Linux學習之路--http-2基礎設置及訪問限制【15】---20180108
一、HTTP軟件
1、http服務器應用
http服務器程序
httpd apache
nginx
lighttpd應用程序服務器
IIS .asp
tomcat .jsp
jetty 開源的servlet容器,基於Java的web容器
Resin CAUCHO公司,支持servlets和jsp的引擎
webshpere(IBM), weblogic(BEA), jboss,oc4j(Oracle)市場占有率統計
www.netcraft.
2、httpd介紹
httpd(主程序名字)
20世紀90年代初,國家超級計算機應用中心NCSA開發
1995年開源社區發布apache(名字簡稱 a patchy server)ASF: Apache Software Foundation(特意成立的基金會)
FSF:Free Software Foundation(自由軟件基金會)特性:
高度模塊化:core + modules (模塊開發模式,內核加模塊)
DSO: Dynamic Shared Object 動態加/卸載
MPM:multi-processing module多路處理模塊
3、MPM工作模式
prefork:多進程I/O模型,每個進程響應一個請求,默認模型
一個主進程:生成和回收n個子進程,創建套接字,不響應請求
多個子進程:工作work進程,每個子進程處理一個請求;系統初始時,預先生成多個空閑進程,等待請求,最大不超過1024個worker:復用的多進程I/O模型,多進程多線程,IIS使用此模型
一個主進程:生成m個子進程,每個子進程負責生個n個線程,每個線程響應一個請求,並發響應請求:m*nevent:事件驅動模型(worker模型的變種)
一個主進程:生成m個子進程,每個進程直接響應n個請求,並發響應請求:m*n,有專門的線程來管理這些keep-alive類型的線程,當有真實請求時,將請求傳遞給服務線程,執行完畢後,又允許釋放。這樣增強了高並發場景下的請求處理能力
httpd-2.2: event 測試版,centos6默認
httpd-2.4:event 穩定版,centos7默認[root@Centos6-serverhtml]#ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 3808 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 10240 cpu time (seconds, -t) unlimited max user processes (-u) 3808 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
4、進程角色
監聽 --> 工作 --> 隊列空閑
5、httpd功能特性
虛擬主機(通常一個網站在一個服務器上,但如果網絡訪問量不大,可以在一個服務器上運行多個網站,就叫虛擬主機)
具體實現通過修改下列三項進行建設虛擬主機IP、Port、FQDN
CGI:Common Gateway Interface,通用網關接口
httpd處理不了的事物可以轉發給能處理的機器上去,就是通過通用網關接口完成的
反向代理
根據用戶的請求,把用戶調度到相應的服務器上
負載均衡
路徑別名
豐富的用戶認證機制
basic -->不加密認證
digest -->加密認證,但兼容性較差,有部分瀏覽器不支持支持第三方模塊
二、Httpd安裝
1、安裝方法
版本
CentOS 6: 2.2
CentOS 7: 2.4安裝方式:
rpm:centos發行版,穩定,建議使用
編譯:定制或特殊需求CentOS 6程序信息:
httpd-2.2
配置文件位置:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
檢查配置語法:
httpd –t
service httpd configtest
2、CentOS 6 httpd程序環境
服務腳本(啟動腳本):/etc/rc.d/init.d/httpd
腳本配置文件:/etc/sysconfig/httpd服務控制和啟動:
chkconfig httpd on|off
service {start|stop|restart|status|configtest|reload} httpd站點網頁文檔根目錄:
/var/www/html模塊文件路徑:
/etc/httpd/modules
/usr/lib64/httpd/modules主程序文件(MPM模式文件):
/usr/sbin/httpd(默認模式)
/usr/sbin/httpd.worker
/usr/sbin/httpd.event主進程文件:
/etc/httpd/run/httpd.pid日誌文件目錄:
/var/log/httpd
access_log: 訪問日誌
error_log:錯誤日誌幫助文檔包:
httpd-manual
[root@Centos6-serverhtml]#ll /etc/httpd/
total 8
drwxr-xr-x 2 root root 4096 Jan 23 22:56 conf
drwxr-xr-x 2 root root 4096 Jan 23 22:56 conf.d
lrwxrwxrwx 1 root root 19 Jan 23 22:56 logs -> ../../var/log/httpd
