Apache用户认证
11.18 Apache用户认证
用户认证功能就是在用户访问网站的时候,需要输入用户名密码才能进行访问。一些比较好总要的站点和网站后台都会加上用户认证,以保证安全。
1.下面对xavi.com站点来做一个全站的用户认证:
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把xavi.com那个虚拟主机编辑成如下内容<VirtualHost *:80> ???DocumentRoot "/data/wwwroot/xavi.com" ???ServerName xavi.com ???<Directory /data/wwwroot/xavi.com> //指定认证的目录 ???????AllowOverride AuthConfig //这个相当于打开认证的开关 ???????AuthName "xavi.com user auth" //自定义认证的名字,作用不大 ???????AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过 ???????AuthUserFile /data/.htpasswd ?//指定密码文件所在位置 ???????require valid-user //指定需要认证的用户为全部可用用户 ???</Directory></VirtualHost>2.创建密码htpasswd命令
在创建密码文件先要了解htpasswd命令:
htpasswd命令是Apache的Web服务器内置工具,用于创建和更新储存用户名、域和用户基本认证的密码文件。
[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xaviNew password: Re-type new password: Adding password for user xavi[root@xavi ~]# ls /data/.htpasswd/data/.htpasswd[root@xavi ~]# cat !$cat /data/.htpasswdxavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/12.1 再创建一个用户,重新加载配置-t,graceful
[root@xavi ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd lileiNew password: Re-type new password: Adding password for user lilei[root@xavi ~]# cat /data/.htpasswdxavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1lilei:$apr1$f8p3nVfN$gP/WTgkIpWPTqoTI8V31U1//重新加载配置-t,graceful[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful2.2 绑定hosts,浏览器测试,状态码为401,curl -x127.0.0.1:80 xavi.com
[root@xavi ~]# curl -x127.0.0.1:80 xavi.com<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. ?Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn‘t understand how to supplythe credentials required.</p></body></html>[root@xavi ~]# curl -x127.0.0.1:80 xavi.com -IHTTP/1.1 401 UnauthorizedDate: Tue, 06 Mar 2018 14:50:18 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6WWW-Authenticate: Basic realm="xavi.com user auth"Content-Type: text/html; charset=iso-8859-13.curl -x127.0.0.1:80 -uaming:passwd www.123.com //状态码为200
[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.comxavi.com[root@xavi ~]#[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com -IHTTP/1.1 200 OKDate: Tue, 06 Mar 2018 15:12:44 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6X-Powered-By: PHP/7.1.6Content-Type: text/html; charset=UTF-8xavi.com[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi xavi.com<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>401 Unauthorized</title></head><body><h1>Unauthorized</h1><p>This server could not verify that youare authorized to access the documentrequested. ?Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn‘t understand how to supplythe credentials required.</p></body></html>4. 单个文件进行认证
4.1 在配置文件中添加以下类似内容(根据自己的目录修改):
[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf4.2 重新加载配置-t,graceful
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful4.3 编辑一个123.php文件,并认证
[root@xavi ~]# vim /data/wwwroot/xavi.com/123.php[root@xavi ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com/123.php123.php[root@xavi ~]# 10.19 域名跳转
301 域名跳转
1 配置域名跳转vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
域名跳转类似于将网页重新指向另一个网站,但区别是域名跳转会将域名本身重新指向网站,而不使用HTML或脚本来进行重新指向。当域名被设置为跳转至另一网站,域名的地址将不会保留在浏览器的URL栏中,该栏显示的会是新页面的URL。如果您希望保留该栏中的URL,则需要使用隐形跳转。
