11.18 Apache用户认证
11.19/11.20 域名跳转
11.21 Apache访问日志
扩展
apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370
11.18 Apache用户认证:
有时候我们访问一些网站,会直接跳出用户名登录界面。输入正确的用户名密码,才能浏览网页,但会会影响用户体验
有时候就会针对特定的页面做一些用户认证。
比如有一个需求。我们在访问abc.com的时候就不让直接访问,必须要输入用户名和密码,验证通过以后才能访问。为了增加安全性
方法如下:
~~1.
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf 把第二个那个虚拟主机编辑成如下内容(因为第一个是默认的)
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com 在这个下面加入
<Directory /data/wwwroot/111.com> 指定认证的目录,针对哪个目录做认证。只要是这个目录下面的都区认证
AllowOverride AuthConfig 这个相当于打开认证的开关
AuthName "111.com user auth" 自定义认证的名字,作用不大
AuthType Basic 认证的类型,一般为Basic,其他类型阿铭没用过
AuthUserFile /data/.htpasswd 指定密码文件所在位置
require valid-user 指定需要认证的用户为全部可用用户(就是在我们.htpasswd里定义的用户)
这个别忘了加。阿鑫在做的时候忘记加,就报错了
/usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd axin 生成密码文件
-c就是创建的意思。如果我们在增加一个用户,就不需要加-c了。因为已经创建过了
-m第五加密
后面直接写增加的用户名就可以。不用谢useradd
重新加载配置-t , graceful
绑定hosts,浏览器测试
curl -x127.0.0.1:80 111.com 状态码为401 (即为访问的内容要做用户验证)
curl -x127.0.0.1:80 -uaming:passwd 111.com 指定指定用户名和密码。状态码为200
curl -x127.0.0.1:80 -uaming:passwd 111.com -I 成功的话可显示状态码
············
~~2.
假设我们还有一种需求。只想对网站的某一些敏感信息做用户密码验证:
也就是针对单个文件进行认证
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com" 注意我们指定的111.com,所以curl的时候要写/111.com/123.php
ServerName 111.com 在这下面加入
<FilesMatch 123.php> 注意前缀使用的是FilesMatch。只对123.php做二次验证
AllowOverride AuthConfig
AuthName "123.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
实例:
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias www.example.com
<Directory /data/wwwroot/111.com>
AllowOverride AuthConfig
AuthName "111.com user auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
ErrorLog "111.com-error_log"
CustomLog "111.com-access_log" common
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd axin
New password: 两次密码要写对
Re-type new password:
Adding password for user axin
[root@localhost ~]# cat /data/.htpasswd
axin:$apr1$sKKEUYts$BM6ZiN0lmn2dEfF932bCg/
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd aming 增加用户不需要加-c
New password:
Re-type new password:
Adding password for user aming
[root@localhost ~]# cat /data/.htpasswd
axin:$apr1$sKKEUYts$BM6ZiN0lmn2dEfF932bCg/
aming:$apr1$ypyDM8wQ$KoOUiRwTO/OWXDVXj4u/R.
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful 没有开启Apache
httpd not running, trying to start
[root@localhost ~]# /usr/local/apache2/bin/apachectl start 开启Apache
httpd (pid 2564) already running
[root@localhost ~]# /usr/local/apache2/bin/apachectl graceful
[root@localhost ~]# curl -x192.168.30.133:80 111.com -I curl一下为401
HTTP/1.1 401 Unauthorized 401意思就是需要验证用户密码
HTTP/1.1 401 Unauthorized
Date: Thu, 18 Jul 2019 03:20:00 GMT
Server: Apache/2.4.39 (Unix) PHP/5.6.32
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 200 OK
Date: Thu, 18 Jul 2019 03:20:00 GMT
Server: Apache/2.4.39 (Unix) PHP/5.6.32
X-Powered-By: PHP/5.6.32
Content-Type: text/html; charset=UTF-8
[root@localhost ~]# curl -x192.168.30.133:80 -uaxin:123456 111.com
HTTP/1.1 200 OK
Date: Thu, 18 Jul 2019 04:01:43 GMT
Server: Apache/2.4.39 (Unix) PHP/5.6.32
X-Powered-By: PHP/5.6.32
Content-Type: text/html; charset=UTF-8
----------------------------------------------------------------------------------------------------------------------------------------------------
11.19/11.20 域名跳转
需求,把123.com域名跳转到111.com,配置如下:
vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
ServerAlias 123.com 在这行下输入以下配置
<IfModule mod_rewrite.c> 需要mod_rewrite模块支持(就是我们之前的most模块)
RewriteEngine on 打开rewrite功能
RewriteCond %{HTTP_HOST} !^111.com$ 定义rewrite的条件(什么时候去跳转),主机名(域名)不是111.com的时候。也就是我们需要让他调到的那个域名。写法为正则,!(取反),^(以什么开始的),$(结束)加$为了避免出现.com.cn这样的域名
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] 定义rewrite规则(就把新网址的最后一段作为跳转页面)。当满足上面的条件时,这条规则才会执行。假如我们想让他调到111.com/123.php,就要这样写。此时的^表示除去后面的/之外的部分
/表示/123.php里的这个/
(.*)表示后面的123.php这一部分
$表示结束 写了这么多,意思其实就是,访问的只要不是123.php的都要调到111.com里去
$1表示这个命令的第一个小括号(.*)。如果新网站有111.com/.../123.php,就用$2表示,跟sed很像。,就要在加一个()并用$2表示(()里面就要写他/.../这部分的规则
