11.18 Apache用戶認證 - 11.19/11.20 域名跳轉 - 11.21 Apache訪問日誌
阿新 • • 發佈:2017-10-10
11.18 apache用戶認證 - 11.19/11.20 域名跳轉 - 11.21 apache訪問日誌
- 11.18 Apache用戶認證
- 11.19/11.20 域名跳轉
- 11.21 Apache訪問日誌
- 擴展
- apache虛擬主機開啟php的短標簽 http://ask.apelearn.com/question/5370
# 11.18 apache用戶認證
### httpd的用戶認證
- vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把123.com那個虛擬主機編輯成如下內容
```
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<Directory /data/wwwroot/www.123.com> //指定認證的目錄
AllowOverride AuthConfig //這個相當於打開認證的開關
AuthName "123.com user auth" //自定義認證的名字,作用不大
AuthType Basic //認證的類型,一般為Basic,其他類型阿銘沒用過
AuthUserFile /data/.htpasswd //指定密碼文件所在位置
require valid-user //指定需要認證的用戶為全部可用用戶
</Directory>
</VirtualHost>
/usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd aming
```
- 先開打虛擬主機配置文件
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option ‘-S‘ to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.123.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
37,5 93%
```
- 把文件內容改為
```
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.123.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
:wq
```
- /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
- -c 是creaate 創建用戶 -m 是使用MD5方式 加密 /data/.htpasswd 指定密碼文件目錄 aming 是創建的新用戶
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
New password:
Re-type new password:
Adding password for user aming
[[email protected] ~]#
[[email protected] ~]# cat /data/.htpasswd
aming:$apr1$EXwYfiem$WmlVecIGEuLU781VJMO6y/
[[email protected] ~]# ls /data/.htpasswd
/data/.htpasswd
[[email protected] ~]#
```
- 再增加一個用戶zhangsan
```
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[[email protected] ~]#
[[email protected] ~]# cat /data/.htpasswd
aming:$apr1$hRjEjYks$LpCPxZ/PUOvox0ZE5Qea9.
zhangsan:$apr1$cwKQ8Lwu$P.iw/DySVIn2sBrAF3AUb0
[[email protected] ~]#
```
- 重新加載配置-t , graceful 綁定hosts,瀏覽器測試
- curl -x127.0.0.1:80 www.123.com //狀態碼為401
- curl -x127.0.0.1:80 -uaming:passwd www.123.com //狀態碼為200
```
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]#
[[email protected] ~]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn‘t understand how to supply
the credentials required.</p>
</body></html>
[[email protected] ~]#
[[email protected] ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Sun, 08 Oct 2017 14:59:22 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]#
```
- 401 這個狀態碼 ,是說明你訪問的內容需要做用戶驗證
- 同樣也可以在瀏覽器裏面看下,前提你要在windows hosts文件裏定義111.com
- 
```
[[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com -I
HTTP/1.1 200 OK
Date: Sun, 08 Oct 2017 15:50:41 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com
111.com[[email protected] ~]#
```
- 故意輸錯密碼,又是這樣
```
111.com[[email protected] ~]# curl -x127.0.0.1:80 -uaming:12345 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn‘t understand how to supply
the credentials required.</p>
</body></html>
[[email protected] ~]#
```
- 關於用戶認證還有另一種需求,不想針對所有的目錄,一個網站總有一個敏感信息,比如一些後臺訪問的數據,做一個認證,針對某一個文件,做一個認證
- 打開配置文件
```
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
# <Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
<FilesMatch>
# </Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
:wq
```
- 把diretory 註釋掉,換上<FilesMatch 123.php>
```
[[email protected] ~]# !vi
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# vim /data/wwwroot/111.com/123.php
<?