<VirtualHost *:80> ???DocumentRoot "/data/wwwroot/xavi.com" ???ServerName xavitest.com ???ServerAlias www.example.com www.xavi.com ???<IfModule mod_rewrite.c> ?????????//需要mod_rewrite模块支持 ???????RewriteEngine on ??????????????????//打开rewrite功能 ???????RewriteCond %{HTTP_HOST} !^xavitest.com$ ????//定义rewrite的条件,主机名(域名)不是xavitest.com满足条件 ???????????????RewriteRule ^/(.*)$ http://xavitest.com/$1 [R=301,L] ????//定义rewrite规则:当满足上面条件时才执行当前规则,即跳转到xavitest.com。状态码301表示永久跳转;302表示临时跳转。L表示last,执行一次,^表示非,(.*)表示123.php,$1表示第一个方括号 ??</IfModule> ???ErrorLog "logs/xavi.example.com-error_log" ???CustomLog "logs/xavi.example.com-access_log" common</VirtualHost><VirtualHost *:80> ????DocumentRoot "/data/wwwroot/xavi.com" ???ServerName xavi.com ???ServerAlias www.example.com ???<IfModule mod_rewrite.c> ???????RewriteEngine on ???????RewriteCond %{HTTP_HOST} !^xavi.com$ ???????RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L] ??</IfModule> ???????ErrorLog "logs/xavi-error_log" ???CustomLog "logs/xavi-access_log" common</VirtualHost>检查错误,打开httpd服务,重新加载配置-t,graceful
[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@xavi ~]# /usr/local/apache2.4/bin/apachectl gracefulhttpd not running, trying to start[root@xavi ~]# /usr/local/apache2.4/bin/apachectl starthttpd (pid 3152) already running[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful2.修改httpd.conf文件
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.confLoadModule rewrite_module modules/mod_rewrite.so ????//去掉#,以启用这个模块/usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件
[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -tSyntax OK[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful[root@xavi ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite rewrite_module (shared)[root@xavi ~]# /usr/local/apache2.4/bin/apachectl graceful3.测试跳转是否成功
80端口有几个冒号就是启动了几个网卡
[root@xavi ~]# curl -x192.168.72.130:80 xavi.comxavi.com[root@xavi ~]# curl -x192.168.122.1:80 abcd.comthis is a test[root@xavi ~]# curl -x192.168.122.1:80 www.example.com -I //-I可直接查看结果
[root@xavi ~]# curl -x192.168.122.1:80 www.example.com -IHTTP/1.1 301 Moved PermanentlyDate: Wed, 07 Mar 2018 13:43:47 GMTServer: Apache/2.4.29 (Unix) PHP/7.1.6Location: http://www.xavi.com/Content-Type: text/html; charset=iso-8859-1[root@xavi ~]# curl -x192.168.122.1:80 www.example.com<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://www.xavi.com/">here</a>.</p></body></html>4.状态码总结 301,200,401
11.21 Apache访问日志
1. Apache访问日志所在位置:
[root@xavi ~]# ?ls /usr/local/apache2.4/logs/abcd-access_log ?????abcd-error_log ?httpd.pid ???????????xavi.com-error_logabcd.com-access_log ?access_log ?????xavi-access_log ?????xavi-error_logabcd.com-error_log ??error_log ??????xavi.com-access_log[root@xavi ~]# ls /usr/local/apache2.4/logs/xavi.com-access_log/usr/local/apache2.4/logs/xavi.com-access_log[root@xavi ~]# cat !$2. 查看日志格式
2.1 在httpd.conf搜索LogFormat
[root@xavi ~]# vim /usr/local/apache2.4/conf/httpd.conf<IfModule log_config_module> ???# ???# The following directives define some format nicknames for use with ???# a CustomLog directive (see below). ???# ???LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ???LogFormat "%h %l %u %t \"%r\" %>s %b" common ???<IfModule logio_module>combined和common两种格式,默认使用common格式,Referer上一条访问的网址.
3. 更改日志的格式为combined
[root@xavi ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf<IfModule mod_rewrite.c> ???????RewriteEngine on ???????RewriteCond %{HTTP_HOST} !^xavi.com$ ???????RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L] ??</IfModule> ???????ErrorLog "logs/xavi-error_log" ???CustomLog "logs/xavi-access_log" combined</VirtualHost>查看日志文件:cat /usr/local/apache2.4/logs/xavi-access_log
之前未找到原因日志变化的原因是写错了访问名
[root@xavi ~]# cat /usr/local/apache2.4/logs/xavi-access_log5.Apache用户认证,域名跳转,访问日志
原文地址:http://blog.51cto.com/12995218/2084098