11月15日任務 11.18 Apache使用者認證 11.19/11.20 域名跳轉 11.21 Apache訪問日誌    

apache使用者認證

針對目錄

先確保主配置檔案內開啟了虛擬主機服務

[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
# Virtual hosts
# Include conf/extra/httpd-vhosts.conf 
刪除Include行首的#，儲存退出
 

• 編輯虛擬主機配置檔案

[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把111.com那個虛擬主機編輯成如下內容
<VirtualHost *:80>
    # 指定網頁檔案儲存的根目錄
    DocumentRoot "/data/wwwroot/111.com" 
    # 指定伺服器的主機名
    ServerName www.111.com  
    # 指定伺服器的別名
    ServerAlias www.example.com
    # 指定認證的目錄
    <Directory /data/wwwroot/111.com> 
        # 這個相當於開啟認證的開關
        AllowOverride AuthConfig 
        # 自定義認證的名字，作用不大
        AuthName "111.com user auth" 
        # 認證的型別，一般為Basic
        AuthType Basic 
        # 指定密碼檔案所在位置
        AuthUserFile /data/.htpasswd  
        # 指定需要認證的使用者為全部可用使用者
        require valid-user 
    </Directory>
    # 指定錯誤日誌
    ErrorLog "logs/111.com-error_log"
    # 指定錯誤日誌記錄級別
    CustomLog "logs/111.com-access_log" common
</VirtualHost>
 

• 使用者加密 -c 建立 -m md5加密

[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd castiel
# 這裡我簡單設為了1
New password: 
Re-type new password: 
Adding password for user castiel、

[[email protected] ~]# cat /data/.htpasswd 
castiel:$apr1$iqyfAY.M$zJ12wj68C6BDDIpe41sWQ1
 

• 驗證

# 訪問時報401，需要認證
[[email protected] ~]# curl -x 192.168.65.133:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

# 輸入賬戶密碼成功訪問，狀態碼轉為200
[[email protected] ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com
111.com

[[email protected] ~]# curl -x 192.168.65.133:80 -ucastiel:1 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:58:50 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

針對單個檔案的使用者認證

同樣的需要使用htpasswd建立使用者密碼檔案

• 修改虛擬主機配置檔案

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    # 註釋掉原先配置認證的目錄
    # <Directory /data/wwwroot/111.com>
    # 指定特定的檔案123.php
    <FilesMatch 123.php>  
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
    </FilesMatch>
    # </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• 驗證

# 訪問其他網頁無需賬戶密碼即可正常登陸
[[email protected] ~]# curl -x 192.168.65.133:80 www.example.com
111.com
[[email protected] ~]# curl -x 192.168.65.133:80 www.example.com -I
HTTP/1.1 200 OK
Date: ..., ... 13:01:54 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 訪問特定的123.php檔案時需要認證
[[email protected] ~]# curl -x 192.168.65.133:80 -ucastiel:1 111.com/123.php
123.php
[[email protected] ~]# curl -x 192.168.65.133:80 111.com/123.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

域名跳轉（域名重定向）

基本知識介紹

可以通過域名來訪問網站，當一個網站的域名更改後，通過對老域名設定域名跳轉功能後，將使用者跳轉到新網址。例如在訪問www.123.com時，對於設定了域名跳轉的網址，瀏覽器將自動跳轉到新網址www.abc.com。

網站的SEO：搜尋引擎會將網路中的域名、網址進行記錄，使用者通過搜尋引擎搜尋網址，搜尋引擎將以權重從高到低順序顯示，方便使用者使用。如果不進行域名跳轉，老域名的權重將一直比新域名高，導致無法找到新域名網址。可以通過設定新域名的狀態碼為301，來降低域名的權重。

如何配置

先在主配置檔案內開啟rewrite模組

[[email protected] ~]# vim /usr/local/apache/conf/httpd.conf
將“#LoadModule rewrite_module modules/mod_rewrite.so”開頭的#去掉後儲存退出

修改虛擬主機配置檔案

[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 
<VirtualHost *:80>
...
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        
        #定義rewrite的條件，主機名（域名）不是111.com的才滿足
        RewriteCond %{HTTP_HOST} !^111.com$ 
        
        # 定義rewrite規則：當滿足條件時，設定跳轉規則，並定義狀態；
        # ^/即DocumentRoot，為該預設虛擬主機的根路徑
        # $1代替前面匹配的內容
        # 狀態碼為301(永久重定向)，L表示跳轉結束
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L] 
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

修改完成檢驗後重新載入

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M | grep rewrite
 rewrite_module (shared)
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful

測試，檢驗是否跳轉

[[email protected] ~]# curl -x 127.0.0.1:80 111.com -I
HTTP/1.1 301 Moved Permanently
Date: ..., ... 11:45:49 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
Location: http://www.111.com/
Content-Type: text/html; charset=iso-8859-1

關於狀態碼

# 200 允許訪問
# 403 禁止訪問 配置檔案中設定Require all denied
# 404 找不到網頁
# 301 永久重定向

訪問日誌

訪問日誌記錄了使用者的每一個請求

• 預設的訪問日誌

# logs目錄下儲存的訪問日誌
[[email protected] ~]# ls /usr/local/apache2.4/logs/
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

# 簡單記錄了訪問的ip、時間、位置、狀態碼等資訊
[[email protected] ~]# cat /usr/local/apache2.4/logs/111.com-access_log 
192.168.65.133 - - [...:19:25:48 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [...:19:44:37 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:09 +0800] "GET HTTP://111.com/ HTTP/1.1" 301 227
127.0.0.1 - - [...:19:45:49 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:39 +0800] "HEAD HTTP://111.com/index.html HTTP/1.1" 301 -
127.0.0.1 - - [...:19:46:53 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -
127.0.0.1 - - [...:19:50:14 +0800] "HEAD HTTP://111.com/index.php HTTP/1.1" 301 -

• 訪問日誌格式

# 預設使用common那條格式記錄日誌
[[email protected] ~]# grep -n "LogFormat" /usr/local/apache2.4/conf/httpd.conf
284:    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
285:    LogFormat "%h %l %u %t \"%r\" %>s %b" common
289:      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
# Referer表示網頁跳轉前所在的網址。

• 修改日誌格式

[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf <VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [r=301,L]
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    
    # 上述的程式碼都沒有變化
    # 修改common為combined，這個是httpf.conf內設定的FormatLog
    CustomLog "logs/111.com-access_log" combined 
</VirtualHost>

重啟服務

[[email protected] logs]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] logs]# /usr/local/apache2.4/bin/apachectl graceful

驗證效果

[[email protected] logs]# curl -x 192.168.65.133:80 111.com -I
HTTP/1.1 200 OK
Date: ..., ... 12:46:25 GMT
Server: Apache/2.4.28 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

# 檢視日誌格式是否變化
[[email protected] logs]# cat /usr/local/apache2.4/logs/111.com-access_log 
...
192.168.65.133 - - [...:20:46:25 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - "-"