Apache用戶認證、域名跳轉、Apache訪問日誌介紹
這個功能就是在用戶訪問網站的時候,需要輸入用戶密碼才能順利訪問。一些比較重要的站點或者網站後臺通常會加上用戶認證,目的是保證安全。
1.虛擬主機的配置文件:
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 編輯配置文件
更改111.com的虛擬主機認證內容如下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com> //指定認證的目錄
AllowOverride AuthConfig //這個相當於打開認證的開關
AuthName "111.com user auth" //自定義認證的名字,作用不大
AuthType Basic //認證的類型,一般為Basic,其他類型阿銘沒用過
AuthUserFile /data/.htpasswd //指定密碼文件所在位置
require valid-user //指定需要認證的用戶為全部可用用戶
</Directory>
</VirtualHost>
最終保存文件,示例如下:
2.Apache自帶命令htpasswd創建密碼文件
[root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xie //創建用戶密碼文件
New password: //新建密碼
Re-type new password: //新建密碼
Adding password for user xie
[root@gary-tao local]# ls /data/.htpasswd //查看密碼文件
/data/.htpasswd
[root@gary-tao local]# cat /data/.htpasswd //查看生成用戶密碼
xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0
[root@gary-tao local]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd aming //再增加一個用戶
New password:
Re-type new password:
Adding password for user aming
[root@gary-tao local]# cat /data/.htpasswd
xie:$apr1$h/QEC7nC$hNNV080nvhSI2jWCQLt7M0
aming:$apr1$At/pBlDA$4IYzNISYUew9ELrea5dP7.
說明:
-c:是創建;
-m:是指定md5加密類型;
指定用戶為xie(PS:如果再次新增用戶,就不需要再加-c ,因為已經創建過密碼文件了);
3.測試語法和加載配置文件
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.測試配置是否成功
訪問111.com,出現401狀態碼,說明訪問的這個域名需要用戶認證。
[root@gary-tao local]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
在本地windows系統裏做hosts解析111.com,路徑:C:\Windows\System32\drivers\etc,格式:172.16.111.100 111.com。
定義完本地hosts後,用瀏覽器訪問111.com網站時就會出現用戶認證,用戶密碼就是剛才增加的用戶和設置的密碼
5.使用curl -x輸入用戶名密碼訪問
用法
[root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 10:51:28 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
說明:狀態碼變成200了,就是正常的,-u的作用是指定用戶和密碼。
6.還可以針對單個文件進行認證(針對文件)
示例內容:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<FilesMatch admin.php> //跟上面的不同的是這行,上面是指定認證的目錄,這裏是指定單個文件。
AllowOverride AuthConfig
AuthName "123.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch> //這行也不同
</VirtualHost>
在配置文件修改成以下:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
#</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
更改完成後測試語法及重新加載配置文件:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
在111.com目錄下編輯創建測試文件123.PHP。
[root@gary-tao local]# vim /data/wwwroot/111.com/123.php
用curl -x訪問:
[root@gary-tao local]# curl -x127.0.0.1:80 111.com -I //不用-u加用戶和密碼了,也可以訪問,出現200狀態碼
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 11:04:06 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@gary-tao local]# curl -x127.0.0.1:80 111.com/123.php -I //但是訪問文件123.php時就出現401了,說明需要用戶認證了
HTTP/1.1 401 Unauthorized
Date: Wed, 20 Dec 2017 11:04:17 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php -I //只有用-u加用戶和密碼才能正常訪問123.php。
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 11:04:38 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@gary-tao local]# curl -x127.0.0.1:80 -uxie:xie 111.com/123.php //進入到文件裏。
123.php[root@gary-tao local]#
[root@gary-tao local]#
域名跳轉
域名跳轉的作用有兩點:
1.如果某個域名不再使用了,但是搜索引擎還留著之前的老域名的鏈接,這意味著用戶可能會搜到我們的網站並且點擊老的域名,固需要把老域名做個跳轉跳到新域名,這樣用戶搜的時候,也可以訪問網站。
2.一個站點有多個域名會對SEO的排名有影響,如果把多個域名全部跳轉到一個指定的域名,這樣以這個域名為中心,就可以把權重集中在這個域名上,並給定義一個狀態碼為301,301叫作永久重定向。
需求,把123.com域名跳轉到www.123.com。
1.編輯配置文件
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
2.修改增加如下內容:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com
<IfModule mod_rewrite.c> //需要mod_rewrite模塊支持
RewriteEngine on //打開rewrite功能
RewriteCond %{HTTP_HOST} !^www.123.com$ //定義rewrite的條件,主機名(域名)不是www.123.com滿足條件
RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定義rewrite規則,當滿足上面的條件時,這條規則才會執行
</IfModule>
</VirtualHost>
修改示例如下:
3.檢測語法及重新加載配置:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
4.檢測apache是否加載了rewrite模塊:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //若無該模塊,需要編輯配置文件httpd.conf,刪除rewrite_module (shared) 前面的#
[root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf //進入配置文件,搜索rewrite,把前面#去掉
示例如下:
5.檢測語法及重新加載配置,查看加載模塊:
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //查看加載模塊
rewrite_module (shared)
6.測試
[root@gary-tao local]# curl -x 127.0.0.1:80 -I 2111.com.cn
HTTP/1.1 301 Moved Permanently
Date: Wed, 20 Dec 2017 12:31:50 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