lrwxrwxrwx 1 root root 29 Jan 23 22:56 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx 1 root root 19 Jan 23 22:56 run -> ../../var/run/httpd
[root@Centos6-serverhtml]#httpd -t
httpd: apr_sockaddr_info_get() failed for Centos6-server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Syntax OK
[root@Centos6-serverhtml]#cat /etc/httpd/run/httpd.pid
26226
[root@Centos6-serverhtml]#pstree -p
init(1)─┬─。。。。。
├─httpd(26226)─┬─httpd(26245)
│ ├─httpd(26246)
│ ├─httpd(26247)
│ ├─httpd(26248)
│ ├─httpd(26249)
│ ├─httpd(26250)
│ ├─httpd(26251)
│ └─httpd(26252)
。。。。。
[root@Centos6-serverhtml]#ps aux | grep httpd
root 26226 0.0 0.3 177464 3856 ? Ss Jan23 0:02 /usr/sbin/httpd
apache 26245 0.0 0.3 177600 3112 ? S Jan23 0:00 /usr/sbin/httpd
apache 26246 0.0 0.3 177600 3100 ? S Jan23 0:00 /usr/sbin/httpd
apache 26247 0.0 0.3 177600 3112 ? S Jan23 0:00 /usr/sbin/httpd
apache 26248 0.0 0.3 177600 3080 ? S Jan23 0:00 /usr/sbin/httpd
apache 26249 0.0 0.3 177600 3160 ? S Jan23 0:00 /usr/sbin/httpd
apache 26250 0.0 0.3 177600 3076 ? S Jan23 0:00 /usr/sbin/httpd
apache 26251 0.0 0.3 177600 3076 ? S Jan23 0:00 /usr/sbin/httpd
apache 26252 0.0 0.3 177600 3076 ? S Jan23 0:00 /usr/sbin/httpd
root 40387 0.0 0.0 103332 844 pts/0 S+ 04:59 0:00 grep httpd
[root@Centos6-serverhtml]#yum install httpd-manual
[root@Centos6-serverhtml]#service httpd restart
#然後就可以登陸http://192.168.1.100/manual/ 查看幫助文檔三、Httpd 2.2常見配置
1、httpd配置文件的組成
# grep "Section" /etc/httpd/conf/httpd.conf
配置文件的主要內容分成三個部分
### Section 1: Global Environment --->全局環境
### Section 2: 'Main' server configuration --->主服務器設置
### Section 3: Virtual Hosts --->虛擬主機配置格式:directive value --->類似於鍵值對或者前面是關鍵字|變量|指令後面是一個值
directive: 不區分字符大小寫
value: 為路徑時,是否區分大小寫,取決於文件系統
[root@Centos6-serverhtml]#grep "Section" /etc/httpd/conf/httpd.conf ### Section 1: Global Environment ### Section 2: 'Main' server configuration ### Section 3: Virtual Hosts
2、顯示服務器版本信息
ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
ServerTokens Prod[uctOnly]: Server: Apache
ServerTokens Major: Server: Apache/2
ServerTokens Minor: Server: Apache/2.0
ServerTokens Min[imal]: Server: Apache/2.0.41
ServerTokens OS: Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2
This setting applies to the entire server and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.
#此設置適用於整個服務器,並且不能基於虛擬主機虛擬主機啟用或禁用該設置
After version 2.0.44, this directive also controls the information presented by the ServerSignature directive.