[R=301,L] R=301表示301状态,不要写302会影响排名,权重。L表示只跳一次
出来以后,-t graceful
/usr/local/apache2/bin/apachectl -M|grep -i rewrite 若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#
curl -x127.0.0.1:80 -I 123.com 状态码为301(跳转页面)
404(页面不存在)
401(用户密码验证)
403(授权。Apache配置文件的denied改为granted)
实例:
[root@localhost ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf
ServerAlias www.example.com
#<Directory /data/wwwroot/111.com>
#<FilesMatch 123.php>
# AllowOverride AuthConfig
# AuthName "111.com user auth"
# AuthType Basic
# AuthUserFile /data/.htpasswd
# require valid-user
#
#
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^111.com$
RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
ErrorLog "111.com-error_log"
CustomLog "111.com-access_log" common
[root@axinlinux-01 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[root@localhost ~]# vi /usr/local/apache2.4/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so 把#删掉
LoadModule php5_module modules/libphp5.so
#LoadModule php7_module modules/libphp7.so
[root@localhost~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[root@localhost ~]# curl -x192.168.30.133:80 123.com -I
HTTP/1.1 301 Moved Permanently
Date: Thu, 18 Jul 2019 05:49:29 GMT
Server: Apache/2.4.39 (Unix) PHP/5.6.32
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1
----------------------------------------------------------------------------------------------------------------------------------------------------
11.21 Apache访问日志:
访问日志记录用户的每一个请求
~1.
我们在设置虚拟主机配置文件的时候,是有设置他的访问日志的
ErrorLog "111.com-error_log" 错误日志
CustomLog "111.com-access_log" common 访问日志
cat /usr/local/apache2/111.com-access_log 路径是在Apache目录下的:
192.168.159.128 - - [02/Aug/2018:22:50:37 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 301 223
192.168.159.128 - - [02/Aug/2018:22:55:36 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 -
他是这样显示的。是因为是配置文件里的LogFormat的common的变量决定的。
vim /usr/local/apache2.4/conf/httpd.conf 搜索LogFormat 。 会显示下面两种格式:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
h来源IP l用户 u用户密码 t时间 r行为,网址(用什么访问的,到哪去了) s状态码 b大小
Referer 记录浏览器访问网址的上一条网址是什么(从哪个网址点进来的)
User-Agent 用户代理,用户用什么来访问到的,比如浏览器,显示的内容就是是浏览器相关的字符串
LogFormat "%h %l %u %t \"%r\" %>s %b" common 默认是common格式,就是之前我们cat出来的(比较简单的那种格式)
~2.
把虚拟主机配置文件改成如下(更改为combined格式的):
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
ServerAlias 123.com
CustomLog "logs/111.com-access_log" combined common改为combined
重新加载配置文件 -t,graceful
curl -x192.168.30.133:80 -I 111.com
HTTP/1.1 200 OK
Date: Thu, 18 Jul 2019 08:26:47 GMT
Server: Apache/2.4.39 (Unix) PHP/5.6.32
X-Powered-By: PHP/5.6.32
Content-Type: text/html; charset=UTF-8
tail /usr/local/apache2.4/logs/111.com-access_log
tail /usr/local/apache2.4/111.com-access_log
192.168.30.1 - - [18/Jul/2019:16:46:18 +0800] "GET / HTTP/1.1" 301 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.30.1 - - [18/Jul/2019:16:46:35 +0800] "GET /favicon.ico HTTP/1.1" 301 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
192.168.30.1 - - [18/Jul/2019:16:46:40 +0800] "GET / HTTP/1.1" 301 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.30.1 - - [18/Jul/2019:16:47:00 +0800] "GET /favicon.ico HTTP/1.1" 301 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
192.168.30.1 - - [18/Jul/2019:16:56:38 +0800] "GET /favicon.ico HTTP/1.1" 301 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
192.168.30.1 - - [18/Jul/2019:16:56:41 +0800] "GET / HTTP/1.1" 301 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.30.1 - - [18/Jul/2019:16:56:51 +0800] "GET /favicon.ico HTTP/1.1" 301 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
192.168.30.1 - - [18/Jul/2019:16:56:55 +0800] "GET / HTTP/1.1" 301 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.30.1 - - [18/Jul/2019:16:57:01 +0800] "GET /favicon.ico HTTP/1.1" 301 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
192.168.30.1 - - [18/Jul/2019:17:04:33 +0800] "GET / HTTP/1.1" 301 223 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"