默认虚拟主机
1、配置文件
# vim /usr/local/apache2.4/conf/httpd.conf// 搜索关键词httpd-vhost,找到这行把行首的井号删除 保存 // 保存主配置文件,然后编辑虚拟机主机配置文件# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf//这个配置文件是虚拟机的主配置文件,接下来的各个操作都是在这个配置文件中完成的。<VirtualHost *:80>ServerAdmin guanliyuan.com //管理员邮箱 //对下面操作作用不大DocumentRoot "/data/wwwroot/bai.com" //网站根目录ServerName bai.com //网站的域名ServerAlias www.bai.com //网站第二域名ErrorLog "logs/bai.com-error.log" //错误日志CustomLog "logs/bai.com-access_log" common //访问日志</VirtualHost><VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com" //网站根目录ServerName www.123.com //网站的域名</VirtualHost>//测试# mkdir -p /data/wwwroot/bai.com /data/wwwroot/www.123.com //定义两个站点——bai.com和123.com# echo "bai.com" > /data/wwwroot/bai.com/index.html //将网站的域名传到index.html,默网站默认的主页就是index.html# echo "123.com" > /data/wwwroot/www.123.com/index.html //网站默认主页为index.html# /usr/local/apache2.4/bin/apachectl -t //检查配置# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置# curl -x127.0.0.1:80 www.bai.com //测试aming.com# curl -x127.0.0.1:80 www.123.com //测试123.com# curl -x127.0.0.1:80 www.abc.com //测试aming.com //不管什么域名指向服务器,只要配置文件中没有标记,就会访问这个默认虚拟主机
2、用户认证
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf//123.com虚拟主机编译<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com" //网站根目录ServerName www.123.com //网站的域名</VirtualHost>改为:<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.com<Directory /data/wwwroot/www.123.com>AllowOverride AuthConfigAuthName "www.123.com user auth"AuthType BasicAuthUserFile /data/.htpasswdrequire valid-user</Directory></VirtualHost># /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd bai //创建密码文件New passwd:Re-type new passwd:Adding password for user aming://htpasswd命令为常见用户的工具, -c为创建,-m指定密码加密方式为MD5// /data/.htpasswd为密码文件,aming为要创建的用户,第一次需要加-c//否则/data/.htpasswd文件会被重置,之前的用户会被清空# /usr/local/apache2.4/bin/apachectl -t //验证,检查配置Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置// 用管理员模式打开”记事本“或者”写字板“在最下一行增加:# 192.168.142.143(自己的ip4地址) www.123.com//用浏览器去访问www。123.com了弹出一个用于认证的提示框用户名就是创建密码文件时创建的bai用户与密码
3、配置域名跳转
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把123.com域名跳转到 www.123.com在原来文件上再进行修改<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.com<IfModule mod_rewrite.c> //需要mod_rewrite模块支持RewriteEngine on //打开rewrite功能rewriteCond %{HTTP_HOST} !^www.123.com$ //定义rewrite功能RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行</IfModule></VirtualHost># vim /usr/local/apache2.4/conf/httpd.conf //在主配置文件上修改// 将 LoadModule rewrite_module module/mod_rewrite.so 放开这一行注释# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置# /usr/local/apache2.4/bin/apachectl -M|grep -i rewrite //查看模块是否放开rewrite_module(shared)# curl -x127.0.0.1:80 -I 123.com //测试状态码返回301 成功HTTP/1.1 301 Moved PermanentlyDate: Fri, 21 May 2021 17:57:17 GMT //时间日期为当前日期Server: Apache/2.4.33 (Unix) PHP/5.6.39Location: http://www.123.com/ //跳转后的网址为http://www.123.com/Content-Type: text/html; charset=iso-8859-1
4、配置访问日志
# vim /usr/local/apache2.4/conf/httpd.conf //配置主文件,搜索LogFormatLogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %b" common// %u为用户名,%t为时间,%r为请求的动作 %>s为请求的状态码 %b为传输数据大小 %{Referer}i为referer信息 %{User-Agent}i为浏览器标识# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //配置虚拟机主配置文件<VirtualHost *:80DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.com<IfModule mod_rewrite.c>RewriteEngine onrewriteCond %{HTTP_HOST} !^www.123.com$RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]</IfModule>CustomLog "logs/123.com-access_log" combined //增加内容</VirtualHost># /usr/local/apache2.4/bin/apachectl -t //检查配置Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置# curl -x127.0.0.1:80 -I 123.com //测试,如果为301的话就说明正确# tail /usr/local/apache2.4/logs/123.com-access_log 显示文件中的尾部内容。
5、访问日志不记录静态文件