#在版本2.0.44之後,該指令還控制由ServerSignature指令提供的信息。
建議使用:ServerTokens Prod
[root@Centos6-serverhtml]#vim /etc/httpd/conf/httpd.conf ServerTokens Prod [root@Centos6-serverhtml]#curl -I HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 21:32:02 GMT Server: Apache
3、修改監聽的IP和Port
Listen [IP:]PORT
(1) 省略IP表示為本機所有IP
(2) Listen指令至少一個,可重復出現多次
Listen 80
Listen 8080示例:
Listen 192.168.1.100:8080 ---> 8080這個端口,只能用這個ip段訪問
Lsten 80
[root@Centos6-serverhtml]#vim /etc/httpd/conf/httpd.conf Listen 172.18.1.100:80 [root@Centos6-serverhtml]#curl -I curl: (7) couldn't connect to host [root@Centos6-serverhtml]#curl -I http://172.18.1.100/test.html HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 21:38:22 GMT Server: Apache Last-Modified: Tue, 23 Jan 2018 14:58:06 GMT ETag: "121db5-a9-56372c63490d1" Accept-Ranges: bytes Content-Length: 169 Connection: close Content-Type: text/html; charset=UTF-8
4、持久連接
Persistent Connection:連接建立,每個資源獲取完成後不會斷開連接,而是繼續等待其它的請求完成,默認關閉持久連接
斷開條件:數量限制:100
時間限制:以秒為單位, httpd-2.4 支持毫秒級副作用:對並發訪問量較大的服務器,持久連接功能會使用有些請求得不到響應
折衷:使用較短的持久連接時間
設置:
KeepAlive On|Off
KeepAliveTimeout 15
MaxKeepAliveRequests 100測試:
telnet WEB_SERVER_IP PORT
GET /URL HTTP/1.1
Host: WEB_SERVER_IP
[root@centos7mini~]#telnet 192.168.1.100 80 --->默認是不支持持久連接的 Trying 192.168.1.100... Connected to 192.168.1.100. Escape character is '^]'. GET /test.html HTTP/1.1 HOST: 192.168.1.101 HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 21:53:31 GMT Server: Apache 。。。 </body> </html> Connection closed by foreign host. [root@Centos6-serverhtml]#vim /etc/httpd/conf/httpd.conf KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 150 [root@centos7mini~]#telnet 192.168.1.100 80 Trying 192.168.1.100... Connected to 192.168.1.100. Escape character is '^]'. GET /test.html HTTP/1.1 HOST:192.168.1.101 HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 21:56:19 GMT 。。。 </body> </html> GET /test.txt HTTP/1.1 HOST:192.168.1.101 HTTP/1.1 200 OK Date: Tue, 23 Jan 2018 21:56:52 GMT 。。。 </body> </html> q
5、MPM( Multi-Processing Module)多路處理模塊
prefork, worker, event(試驗階段)
httpd-2.2不支持同時編譯多個模塊,所以只能編譯時選定一個
rpm安裝的包提供三個二進制程序文件,分別用於實現對不同MPM機制的支持
確認方法:
ps aux | grep httpd
默認為/usr/sbin/httpd, 即prefork模式查看模塊列表
查看靜態編譯的模塊
httpd -l查看靜態編譯及動態裝載的模塊
httpd –M動態模塊加載:不需重啟即生效
動態模塊路徑
/usr/lib64/httpd/modules/更換使用的httpd程序:
/etc/sysconfig/httpd
HTTPD=/usr/sbin/httpd.worker
重啟服務生效
pstree -p|grep httpd 查看進程和線程Httpd 2.4 與之不同
以動態模塊方式提供
配置文件:/etc/httpd/conf.modules.d/00-mpm.conf
httpd –M |grep mpm
重啟服務生效
pstree -p|grep httpd 查看進程和線程prefork的默認配置:
<IfModule prefork.c>
StartServers 8 --->默認啟動服務的子進程數量
MinSpareServers 5 --->最小的空閑線程
MaxSpareServers 20 --->最大的空閑線程
ServerLimit 256 --->最多進程數,最大20000
MaxClients 256 --->最大並發
MaxRequestsPerChild 4000 --->服務器進程提供的最大請求數
</IfModule>#4000是子進程最多能處理的請求數量。在處理MaxRequestsPerChild 個請求之後,子進程將會被父進程終止,這時候子進程占用的內存就會釋放(為0時永遠不釋放)
worker的默認配置:
<IfModule worker.c>
StartServers 4 --->默認啟動服務的子進程數量
MaxClients 300 --->最大訪問客戶數量(最多支持300個客戶端並發訪問)