[root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn //看內容
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>
[root@gary-tao local]# curl -x 127.0.0.1:80 2111.com.cn/adfjadfa/adfdafadfaf -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 20 Dec 2017 12:34:05 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://111.com/adfjadfa/adfdafadfaf
Content-Type: text/html; charset=iso-8859-1
[root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/adfjadfa/adfdafadfaf -I
HTTP/1.1 404 Not Found
Date: Wed, 20 Dec 2017 12:35:08 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
[root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 12:36:35 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@gary-tao local]# vi /usr/local/apache2.4/conf/httpd.conf
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
[root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I
HTTP/1.1 403 Forbidden
Date: Wed, 20 Dec 2017 12:39:23 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Content-Type: text/html; charset=iso-8859-1
說明:
-I 不顯示訪問內容,只看狀態碼
404 這個頁面不存在
301 永久跳轉
401 用戶密碼驗證,密碼驗證不對就401,驗證對了就200
403 把granted改成denied就會403
Apache訪問日誌
訪問日誌的作用很大,不僅可以記錄網站的訪問日誌,還可以在網站有異常發生時幫助我們定位問題,比如有攻擊時,是可以通過查看日誌看到一些規律的.日誌記錄了很多系統的信息,通過讀日誌,可以找到系統問題的原因。而日誌有不同的格式,分為common和combined,combined可以記錄更多的信息。
1.查看默認配置文件日誌
[root@gary-tao local]# ls /usr/local/apache2.4/logs/
111.com-access_log 111.com-error_log abc.com-access_log abc.com-error_log access_log error_log httpd.pid
[root@gary-tao local]# ls /usr/local/apache2.4/logs/111.com-access_log
/usr/local/apache2.4/logs/111.com-access_log
[root@gary-tao local]# cat /usr/local/apache2.4/logs/111.com-access_log
172.16.111.1 - xie [20/Dec/2017:20:09:54 +0800] "GET / HTTP/1.1" 200 12
127.0.0.1 - - [20/Dec/2017:20:31:50 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
127.0.0.1 - - [20/Dec/2017:20:32:53 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 -
127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 -
127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 -
127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
2.介紹日誌配置文件格式
[root@gary-tao local]# vim /usr/local/apache2.4/conf/httpd.conf
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
內容示例如下:
訪問日誌記錄用戶的每一個請求說明如下:
%h:為訪問網站的IP;
%l:為訪問遠程登錄名,這個字段基本上為"-";
%u:為用戶名,當使用用戶認證時,這個字段為認證的用戶名;
%t:為時間;
%r:為請求的動作(比如用ctrl-I是就為HEADE);
%s:為請求的狀態,寫成%>s為最後的狀態碼;
%b:為傳輸數據大小;
%{Referer}i:為referer信息(請求本次地址上一次的地址就為referer,比如在百度中搜索阿銘linux,然後通過百度的搜索結果頁面點擊然後到了阿名的論壇,那訪問阿銘的論壇的這次請求的referer就是baidu,當然那個地址肯定是很長的);
%{User-Agent}i:為瀏覽器標識,比如你用Firefox或者Chrome瀏覽器,則該字段顯示內容不一樣,是帶有瀏覽器的標識的。
3.定義虛擬主機配置文本日誌格式:
[root@gary-tao local]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //進入配置文件
把common日誌格式格式改成comdined日誌格式,示例如下:
4.測試語法及重新加載配置
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@gary-tao local]# /usr/local/apache2.4/bin/apachectl graceful
5.做幾個操作命令後查看日誌
[root@gary-tao local]# !curl
curl -x 127.0.0.1:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:10:16 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@gary-tao local]# curl -x 127.0.0.1:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Wed, 20 Dec 2017 13:10:31 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@gary-tao local]# tail /usr/local/apache2.4/logs/111.com-access_log
127.0.0.1 - - [20/Dec/2017:20:34:05 +0800] "HEAD HTTP://2111.com.cn/adfjadfa/adfdafadfaf HTTP/1.1" 301 -
127.0.0.1 - - [20/Dec/2017:20:35:08 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 -
127.0.0.1 - - [20/Dec/2017:20:36:35 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:20:39:23 +0800] "HEAD http://111.com/123.php HTTP/1.1" 403 -
127.0.0.1 - - [20/Dec/2017:20:40:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
127.0.0.1 - - [20/Dec/2017:21:10:16 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
127.0.0.1 - - [20/Dec/2017:21:10:31 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
172.16.111.1 - xie [20/Dec/2017:21:10:38 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
172.16.111.1 - xie [20/Dec/2017:21:10:39 +0800] "GET / HTTP/1.1" 200 12 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"
Apache用戶認證、域名跳轉、Apache訪問日誌介紹