echo "123.php";
~
~
[[email protected] ~]# vim /data/wwwroot/111.com/123.php
[[email protected] ~]# !curl
curl -x127.0.0.1:80 -uaming:12345 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 200 OK
Date: Sun, 08 Oct 2017 16:20:06 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]#
```
- 當使用123.php的時候
```
[[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com/123.php -I
HTTP/1.1 200 OK
Date: Sun, 08 Oct 2017 16:21:36 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]#
[[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com/123.php
123.php[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]#
```
# 11.19 域名跳轉 上
- 需求,把123.com域名跳轉到www.123.com,配置如下:
```
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c> //需要mod_rewrite模塊支持
RewriteEngine on //打開rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定義rewrite的條件,主機名(域名)不是www.123.com滿足條件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定義rewrite規則,當滿足上面的條件時,這條規則才會執行
</IfModule>
</VirtualHost>
```
- /usr/local/apache2/bin/apachectl -M|grep -i rewrite //若無該模塊,需要編輯配置文件httpd.conf,刪除rewrite_module (shared) 前面的#
curl -x127.0.0.1:80 -I 123.com //狀態碼為301
- 首先打開虛擬主機配置文件,把之前的配置的參數註釋掉,暫時不用它了
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# You may use the command line option ‘-S‘ to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com www.123.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
#</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
46,1 95%
```
- 打開註釋掉之前配置的,
```
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
# <FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
#</FilesMatch>
#</Directory>
<IfModule mod_rewrite.c> //需要mod_rewrite模塊支持
RewriteEngine on //打開rewrite功能 on表示打開
RewriteCond %{HTTP_HOST} !^111.com$ //定義rewrite的條件,主機名(域名)
不是111.com滿足條件 !表示取反的意思,不是111.com
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定義rewrite規則,當滿>足上面的條件時,這條規則才會執行
</IfModule>
```
- 寫好後,退出保存
```
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com 2111.com.cn
#<Directory /data/wwwroot/111.com>
# <FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
#</FilesMatch>
#</Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$ RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
:wq
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[1]+ 已停止 vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# ls /data/wwwroot/111.com/
123.php index.php
[[email protected] ~]# fg
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]#
```
# 11.20 域名跳轉 下
- 改好配置文件需要重新 檢測 加載一下
```
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl start
httpd (pid 2297) already running
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]#
```
- 需要先檢測一下apache 有沒有加載rewrite模塊
```
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
```
- 因為我們在編譯的時候指定了most ,所有這個模塊一定存在的,如果沒有,那就需要打開配置文件,搜下rewrite
```
[[email protected] ~]# vi /usr/local/apache2.4/conf/httpd.conf
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule php5_module modules/libphp5.so
LoadModule php7_module modules/libphp7.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
```
- 把#LoadModule rewrite_module modules/mod_rewrite.so 這一行#去掉,讓這個模塊可以加載出來
```
LoadModule rewrite_module modules/mod_rewrite.so
#LoadModule php5_module modules/libphp5.so
LoadModule php7_module modules/libphp7.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
:wq
[[email protected] ~]# vi /usr/local/apache2.4/conf/httpd.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[[email protected] ~]#
```
- 模塊現在加載出來了
- cat下虛擬主機配置文件內容
```
[[email protected] ~]# cat /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com 2111.com.cn
#<Directory /data/wwwroot/111.com>
# <FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
#</FilesMatch>
#</Directory>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
[[email protected] ~]#
```
- 再來看下
```
[[email protected] ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 839/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1605/master
tcp6 0 0 :::3306 :::* LISTEN 1257/mysqld
tcp6 0 0 :::80 :::* LISTEN 2297/httpd
tcp6 0 0 :::22 :::* LISTEN 839/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1605/master
[[email protected] ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.202.131 netmask 255.255.255.0 broadcast 192.168.202.255
inet6 fe80::ecdd:28b7:612b:cb7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:2e:28:f2 txqueuelen 1000 (Ethernet)
RX packets 2376 bytes 228809 (223.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1777 bytes 244117 (238.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 72 bytes 6260 (6.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 72 bytes 6260 (6.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[[email protected] ~]# curl -x192.168.202.131:80 111.com
111.com[[email protected] ~]#
[[email protected] ~]# curl -x192.168.202.131:80 2111.com.cn -I
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:30:02 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]# curl -x192.168.202.131:80 2111.com.cn
abc.com[[email protected] ~]#
[[email protected] ~]# curl -x192.168.202.131:80 111.com/123.php -I
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:32:46 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
```
- 如果把配置文件裏面的 granted 改為denied 就會變成403