MinSpareThreads 25 --->最小的空閑線程
MaxSpareThreads 75 --->最大的空閑線程
ThreadsPerChild 25 --->每個子進程帶的線程數量
MaxRequestsPerChild 0 無限制 --->服務器進程提供的最大請求數
</IfModule>
[root@Centos6-serverhtml]#httpd -M --->查看動態模塊,可加載的模塊
httpd: apr_sockaddr_info_get() failed for Centos6-server
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
Loaded Modules:
core_module (static)
mpm_prefork_module (static) --->默認的就是Prefork模塊
。。。。。
[root@Centos6-serverhtml]#httpd -l --->查看靜態模塊,編譯進去的靜態模塊
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
[root@Centos6-serverhtml]#vim /etc/sysconfig/httpd
HTTPD=/usr/sbin/httpd.worker
[root@Centos6-serverhtml]#service httpd restart
[root@Centos6-serverhtml]#ps aux
root 41486 0.0 0.4 177736 4068 ? Ss 06:10 0:00 /usr/sbin/httpd.worker
apache 41488 0.0 0.5 521996 5348 ? Sl 06:10 0:00 /usr/sbin/httpd.worker
apache 41489 0.0 0.5 587532 5368 ? Sl 06:10 0:00 /usr/sbin/httpd.worker
apache 41490 0.0 0.5 521996 5368 ? Sl 06:10 0:00 /usr/sbin/httpd.worker
apache 41491 0.0 0.5 521996 5352 ? Sl 06:10 0:00 /usr/sbin/httpd.worker
。。。。
[root@Centos6-serverhtml]#pstree -p
init(1)─┬─NetworkManager(1649)─┬─dhclient(1690)
├─httpd.worker(41679)─┬─httpd.worker(41681)─┬─{httpd.worker}(41765)
。。。。。。
│ │ └─{httpd.worker}(41790)
│ ├─httpd.worker(41682)─┬─{httpd.worker}(41713)
│ │ ├─{httpd.worker}(41714)
。。。。。。
│ │ └─{httpd.worker}(41738)
│ ├─httpd.worker(41683)─┬─{httpd.worker}(41689)
。。。。。。
│ │ └─{httpd.worker}(41792)
│ └─httpd.worker(41684)─┬─{httpd.worker}(41739)
。。。。。。
│ └─{httpd.worker}(41764)
壓力測試r軟件包
[root@Centos6-serverhtml]#yum install httpd-tools
[root@Centos6-serverhtml]#rpm -ql httpd-tools
/usr/bin/ab
/usr/bin/htdbm
/usr/bin/htdigest
/usr/bin/htpasswd
/usr/bin/logresolve
[root@Centos6-serverhtml]#ulimit -n 10240
[root@Centos6-serverhtml]#ulimit -a
。。。。。
open files (-n) 10240
[root@Centos6-serverhtml]#ab -c 2000 -n 10000 --->壓力測試
\This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.100 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Completed 10000 requests
Finished 10000 requests
Server Software: Apache
Server Hostname: 192.168.1.100
Server Port: 80
Document Path: /test.txt
Document Length: 169 bytes
Concurrency Level: 2000
Time taken for tests: 5.609 seconds
Complete requests: 10000
Failed requests: 0
Write errors: 0
Total transferred: 4288374 bytes
HTML transferred: 1713322 bytes
Requests per second: 1782.80 [#/sec] (mean)
Time per request: 1121.832 [ms] (mean)
Time per request: 0.561 [ms] (mean, across all concurrent requests)
Transfer rate: 746.61 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 153 441.0 22 3082
Processing: 0 414 974.1 58 4209
Waiting: 0 401 977.3 45 4207
Total: 44 567 1300.4 84 5569
Percentage of the requests served within a certain time (ms)
50% 84
66% 114
75% 140
80% 165
90% 2418
95% 4411
98% 5054
99% 5377
100% 5569 (longest request)6、DSO: Dynamic Shared Object
動態共享對象
加載動態模塊配置
/etc/httpd/conf/httpd.conf
配置指定實現模塊加載格式:
LoadModule <mod_name> <mod_path>
模塊文件路徑可使用相對路徑:
相對於ServerRoot(默認/etc/httpd)示例:
LoadModule auth_basic_module modules/mod_auth_basic.so
[root@Centos6-serverhtml]#vim /etc/httpd/conf/httpd.conf #LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_digest_module modules/mod_auth_digest.so 。。。。。 #想不加載的模塊就在前面加#註釋掉即可
7、定義'Main' server的文檔頁面路徑(主目錄)
DocumentRoot “/path”
文檔路徑映射:
DocumentRoot指向的路徑為URL路徑的起始位置示例:
DocumentRoot "/app/data“
http://HOST:PORT/test/index.html --> /app/data/test/index.html註意:SELinux和iptables的狀態
[root@Centos6-serverhtml]#mkdir /app/website [root@Centos6-serverhtml]#vim /etc/httpd/conf/httpd.conf DocumentRoot "/app/website" [root@Centos6-serverhtml]#service httpd restart [root@Centos6-serverhtml]#curl /app/website
8、定義站點主頁面
DirectoryIndex index.html index.html.var
服務默認找文檔頁面路徑下這兩個格式的文件
[[email protected]]#mv welcome.conf welcome.conf.bak 這樣默認找不到主頁面,也不回去找默認的apache信息頁面,就會報403錯誤頁面 [[email protected]]#vim /etc/httpd/conf/httpd.conf DirectoryIndex index.html index.html.var
9、站點訪問控制常見機制
可基於兩種機制指明對哪些資源進行何種訪問控制,訪問控制機制有兩種:
客戶端來源地址
用戶賬號
文件系統路徑:
<Directory “/path"> --->針對特定的目錄
... --->需要是這裏制定的ip或者用戶才能訪問
</Directory>
<File “/path/file”> --->或者針對文件控制
...
</File>
<FileMatch "PATTERN"> --->正則表達式控制
...
</FileMatch>URL路徑:
<Location ""> --->特定的URL路徑,進行控制
...
</Location>
<LocationMatch "">
...
</LocationMatch>示例:
<FilesMatch "\.(gif|jpe?g|png)$"> --->後綴為gif、jpeg、jpg、png的文件為匹配條件
<Files “?at.*”> 通配符
<Location /status>
<LocationMatch "/(extra|special)/data">
10、<Directory>中“基於源地址”實現訪問控制
(1) Options:後跟1個或多個以空白字符分隔的選項列表
在選項前的+,- 表示增加或刪除指定選項常見選項:
Indexes:指明的URL路徑下不存在與定義的主頁面資源相符的資源文件時,返回索引列表給用戶
FollowSymLinks:允許訪問符號鏈接文件所指向的源文件
None:全部禁用
All: 全部允許示例:
<Directory /web/docs>
Options Indexes FollowSymLinks --->在這個目錄下支持索引列表
</Directory>
<Directory /web/docs/spec>
Options FollowSymLinks
</Directory>
<Directory /web/docs>
Options Indexes FollowSymLinks
</Directory>
<Directory /web/docs/spec>
Options +Includes -Indexes
</Directory>
(2) AllowOverride
與訪問控制相關的哪些指令可以放在指定目錄下的.htaccess(由AccessFileName指定)文件中,覆蓋之前的配置指令
只對<directory>語句有效
AllowOverride All: 所有指令都有效
AllowOverride None:.htaccess 文件無效
AllowOverride AuthConfig Indexes 除了AuthConfig 和Indexes的其它指令都無法覆蓋(3) order和allow、deny
放在directory, .htaccess中
order:定義生效次序;寫在後面的表示默認法則
Order allow,deny
Order deny,allow
Allow from和Deny from:定義客戶端地址
客戶端地址:
IP --->IP地址
網絡: 172.16 --->網段模式
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0如果拒絕和允許沖突,以最後面的條件優先級高。
| 判斷條件 | allow、deny | deny、allow |
| allow only | allow | allow |
| deny only | deny | deny |
| allow deny | deny | allow |
| none | deny | allow |
註意:設置條件多的,放在後面
示例:
<files "*.txt">
order deny,allow
deny from 172.16. 100.100
allow from 172.16
</files>
<files "*.txt">
order allow,deny
deny from 172.16.100.100
allow from 172.16
</files>
#實驗 基於源地址目錄訪問控制
[root@Centos6-serverwebsite]#ls
index.html.bak
[root@Centos6-serverwebsite]#mv index.html.bak index.html
[root@Centos6-serverwebsite]#mkdir optionsdir