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //配置虚拟机主配置文件// 修改www.123.com的配置文件 不记录静态文件日志<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.com<IfModule mod_rewrite.c>RewriteEngine onrewriteCond %{HTTP_HOST} !^www.123.com$RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]</IfModule>SetEnvIf Request_URI ".*\.gif$" imgSetEnvIf Request_URI ".*\.jpg$" imgSetEnvIf Request_URI ".*\.png$" imgSetEnvIf Request_URI ".*\.bmp$" imgSetEnvIf Request_URI ".*\.swf$" imgSetEnvIf Request_URI ".*\.js$" imgSetEnvIf Request_URI ".*\.css$" imgCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img</VirtualHost>// 先定义一个image-request环境变量,把gif、jpg、png、bmp、swf、js、css等格式的文件全部归类到image-request// env=!image-request用到”!“,意思就是把image-request以外的类型文件记录到日志当中// rotetelogs为httpd自带切割日志的工具,访问日志按我们定义的文件格式进行切割// 86400单位为”秒“,相当于”一天“# /usr/local/apache2.4/bin/apachectl -t //检测配置文件是否出错Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置文件# ls /usr/local/apache2.4/logs/ // 查看目录//静态文件不记录日志 测试# touch /data/wwwroot/www.123.com/aming.jpg# touch /data/wwwroot/www.123.com/aming.txt# curl -x127.0.0.1:80 www.123.com/wsw.txt# curl -x127.0.0.1:80 www.123.com/wsw.jpg# cat /usr/local/apache2.4/logs/123.com-access_20210522.log127.0.0.1 - - [22/May/2021:05:39:58 +0800] "HEAD HTTP://123.com/ HTTP/1.1" 301 - "-" "curl/7.29.0"127.0.0.1 - - [22/May/2021:05:59:42 +0800] "GET HTTP://www.123.com/aming.txt HTTP/1.1" 200 - "-" "curl/7.29.0" // 只有txt的记录//访问了txt文件和jpg文件,日志只记录了txt的记录。
6、配置静态元素过期时间
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //配置虚拟机主文件// 在www.123.com虚拟机上编译 配置静态元素过期时间<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.com<IfModule mod_rewrite.c>RewriteEngine onrewriteCond %{HTTP_HOST} !^www.123.com$RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L]</IfModule>SetEnvIf Request_URI ".*\.gif$" img //去除根据请求信息,不用从服务器上下载,直接访问用户电脑里面的缓存SetEnvIf Request_URI ".*\.jpg$" imgSetEnvIf Request_URI ".*\.png$" imgSetEnvIf Request_URI ".*\.bmp$" imgSetEnvIf Request_URI ".*\.swf$" imgSetEnvIf Request_URI ".*\.js$" imgSetEnvIf Request_URI ".*\.css$" imgCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img<IfModule mod_expires.c>ExpiresActive onExpiresByType image/gif "access plus 1 days"ExpiresByType image/jpeg "access plus 24 hours"ExpiresByType image/png "access plus 24 hours"ExpiresByType text/css "now plus 2 hour"ExpiresByType application/x-javascript "now plus 2 hours"ExpiresByType application/javascript "now plus 2 hours"ExpiresByType application/x-shockwave-flash "now plus 2 hours"ExpiresDefault "now plus 0 min" //配置各种文件的过期时间</IfModule></VirtualHost># /usr/local/apache2.4/bin/apachectl -t //检测配置服务Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置服务# vim /usr/local/apache2.4/conf/httpd.conf //配置主配置文件LoadModule expires_module modules/mod_expires.so # 放开这一行注释# /usr/local/apache2.4/bin/apachectl -M |grep -i expires //打开该模块expires_module (shared) // 成功加载expires模块# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置服务// 访问jpg文件,发现max-age=86400 表示缓存一天# curl -x127.0.0.1:80 -I www.123.com/wsw.jpgHTTP/1.1 200 OKDate: Sat, 22 May 2021 13:30:31 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Last-Modified: Fri, 21 May 2021 21:58:54 GMTETag: "0-5c2de2a749f39"Accept-Ranges: bytesCache-Control: max-age=86400Expires: Sun, 23 May 2021 13:30:31 GMTContent-Type: image/jpeg# curl -x127.0.0.1:80 -I www.123.com/wsw.txtHTTP/1.1 200 OKDate: Sat, 22 May 2021 13:31:53 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Last-Modified: Fri, 21 May 2021 21:58:49 GMTETag: "0-5c2de2a23f2e1"Accept-Ranges: bytesCache-Control: max-age=0 // 访问txt 发现 max-age=0 表示没有缓存该类型的文件。Expires: Sat, 22 May 2021 13:31:53 GMTContent-Type: text/plain
7、配置防盗链
