

[root@node35 php-5.6.30]# curl -x127.0.0.1:80 -uaa:123456 111.com -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 04:43:07 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

还可以针对单个文件进行认证

[root@node35 php-5.6.30]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

# <Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
# </Directory>

[root@node35 php-5.6.30]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 php-5.6.30]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 php-5.6.30]# vi /data/wwwroot/111.com/123.php
[root@node35 php-5.6.30]# cat /data/wwwroot/111.com/123.php
<?php
echo "123.php";

[root@node35 ~]# echo alsdjfl
alsdjfl
[root@node35 ~]# curl -x127.0.0.1:80 -uaa:123456 111.com
111.com[root@node35 ~]# curl -x127.0.0.1:80 111.com

[root@node35 ~]# curl -x127.0.0.1:80 -uaa:123456 111.com
111.com[root@node35 ~]# curl -x127.0.0.1:80 111.com
111.com[root@node35 ~]# curl -x127.0.0.1:80 111.com/123.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 21 Dec 2017 04:52:29 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

[root@node35 ~]# curl -x127.0.0.1:80 -uaa:123456 111.com/123.php -I

[root@node35 ~]# curl -x127.0.0.1:80 -uaa:123456 111.com/123.php
123.php[root@node35 ~]#

域名跳转

需求，把123.com域名跳转到www.123.com，配置如下：

[root@node35 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>

[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful

检查是否加载rewrite模块
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[root@node35 ~]# vi /usr/local/apache2.4/conf/httpd.conf
[root@node35 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)

[root@node35 ~]# curl -x127.0.0.1:80 111.com
111.com[root@node35 ~]# curl -x192.168.25.35:80 111.com
111.com[root@node35 ~]# curl -x192.168.25.35:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Dec 2017 05:25:43 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

[root@node35 ~]# curl -x192.168.25.35:80 2111.com.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>

Apache访问日志

访问日志记录用户的每一个请求
vi /usr/local/apache2.4/conf/httpd.conf LogFormat "%h %I %u %t "%r" %>s %b "%{Referer}i""%{User-Agent}i""combined LogFormat "%h %I %u %t "%r" %>s %b "common
将虚拟主机配置文件改成如下： <VirtualHost *:80> DocumentRoot "/data/wwwroot/www.111.com" ServerName www.111.com ServerAlias 111.com Customlog "logs/111.com-access_log"combined </VirtualHost>
重新加载配置文件-t，graceful
curl -x 127.0.0.1:80 -I 111.com
tail /usr/local/apache2.4/logs/111.com-access_log

[root@node35 ~]# ls /usr/local/apache2.4/logs/
111.com-access_log abc.com-access_log access_log httpd.pid
111.com-error_log abc.com-error_log error_log
[root@node35 ~]# cat /usr/local/apache2.4/logs/111.com-access_log
192.168.25.35 - - [21/Dec/2017:12:28:42 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:38:22 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
192.168.25.1 - - [21/Dec/2017:12:39:43 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aaa [21/Dec/2017:12:41:28 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aaa [21/Dec/2017:12:41:39 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aa [21/Dec/2017:12:41:58 +0800] "GET / HTTP/1.1" 200 7
192.168.25.1 - aa [21/Dec/2017:12:41:58 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - aa [21/Dec/2017:12:43:07 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aa [21/Dec/2017:12:50:36 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aa [21/Dec/2017:12:50:46 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:51:00 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:52:29 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401

[root@node35 ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

将CustomLog "logs/111.com-access_log" common中的common改为combined

[root@node35 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@node35 ~]# curl -x192.168.25.35:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 05:42:32 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

[root@node35 ~]# cat /usr/local/apache2.4/logs/111.com-access_log

[root@node35 ~]# tail /usr/local/apache2.4/logs/111.com-access_log
192.168.25.1 - "" [21/Dec/2017:13:15:22 +0800] "GET /123.php HTTP/1.1" 401 381
192.168.25.1 - aa [21/Dec/2017:13:15:41 +0800] "GET /123.php HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:13:25:10 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:27 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:43 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.25.35 - - [21/Dec/2017:13:26:00 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
192.168.25.1 - aa [21/Dec/2017:13:40:58 +0800] "GET /123.php HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:41:41 +0800] "HEAD http://111.com/123.com HTTP/1.1" 404 -
192.168.25.35 - - [21/Dec/2017:13:42:11 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
192.168.25.35 - - [21/Dec/2017:13:42:32 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"