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
# Deny access to the entirety of your server‘s filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
#Require all granted
Require all denied
</Directory>
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.202.131:80 http://111.com/123.php -I
HTTP/1.1 403 Forbidden
Date: Mon, 09 Oct 2017 12:37:18 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]#
```
- 再進入配置文件 把它改回granted
```
<Directory />
AllowOverride none
Require all granted
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something‘s not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
:wq
```
- 現在再來訪問就好了
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.202.131:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:41:18 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]#
```
- 這個就是域名跳轉,也叫做域名重定向
-
# 11.21 apache的訪問日誌
-訪問日誌記錄用戶的每一個請求
vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
- 先查看下虛擬主機配置文件內容
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# ls /usr/local/apache2.4/logs/
111.com-access_log abc.com-access_log access_log httpd.pid
111.com-error_log abc.com-error_log error_log
[[email protected] ~]# ls /usr/local/apache2.4/logs/111.com-access_log
/usr/local/apache2.4/logs/111.com-access_log
[[email protected] ~]# cat !$
127.0.0.1 - - [08/Oct/2017:23:31:59 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
127.0.0.1 - - [08/Oct/2017:23:32:05 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 401 -
127.0.0.1 - aming [08/Oct/2017:23:50:41 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aming [08/Oct/2017:23:51:08 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - aming [08/Oct/2017:23:55:20 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
127.0.0.1 - aming [09/Oct/2017:00:19:28 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [09/Oct/2017:00:19:55 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [09/Oct/2017:00:20:06 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aming [09/Oct/2017:00:21:36 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - aming [09/Oct/2017:00:22:38 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
127.0.0.1 - aming [09/Oct/2017:00:26:45 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7
192.168.202.131 - - [09/Oct/2017:20:29:12 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.202.131 - - [09/Oct/2017:20:32:46 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
192.168.202.131 - - [09/Oct/2017:20:37:18 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 -
192.168.202.131 - - [09/Oct/2017:20:41:18 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
[[email protected] ~]#
```
- HEAD是curl 弄出來的
- 192.168.202.131 來源的ip
- [09/Oct/2017:20:32:46 +0800]時間
- "HEAD 行為
- HTTP://111.com/123.php 訪問的域名
- HTTP/1.1 它的http的版本1.1
- 200 狀態碼 200
- 7 是它的大小
-
- 關於日誌,是可給它定義格式的,在那裏定義呢? 打開主配置文件vim /usr/local/apache2.4/conf/httpd.conf 搜log,找到LogFormat
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
```
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
- h 你的來源ip l 用戶 u 用戶名密碼 t 時間 r ruquest 行為,網址,s 狀態碼 ,b 就是它的大小
- 另外一種格式,除了這些東西之外,還有Referer 、 User-Agent (用戶代理,通過瀏覽器,通過curl訪問,最終通過網站的內容,是通過瀏覽器,或者crul 代理的,這個瀏覽器就是 用戶代理,)
- Referer ,比如訪問一個網站,進入到首頁,又點了一個首頁筆記,這個時候服務器上記錄這條日誌,它還會記錄一條信息Referer ,referer 就是這個一個網址跳過來,你訪問這個頁面的日誌,它記錄的rerferer 就是它
- 怎麽去配置它的日誌
- 把虛擬主機配置文件改成如下:
```
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
CustomLog "logs/123.com-access_log" combined
</VirtualHost>
重新加載配置文件 -t,graceful
curl -x127.0.0.1:80 -I 123.com
tail /usr/local/apache2.4/logs/123.com-access_log
```
- 首先進入虛擬主機配置文件下面
```
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
"/usr/local/apache2.4/conf/extra/httpd-vhosts.conf" 53L, 1705C 51,1 底端
```
- 定義一個新的格式 common 改成 combined
```
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" combined
</VirtualHost>
:wq
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.202.131:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 14:01:53 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]#
[[email protected] ~]# curl -x192.168.202.131:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 14:02:25 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[[email protected] ~]#
```
- 再用瀏覽器訪問下
- 再看看它的日誌
```
[[email protected] ~]# cat /usr/local/apache2.4/logs/111.com-access_log
192.168.202.131 - - [09/Oct/2017:22:01:53 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.202.131 - - [09/Oct/2017:22:02:25 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
[[email protected] ~]#
```
- curl 訪問的有 這個crul/7.29.0 但是沒有rerferer 並沒有記錄Rerferer ,因為僅僅是記錄crul的,不存在Rerferer一說,瀏覽器訪問的,同樣也沒有Rerferer ,刷新試試還是沒有,只是刷新還是不行,要做一個Rerferer ,需要點一次跳轉,
- 192.168.133.1 – – [01/Aug/2017:01:01:21 +0800] “GET /favicon.ico HTTP/1.1” 404 209 “http://111.com/123.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400”
- 需要類似於這樣的日誌,才是瀏覽器訪問的日誌,裏面有Rerferer
- 這個就是叫做Rerferer http://111.com/123.php” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226
Chrome/53.0.2785.104 Safari/537.36 Core/1.53.3226.400 QQBrowser/9.6.11681.400”
## 擴展
- apache虛擬主機開啟php的短標簽 http://ask.apelearn.com/question/5370
- 針對apache的虛擬主機開啟php短標簽
- 在對應的 虛擬主機 配置文件中加入
......
......
......
php_admin_flag short_open_tag on11.18 Apache用戶認證 - 11.19/11.20 域名跳轉 - 11.21 Apache訪問日誌