[toc]
Apache用户认证
11.18 Apache用户认证
用户认证功能就是在用户访问网站的时候,需要输入用户名密码才能进行访问。一些比较好总要的站点和网站后台都会加上用户认证,以保证安全。
1.下面对xavi.com站点来做一个全站的用户认证:
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把xavi.com那个虚拟主机编辑成如下内容
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/xavi.com"
ServerName xavi.com
<Directory /data/wwwroot/xavi.com> //指定认证的目录
AllowOverride AuthConfig //这个相当于打开认证的开关
AuthName "xavi.com user auth" //自定义认证的名字,作用不大
AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过
AuthUserFile /data/.htpasswd //指定密码文件所在位置
require valid-user //指定需要认证的用户为全部可用用户
</Directory>
</VirtualHost>
2.创建密码htpasswd命令
在创建密码文件先要了解htpasswd命令:
htpasswd命令是Apache的Web服务器内置工具,用于创建和更新储存用户名、域和用户基本认证的密码文件。
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd xavi
New password:
Re-type new password:
Adding password for user xavi
[[email protected] ~]# ls /data/.htpasswd
/data/.htpasswd
[[email protected] ~]# cat !$
cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1
2.1 再创建一个用户,重新加载配置-t,graceful
[[email protected] ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd lilei
New password:
Re-type new password:
Adding password for user lilei
[[email protected] ~]# cat /data/.htpasswd
xavi:$apr1$WKpg/kJm$gLaC.HA8/GbaF8g/fSVx/1
lilei:$apr1$f8p3nVfN$gP/WTgkIpWPTqoTI8V31U1
//重新加载配置-t,graceful
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
2.2 绑定hosts,浏览器测试,状态码为401,curl -x127.0.0.1:80 xavi.com
[[email protected] ~]# curl -x127.0.0.1:80 xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn‘t understand how to supply
the credentials required.</p>
</body></html>
[[email protected] ~]# curl -x127.0.0.1:80 xavi.com -I
HTTP/1.1 401 Unauthorized
Date: Tue, 06 Mar 2018 14:50:18 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="xavi.com user auth"
Content-Type: text/html; charset=iso-8859-1
3.curl -x127.0.0.1:80 -uaming:passwd www.123.com //状态码为200
[[email protected] ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com
xavi.com[[email protected] ~]#
[[email protected] ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com -I
HTTP/1.1 200 OK
Date: Tue, 06 Mar 2018 15:12:44 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
xavi.com[[email protected] ~]# curl -x127.0.0.1:80 -uxavi:xavi xavi.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn‘t understand how to supply
the credentials required.</p>
</body></html>
4. 单个文件进行认证
4.1 在配置文件中添加以下类似内容(根据自己的目录修改):
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
4.2 重新加载配置-t,graceful
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
4.3 编辑一个123.php文件,并认证
[[email protected] ~]# vim /data/wwwroot/xavi.com/123.php
[[email protected] ~]# curl -x127.0.0.1:80 -uxavi:xavi2018 xavi.com/123.php
123.php[[email protected] ~]#
10.19 域名跳转
301 域名跳转
1 配置域名跳转vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
域名跳转类似于将网页重新指向另一个网站,但区别是域名跳转会将域名本身重新指向网站,而不使用HTML或脚本来进行重新指向。当域名被设置为跳转至另一网站,域名的地址将不会保留在浏览器的URL栏中,该栏显示的会是新页面的URL。如果您希望保留该栏中的URL,则需要使用隐形跳转。
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/xavi.com"
ServerName xavitest.com
ServerAlias www.example.com www.xavi.com
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持
RewriteEngine on //打开rewrite功能
RewriteCond %{HTTP_HOST} !^xavitest.com$ //定义rewrite的条件,主机名(域名)不是xavitest.com满足条件
RewriteRule ^/(.*)$ http://xavitest.com/$1 [R=301,L] //定义rewrite规则:当满足上面条件时才执行当前规则,即跳转到xavitest.com。状态码301表示永久跳转;302表示临时跳转。L表示last,执行一次,^表示非,(.*)表示123.php,$1表示第一个方括号
</IfModule>
ErrorLog "logs/xavi.example.com-error_log"
CustomLog "logs/xavi.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/xavi.com"
ServerName xavi.com
ServerAlias www.example.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^xavi.com$
RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/xavi-error_log"
CustomLog "logs/xavi-access_log" common
</VirtualHost>
检查错误,打开httpd服务,重新加载配置-t,graceful
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
httpd not running, trying to start
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl start
httpd (pid 3152) already running
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
2.修改httpd.conf文件
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so //去掉#,以启用这个模块
/usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
3.测试跳转是否成功
80端口有几个冒号就是启动了几个网卡
[[email protected] ~]# curl -x192.168.72.130:80 xavi.com
xavi.com[[email protected] ~]# curl -x192.168.122.1:80 abcd.com
this is a test[[email protected] ~]#
curl -x192.168.122.1:80 www.example.com -I //-I可直接查看结果
[[email protected] ~]# curl -x192.168.122.1:80 www.example.com -I
HTTP/1.1 301 Moved Permanently
Date: Wed, 07 Mar 2018 13:43:47 GMT
Server: Apache/2.4.29 (Unix) PHP/7.1.6
Location: http://www.xavi.com/
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x192.168.122.1:80 www.example.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.xavi.com/">here</a>.</p>
</body></html>
4.状态码总结 301,200,401
11.21 Apache访问日志
1. Apache访问日志所在位置:
[[email protected] ~]# ls /usr/local/apache2.4/logs/
abcd-access_log abcd-error_log httpd.pid xavi.com-error_log
abcd.com-access_log access_log xavi-access_log xavi-error_log
abcd.com-error_log error_log xavi.com-access_log
[[email protected] ~]# ls /usr/local/apache2.4/logs/xavi.com-access_log
/usr/local/apache2.4/logs/xavi.com-access_log
[[email protected] ~]# cat !$
2. 查看日志格式
2.1 在httpd.conf搜索LogFormat
[[email protected] ~]# vim /usr/local/apache2.4/conf/httpd.conf
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
combined和common两种格式,默认使用common格式,Referer上一条访问的网址.
3. 更改日志的格式为combined
[[email protected] ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^xavi.com$
RewriteRule ^/(.*)$ http://www.xavi.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/xavi-error_log"
CustomLog "logs/xavi-access_log" combined
</VirtualHost>
查看日志文件:cat /usr/local/apache2.4/logs/xavi-access_log
之前未找到原因日志变化的原因是写错了访问名
[[email protected] ~]# cat /usr/local/apache2.4/logs/xavi-access_log
原文地址:http://blog.51cto.com/12995218/2084098
时间: 2024-08-24 06:53:39