[root@Centos6-serverwebsite]#echo /app/website/optionsdir > /app/website/optionsdir/index.html
[root@Centos6-serverwebsite]#curl /app/website/optionsdir
[root@Centos6-serveroptionsdir]#pwd
/app/website/optionsdir
[root@Centos6-serveroptionsdir]#ln -s /etc/fstab fstab
[root@Centos6-serveroptionsdir]#curl 。。。。。
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
。。。。。
DirectoryIndex index.html index.html.var
<directory /app/website/optionsdir>
options -FollowSymLinks
</directory>
[root@Centos6-serveroptionsdir]#curl
<title>403 Forbidden</title>
。。。。。
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
DirectoryIndex index.html index.html.var
<directory /app/website/optionsdir>
options Indexes -FollowSymLinks --->支持索引模式(不安全),但不支持軟連接
</directory>
<directory /app/website/optionsdir>
options all
</directory>
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
ServerName www.lanyangyang.com:80 --->把名字啟用,重啟服務不會報亂碼
#實驗 基於.htaccess 文件控制
#需要先修改主配置文件,相當於授權
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
<directory /app/website/optionsdir>
AllowOverride All
</directory>
[root@Centos6-serveroptionsdir]#touch .htaccess
[root@Centos6-serveroptionsdir]#vim .htaccess
options -Followsymlinks Indexes#實驗 基於客戶端的控制
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
<Directory /app/website/optionsdir>
order deny,allow
deny from 192.168.1.101
</Directory>
[root@centos7mini~]#curl http://192.168.1.100/optionsdir/ --->101的ip無法訪問,403
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
[root@centos6-mini~]#curl -I http://192.168.1.100/optionsdir/ --->其他的ip可以訪問
HTTP/1.1 200 OK
#如果拒絕和允許沖突,以最後面的條件優先級高
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
<Directory /app/website/optionsdir>
order deny,allow
deny from 192.168.1.101
allow from 192.168.1.101
</Directory>
[root@centos7mini~]#curl http://192.168.1.100/optionsdir/ -I
HTTP/1.1 200 OK#基於文件名後綴控制
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
<Files ~ "\.conf$">
order allow,deny --->拒絕查看所有以.conf結尾的文件
deny from all
</Files>
[root@centos7mini~]#curl <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
。。。。
<Files ~ "\.conf$"> --->拒絕查看所有以.conf結尾的文件
order allow,deny
allow from 192.168.1.101 --->之允許這個ip訪問
</Files>
11、日誌設定
日誌類型:
訪問日誌
錯誤日誌錯誤日誌:
ErrorLog logs/error_log
LogLevel warn
LogLevel 可選值:
debug, info, notice, warn,error
crit, alert, emerg訪問日誌:
定義日誌格式:LogFormat format strings
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
使用日誌格式:
CustomLog logs/access_log combined
參考幫助:http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
? %h 客戶端IP地址
? %l 遠程用戶,啟用mod_ident才有效,通常為減號“-”%u 驗證(basic,digest)遠程用戶,非登錄訪問時,為一個減號“-”
%t 服務器收到請求時的時間
%r First line of request,即表示請求報文的首行;記錄了此次請求的“方法”,“URL”以及協議版本
%>s 響應狀態碼
%b 響應報文的大小,單位是字節;不包括響應報文http首部
%{Referer}i 請求報文中首部“referer”的值;即從哪個頁面中的超鏈接跳轉至當前頁面的
%{User-Agent}i 請求報文中首部“User-Agent”的值;即發出請求的應用程序
[root@centos7mini~]#curl -v * About to connect() to 192.168.1.100 port 80 (#0)
* Trying 192.168.1.100...
