171220---LAMP Apache用户认证, 域名跳转 ,Apache访问日志
Apache用户认证
用户认证的目的很简单:就是用户在访问的时候需要数用户名和密码,为了提高更好的安全性。
[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
ErrorLog "logs/111.com-error_log"
CustomLog "logs/111.com-access_log" common
</VirtualHost>
创建密码文件
使用htpasswd命令
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd amingNew password:
Re-type new password:
Adding password for user aming
[[email protected] ~]# cat /data/.htpasswd
aming:$apr1$EbCi5PBt$mmAFEZoVfX.s6Yn8tiJ3d.
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[[email protected] ~]# cat /data/.htpasswd
aming:$apr1$EbCi5PBt$mmAFEZoVfX.s6Yn8tiJ3d.
zhangsan:$apr1$vlvUNv4V$5ofnhcurY8r9LXQbCcVVo1
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl restart
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl restart
[[email protected] php-5.6.30]# curl -x127.0.0.1:80 111.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[[email protected] php-5.6.30]#
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
[[email protected] php-5.6.30]#
[[email protected] php-5.6.30]# curl -x127.0.0.1:80 -uaa:123456 111.com -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 04:43:07 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 04:43:07 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
还可以针对单个文件进行认证
[[email protected] php-5.6.30]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# <Directory /data/wwwroot/111.com>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
# </Directory>
<FilesMatch 123.php>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
# </Directory>
[[email protected] php-5.6.30]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] php-5.6.30]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] php-5.6.30]# vi /data/wwwroot/111.com/123.php
[[email protected] php-5.6.30]# cat /data/wwwroot/111.com/123.php
<?php
echo "123.php";
Syntax OK
[[email protected] php-5.6.30]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] php-5.6.30]# vi /data/wwwroot/111.com/123.php
[[email protected] php-5.6.30]# cat /data/wwwroot/111.com/123.php
<?php
echo "123.php";
[[email protected] ~]# echo alsdjfl
alsdjfl
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com
alsdjfl
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com/123.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 21 Dec 2017 04:52:29 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com/123.php -I
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com
111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com/123.php -I
HTTP/1.1 401 Unauthorized
Date: Thu, 21 Dec 2017 04:52:29 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com/123.php -I
[[email protected] ~]# curl -x127.0.0.1:80 -uaa:123456 111.com/123.php
123.php[[email protected] ~]#
123.php[[email protected] ~]#
域名跳转
需求,把123.com域名跳转到www.123.com,配置如下:
[[email protected]
~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
</IfModule>
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
检查是否加载rewrite模块
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[[email protected] ~]# vi /usr/local/apache2.4/conf/httpd.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[[email protected] ~]# vi /usr/local/apache2.4/conf/httpd.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[[email protected] ~]# curl -x127.0.0.1:80 111.com
111.com[[email protected] ~]# curl -x192.168.25.35:80 111.com
111.com[[email protected] ~]# curl -x192.168.25.35:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Dec 2017 05:25:43 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x192.168.25.35:80 2111.com.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>
111.com[[email protected] ~]# curl -x192.168.25.35:80 111.com
111.com[[email protected] ~]# curl -x192.168.25.35:80 2111.com.cn -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Dec 2017 05:25:43 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x192.168.25.35:80 2111.com.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://111.com/">here</a>.</p>
</body></html>
Apache访问日志
- 访问日志记录用户的每一个请求
- vi /usr/local/apache2.4/conf/httpd.conf LogFormat "%h %I %u %t "%r" %>s %b "%{Referer}i""%{User-Agent}i""combined LogFormat "%h %I %u %t "%r" %>s %b "common
- 将虚拟主机配置文件改成如下: <VirtualHost *:80> DocumentRoot "/data/wwwroot/www.111.com" ServerName www.111.com ServerAlias 111.com Customlog "logs/111.com-access_log"combined </VirtualHost>
- 重新加载配置文件-t,graceful
- curl -x 127.0.0.1:80 -I 111.com
- tail /usr/local/apache2.4/logs/111.com-access_log
111.com-access_log abc.com-access_log access_log httpd.pid
111.com-error_log abc.com-error_log error_log
[[email protected] ~]# cat /usr/local/apache2.4/logs/111.com-access_log
192.168.25.35 - - [21/Dec/2017:12:28:42 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:38:22 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381
192.168.25.1 - - [21/Dec/2017:12:39:43 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aaa [21/Dec/2017:12:41:28 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aaa [21/Dec/2017:12:41:39 +0800] "GET / HTTP/1.1" 401 381
192.168.25.1 - aa [21/Dec/2017:12:41:58 +0800] "GET / HTTP/1.1" 200 7
192.168.25.1 - aa [21/Dec/2017:12:41:58 +0800] "GET /favicon.ico HTTP/1.1" 404 209
127.0.0.1 - aa [21/Dec/2017:12:43:07 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aa [21/Dec/2017:12:50:36 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 -
127.0.0.1 - aa [21/Dec/2017:12:50:46 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:51:00 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:12:52:29 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401
[[email protected] ~]# vi /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
将CustomLog
"logs/111.com-access_log" common中的common改为combined
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x192.168.25.35:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 05:42:32 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[[email protected] ~]# cat /usr/local/apache2.4/logs/111.com-access_log
[[email protected] ~]# curl -x192.168.25.35:80 http://111.com/123.php -I
HTTP/1.1 200 OK
Date: Thu, 21 Dec 2017 05:42:32 GMT
Server: Apache/2.4.29 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8
[[email protected] ~]# cat /usr/local/apache2.4/logs/111.com-access_log
[[email protected] ~]# tail /usr/local/apache2.4/logs/111.com-access_log
192.168.25.1 - "" [21/Dec/2017:13:15:22 +0800] "GET /123.php HTTP/1.1" 401 381
192.168.25.1 - aa [21/Dec/2017:13:15:41 +0800] "GET /123.php HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:13:25:10 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:27 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:43 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.25.35 - - [21/Dec/2017:13:26:00 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
192.168.25.1 - aa [21/Dec/2017:13:40:58 +0800] "GET /123.php HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:41:41 +0800] "HEAD http://111.com/123.com HTTP/1.1" 404 -
192.168.25.35 - - [21/Dec/2017:13:42:11 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
192.168.25.35 - - [21/Dec/2017:13:42:32 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
192.168.25.1 - "" [21/Dec/2017:13:15:22 +0800] "GET /123.php HTTP/1.1" 401 381
192.168.25.1 - aa [21/Dec/2017:13:15:41 +0800] "GET /123.php HTTP/1.1" 200 7
127.0.0.1 - - [21/Dec/2017:13:25:10 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:27 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:25:43 +0800] "HEAD HTTP://2111.com.cn/ HTTP/1.1" 301 -
192.168.25.35 - - [21/Dec/2017:13:26:00 +0800] "GET HTTP://2111.com.cn/ HTTP/1.1" 301 223
192.168.25.1 - aa [21/Dec/2017:13:40:58 +0800] "GET /123.php HTTP/1.1" 200 7
192.168.25.35 - - [21/Dec/2017:13:41:41 +0800] "HEAD http://111.com/123.com HTTP/1.1" 404 -
192.168.25.35 - - [21/Dec/2017:13:42:11 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 -
192.168.25.35 - - [21/Dec/2017:13:42:32 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"