11.18 Apache用户认证
用户认证,就是打开一个网站后提示需要输入用户和密码,这个认证方式是指打开页面以后需要输入用户和密码以后,才能浏览页面内容,能增加安全性,不好的就是体验不好(需求无处不在,可能就会有这样的需求)
常用于,管理页面的二次加密,增加安全性
修改虚拟主机配置文件
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<Directory /data/wwwroot/www.123.com> //指定认证的目录
AllowOverride AuthConfig //这个相当于打开认证的开关
AuthName"123.com user auth" //自定义认证的名字,作用不大
AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定需要认证的用户为全部可用用户
</Directory>
</VirtualHost>
修改了配置文件记得,检查语法是否错误,和重启服务
修改完之后,需要去生成密码文件 .htpasswd
/usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
命令理解: -c 创建htpasswd 文件 -m 使用MD5加密 文件存放路径为 /data/.htpasswd 用户为aming
第一次需要加入-c选项,创建过一次以后,就可以不用再加 -c 选项了
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
New password:
Re-type new password:
Adding password for user aming
查看一下是否创建了相关的文件
因为使用了-m 选项 所以查看到的密码是加密后的密码
[root@localhost ~]# cat /data/.htpasswd
aming:$apr1$KBIYP2RK$MMT6QV0vo20BxFEgezKKf1
创建好用户、密码、密码文件以后测试一下运行结果
[root@localhost ~]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
[root@localhost ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Mon, 31 Jul 2017 14:28:01 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
提示错误码401,需要进行认证,认证方式 Basic
开网页测试,需要修改本地的hosts 增加 “192.168.133.130 111.com”
这时打开111.com的时候提示需要输入用户名和密码
也可以使用curl 直接输入用户名密码,进行测试
curl -x127.0.0.1:80 -uaming:123123 111.com -I
[root@localhost ~]# curl -x127.0.0.1:80 -uaming:123123 111.com -I
HTTP/1.1 200 OK
Date: Mon, 31 Jul 2017 14:37:37 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
提示码200,表示页面正常
针对单个文件进行认证
<FilesMatcha 123.php> //针对 admin.php文件 只有打开这个文件才会执行下面的操作
AllowOverrideAuthConfig
AuthName"123.com user auth"
AuthTypeBasic
AuthUserFile/data/.htpasswd
require valid-user
</FilesMatch>
修改了配置文件记得,检查语法是否错误,和重启服务
修改以后需要创建一个123.php 的文件
创建文件结束
[root@localhost ~]# curl -x127.0.0.1:80 111.com
111.com
[root@localhost ~]# curl -x127.0.0.1:80 111.com/123.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
测试发现,111.com输入用户名也能正常访问了,111.com/123.php却提示了401。证明配置文件生效了
11.19/11.20 域名跳转
新需求,域名跳转;常用于 就域名跳转到新域名,因为老用户已经习惯记住一个域名了,突然页面换到了新的域名,就需要做这个操作
因为域名涉及到一个SEO的东西,这东西会对网站的内容进行一个价值权重定义,旧网站价值高,会一直存在各大搜索引擎,会对新网站产生不可预料的影响,所以为了让老用户,和搜索引擎把重心转移到新网站,所以就需要做一个老域名跳转到新域名的操作\
增加一个配置
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持
RewriteEngineon //打开rewrite功能
RewriteCond %{HTTP_HOST} !^111.com$ //定义rewrite的条件,主机名(域名)不是www.111.com满足条件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行
</IfModule>
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]
- ^/(.)$ 理解为: 非域名以外剩下的部分, / 斜杠表示域名后面的斜杠,(.)就是 / 斜杠后的所有, $表示结束语句
- 凡是以 ^/(.)$ 域名的 都会跳转到 http://www.123.com/(.)
- 例如:^/(.*)/([1-9]+)$ 跳转就可以写成 http://www.123.com/$1/$2
- 301状态码为永久重定向,302是临时重定向
- [R=301,L] R=301 就是状态码,表示永久重定向, L 表示 只跳转1次就结束
测试前需要检查 Apache是否加载了 rewrit 模块
/usr/local/apache2.4/bin/apachectl -M |grep rewrite
如果没有加载,需要到httpd.conf配置下 打开模块加载 再次查询发现模块已经加载
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
开始测试
测试前,需要把2111.com.cn也加到hosts里面去,不然,无法访问
curl -x可以使用127.0.0.1也可以是192.168.133.130 进行测试,因为80端口监听的是全网
什么是监听全网
[root@localhost ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1107/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1871/master
tcp6 0 0 :::80 :::* LISTEN 2266/httpd
tcp6 0 0 :::22 :::* LISTEN 1107/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1871/master
因为80端口默认是:::80,表示监听全网
什么是全网,就是这台主机上所有的网卡的IP
[root@localhost ~]# curl -x192.168.133.130:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Mon, 31 Jul 2017 16:31:31 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
状态码301,跳转的是111.com 证明是配置没错
11.21 Apache访问日志
每一次访问,每一次请求,都会生成一个日志
因为之前创建默认虚拟主机的时候,设置了日志存放日志地方 CustomLog "logs/111_log" common
[root@localhost ~]# cat /usr/local/apache2.4/logs/111_log
127.0.0.1 - - [31/Jul/2017:21:59:02 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - - [31/Jul/2017:21:59:49 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - - [31/Jul/2017:22:01:24 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - - [31/Jul/2017:22:27:48 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
127.0.0.1 - - [31/Jul/2017:22:28:01 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
192.168.133.1 - - [31/Jul/2017:22:30:57 +0800] "GET / HTTP/1.1" 401 381
192.168.133.1 - - [31/Jul/2017:22:30:59 +0800] "GET /favicon.ico HTTP/1.1" 401 381
127.0.0.1 - aming [31/Jul/2017:22:37:26 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - aming [31/Jul/2017:22:37:37 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aming [31/Jul/2017:22:47:18 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aming [31/Jul/2017:22:47:30 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - - [31/Jul/2017:22:47:37 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 -
127.0.0.1 - aming [31/Jul/2017:22:47:45 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - aming [31/Jul/2017:22:47:48 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 10
127.0.0.1 - aming [31/Jul/2017:22:48:11 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - - [31/Jul/2017:22:49:13 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8
127.0.0.1 - - [31/Jul/2017:22:49:20 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 401 381
192.168.133.130 - - [01/Aug/2017:00:31:31 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
但是这个日志太简单,就进行配置日志格式
vim /usr/local/apache2.4/conf/httpd.conf
搜索 LogFormat 找到日志格式
默认使用的是common
- %h表示来源IP
- %l表示用户
- %u表示用户名密码
- %t表示时间
- %r\表示行为和网站
- %>s表示网站状态码
- %b表示页面大小
- %{Referer}i 表示访问页面的上一个页面
- %{User-Agent}i表示用户代理,是通过浏览器访问,还是curl访问
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
更改格式,需要更改虚拟主机配置文件
/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com 2111.com.cn
# <Directory /data/wwwroot/111.com>
# <FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
# </FilesMatch>
# </Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111_log" combined // common更改为combined
</VirtualHost>
然后测试几次页面,然后再查看日志文件
[root@localhost ~]# tail !$
tail /usr/local/apache2.4/logs/111.com-access_log
192.168.133.1 - - [01/Aug/2017:01:01:18 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:18 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:20 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:20 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:20 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:20 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:20 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:21 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:21 +0800] "GET /123.php HTTP/1.1" 200 10 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
192.168.133.1 - - [01/Aug/2017:01:01:21 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://111.com/123.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400"
扫一扫
441
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