* Connected to 192.168.1.100 (192.168.1.100) port 80 (#0)
> GET /optionsdir/a.conf HTTP/1.1
> User-Agent: curl/7.29.0 ---> %{User-Agent}i
> Host: 192.168.1.100
> Accept: */*
>
< HTTP/1.1 200 OK ---> %>s 響應狀態碼
< Date: Wed, 24 Jan 2018 05:43:54 GMT
< Server: Apache
< Last-Modified: Wed, 24 Jan 2018 05:14:48 GMT
< ETag: "100006-1f-5637ebe0b0886"
< Accept-Ranges: bytes
< Content-Length: 31
< Connection: close
< Content-Type: text/plain; charset=UTF-8
<
/app/website/optionsdir/a.conf
* Closing connection 0
[root@Centos6-serveroptionsdir]#cat /var/log/httpd/access_log
192.168.1.101 - - [24/Jan/2018:13:43:54 +0800] "GET /optionsdir/a.conf HTTP/1.1" 200 31 "-" "curl/7.29.0"
#實驗,設置日誌抓取host信息
[root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf
LogFormat "%{Host}i" testlog --->設置日誌的信息格式
CustomLog logs/access_log testlog --->啟用日誌格式命令
[root@centos7mini~]#telnet 192.168.1.100 80
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
GET / http/1.1
HOST: 6.6.6.6
[root@Centos6-serveroptionsdir]#tail -f /var/log/httpd/access_log
6.6.6.612、設定默認字符集
AddDefaultCharset UTF-8
中文字符集:GBK, GB2312, GB18030
[root@centos7mini~]#curl -I HTTP/1.1 200 OK Date: Sun, 28 Jan 2018 07:13:30 GMT Content-Type: text/html; charset=gb2312 [root@Centos6-serveroptionsdir]#vim /etc/httpd/conf/httpd.conf AddDefaultCharset UTF-8
13、定義路徑別名
格式:
Alias /URL/ "/PATH/"
DocumentRoot "/www/htdocs"
http://www.magedu.com/download/bash.rpm ==> /www/htdocs/download/bash.rpmhttp://www.magedu.com/images/logo.png ==> /www/htdocs/images/logo.png
Alias /download/ "/rpms/pub/"
http://www.magedu.com/download/bash.rpm ==> /rpms/pub/bash.rpm
#實驗: 別名設置 [root@Centos6-serverwebsite]#pwd /app/website [root@Centos6-serverwebsite]#mkdir forum [root@Centos6-serverwebsite]#ls forum index.html optionsdir [root@Centos6-serverwebsite]#echo /app/website/forum/index.html > /app/website/forum/index.html [root@centos7mini~]#curl /app/website/forum/index.html [root@Centos6-serverwebsite]#mkdir /data/bss [root@Centos6-serverwebsite]#echo /data/bbs/index.html > /data/bbs/index.html [root@Centos6-serverwebsite]#vim /etc/httpd/conf/httpd.conf alias /forum /data/bbs/ [root@centos7mini~]#curl /data/bbs/index.html #實驗: 模糊匹配 [root@Centos6-serverwebsite]#mkdir /data/images [root@Centos6-serverwebsite]#cp /usr/share/wallpapers/The_Rings_of_Saturn/contents/images/1920x1200.jpg /data/images/pica.jpg [root@Centos6-serverwebsite]#vim /etc/httpd/conf/httpd.conf aliasmatch ^/imgs/(.*)?$ "/data/images/pic$1" [root@centos7mini~]#curl -I HTTP/1.1 200 OK [root@Centos6-serverwebsite]#vim /etc/httpd/conf/httpd.conf aliasmatch ^(.*\.(jpe?g|gif|png))$ "/data/images/$1" [root@centos7mini~]#curl -I HTTP/1.1 200 OK
Linux學習之路--http-2基礎設置及訪問限制【15】---20180108