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //配置虚拟机主文件# 防盗链<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined<Directory /data/wwwroot/www.123.com>SetEnvIfNoCase Referer "http://www.123.com" local_refSetEnvIfNoCase Referer "http://123.com" local_refSetEnvIfNoCase Referer "^$" local_ref //^$为空referer<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)"> //用filesmatch定义需要保护的文件类型,访问txt、doc、MP3、zip、rar、jpg、gif格式的文件时会被限制Order Allow,DenyAllow from env=local_ref</filesmatch></Directory></VirtualHost>// 使用非允许的referer 报错403# curl -x127.0.0.1:80 -I -e "http://www.1234.com/1.txt" http://www.123.com/aming.jpg //用-e来定义referer,这个referer一定要以http://开头,否则不管用 ?HTTP/1.1 403 ForbiddenDate: Sat, 22 May 2021 14:04:32 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Content-Type: text/html; charset=iso-8859-1// 访问html文件可以被访问,未被保护# curl -x127.0.0.1:80 -I -e "http://www.1234.com/1.txt" http://www.123.com/index.htmlHTTP/1.1 200 OKDate: Sat, 22 May 2021 14:05:00 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Last-Modified: Fri, 21 May 2021 10:34:59 GMTETag: "8-5c2d49c8eb296"Accept-Ranges: bytesContent-Length: 8Content-Type: text/html
8、访问控制
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //虚拟机主配置文件// 访问控制<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined<Directory /data/wwwroot/www.123.com/admin/> //来限制访问的目录Order deny,allowDeny from all //所有IP都被限制Allow from 127.0.0.1 //用此代码只允许127.0.0.1这个IP</Directory></VirtualHost># /usr/local/apache2.4/bin/apachectl -t //检测配置Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置服务// 配置限制文件<Directory /data/wwwroot/www.123.com><FilesMatch "admin.php(.*)">Order deny,allowDeny from allAllow from 127.0.0.1 // 只允许127.0.0.1IP访问</FilesMatch></Directory>//创建目录,模拟网站后台# mkdir /data/wwwroot/www.123.com/admin //创建admin目录,为了模拟网站后台# echo "admin" > /data/wwwroot/www.123.com/admin/index.html //在后台下创建目录,并写入内容# > /usr/local/apache2.4/logs/123.com-access_20210522.log //清空日志# curl -x192.168.200.50:80 -I www.123.com/admin/index.html //测试限制目录HTTP/1.1 403 Forbidden //验证只允许127.0.0.1这个IP访问Date: Sat, 22 May 2021 14:34:30 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Content-Type: text/html; charset=iso-8859-1# curl -x127.0.0.1:80 -I www.123.com/admin/index.htmlHTTP/1.1 200 OKDate: Sat, 22 May 2021 14:34:44 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Last-Modified: Sat, 22 May 2021 14:30:13 GMTETag: "6-5c2ec03b1ca18"Accept-Ranges: bytesContent-Length: 6Content-Type: text/html
9.禁止解析PHP
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //编写虚拟机主配置文件// 禁止解析PHP<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined<Directory /data/wwwroot/www.123.com/upload>php_admin_flag engine off</Directory></VirtualHost>// 验证# /usr/local/apache2.4/bin/apachectl -t //检测配置服务# /usr/local/apache2.4/bin/apachectl graceful // 重新加载配置服务# mkdir /data/wwwroot/www.123.com/upload // 创建目录、模拟网站上传目录# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/www.123.com/upload/ //复制文件// 检测# curl -x127.0.0.1:80 www.123.com/upload/1.php<?phpecho 111?> //测试1.php能否正常启动
10、限制user_age
# vim /usr/local/apache2.4/conf/extra/httpd-vhost.conf //编辑虚拟机主配置文件# 限制user_agent<VirtualHost *:80>DocumentRoot "/data/wwwroot/www.123.com"ServerName www.123.comServerAlias 123.comCustomLog "| /usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined<IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] // %{HTTP_USER_AGENT}为user_agent的内置变量 OR 表示“或者”, NC表示“不区分大小写”RewriteCond %{HTTP_USER_AGENT} .*baidu.com.* [NC] // user——agent匹配curl或者baidu.comRewriteRule .* - [F] //F相当于Forbidden</IfModule></VirtualHost># /usr/local/apache2.4/bin/apachectl -t //检测配置服务Syntax OK# /usr/local/apache2.4/bin/apachectl graceful //重新加载配置服务# curl -I -x127.0.0.1:80 www.123.com/upload/1.phpHTTP/1.1 403 ForbiddenDate: Sat, 22 May 2021 15:28:07 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39Content-Type: text/html; charset=iso-8859-1//测试# curl -A "123123" -I -x127.0.0.1:80 www.123.com/upload/1.php //curl的-A选项指定user_agent //user_agent自定义的“123123”,没有匹配任何条件,状态为200HTTP/1.1 200 OKDate: Sat, 22 May 2021 15:28:29 GMTServer: Apache/2.4.33 (Unix) PHP/5.6.39X-Powered-By: PHP/5.6.39Content-Type: text/html; charset=UTF-8
若有收获,就点个赞吧
0 人点赞
