目录
配置httpd支持PHP
1.默认虚拟主机
3.user_agent限制访问
httpd配置
# vim /usr/local/apache2/conf/httpd.conf
ServerName localhost:80 #去注释或添加
<Directory>
AllowOverride none
Require all granted # denied改granted
</Directory>
# AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
1.默认虚拟主机
# vim /usr/local/apache2.4/conf/httpd.conf
//关键词httpd-vhost前面注释去掉
//第一个DocumentRoot 写默认路径/data/wwwroot/abc.com
//第一个DocumentRoot 写/data/wwwroot/
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin admin@abc.com
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
ServerAlias www.abc.com
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/123.com"
ServerName 123.com
</VirtualHost>
测试:
mkdir -p /data/wwwroot/abc.com /data/wwwroot/123.com echo "abc.com" > /data/wwwroot/abc.com/index.html echo "123.com" > /data/wwwroot/123.com/index.html # /usr/local/apache2.4/bin/apachectl -t # /usr/local/apache2.4/bin/apachectl graceful # curl -x127.0.0.1:80 abc.com abc.com # curl -x127.0.0.1:80 123.com 123.com # curl -x127.0.0.1:80 ccc.com abc.com //该域名没有被标记,没有限制其访问abc.com
2.用户认证
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
<Directory /data/wwwroot/abc.com>
AllowOverride AuthConfig
AuthName "abc.com usr auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</Directory>
</VirtualHost>
# /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd test
//输入密码
//-b 避开交互,参数加上密码 ps:/usr/local/apache2.4/bin/htpasswd -bm /data/.htpasswd test test123
# /usr/local/apache2.4/bin/apachectl -t
# /usr/local/apache2.4/bin/apachectl graceful
//配置完修改hosts文件(win7:c:WindowsSysem32driversecthosts)(linux:/etc/hosts)
192.168.x.x www.xxx.com
上面操作针对整个站点,针对某个目录或文件为:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName abc.com
<FilesMatch admin.php>
AllowOverride AuthConfig
AuthName "abc.com usr auth"
AuthType Basic
AuthUserFile /data/.htpasswd
require valid-user
</FilesMatch>
</VirtualHost>
3.配置域名跳转
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http://www.abc.com/$1 [R=301,L]
</IfModule>
</VirtualHost>
# /usr/local/apache2.4/bin/apachectl -M |grep -i rewrite
//没有输出,则表示没有开启模块
# vim /usr/local/apache2.4/conf/httpd.conf //搜索rewrite模块,去掉前面的模块
# /usr/local/apche2.4/bin/apachectl graceful
# /usr/local/apche2.4/bin/apachectl -M |grep -i rewrite
rewrite_module (shared) //加载rewrite模块正常
# curl -x127.0.0.1:80 -I abc.com
//状态码为301
4.配置访问日志
# vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat
LogFormat "%h %1 %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %1 %u %t "%r" %>s %b" common
//ip 远程登录名 用户名 时间 请求动作 状态码(>最后的) 传输数据大小 上一次请求的地址 浏览器标识 %D(请求耗时时间)
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http://www.abc.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/abc.com-error_log"
CustomLog "logs/abc.com-access_log" combined
</VirtualHost>
测试:
# /usr/local/apache2.4/bin/apachectl -t # /usr/local/apache2.4/bin/apachectl graceful # curl -x127.0.0.1:80 -I abc.com # tail /usr/local/apache2.4/logs/abc.com-access_log // 有日志记录了
限制静态元素记录到日志
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http://www.abc.com/$1 [R=301,L]
</IfModule>
ErrorLog "logs/abc.com-error_log"
SetEnvIf Request_URL ".*.gif$" image-request
SetEnvIf Request_URL ".*.jpg$" image-request
SetEnvIf Request_URL ".*.png$" image-request
SetEnvIf Request_URL ".*.bmp$" image-request
SetEnvIf Request_URL ".*.swf$" image-request
SetEnvIf Request_URL ".*.js$" image-request
SetEnvIf Request_URL ".*.css$" image-request
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined env=!image-request
</VirtualHost>
再测试:
# /usr/local/apache2.4/bin/apachectl -t # /usr/local/apache2.4/bin/apachectl graceful # curl -x127.0.0.1:80 -I abc.com # ls /usr/local/apache2.4 //测试在日志不记录静态元素 # touch /data/wwwroot/abc.com/test.jpg # touch /data/wwwroot/abc.com/test.txt # curl -x127.0.0.1:80 abc.com/test.jpg # curl -x127.0.0.1:80 abc.com/test.txt # cat /usr/local/apache2.4/logs/abc.com-access_20170318.log //只记录了txt后缀文件
5.配置静态元素过期时间
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^abc.com$
RewriteRule ^/(.*)$ http://www.abc.com/$1 [R=301,L]
</IfModule>
SetEnvIf Request_URL ".*.gif$" image-request
SetEnvIf Request_URL ".*.jpg$" image-request
SetEnvIf Request_URL ".*.png$" image-request
SetEnvIf Request_URL ".*.bmp$" image-request
SetEnvIf Request_URL ".*.swf$" image-request
SetEnvIf Request_URL ".*.js$" image-request
SetEnvIf Request_URL ".*.css$" image-request
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined env=!image-request
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType image/gif "access plus 1 days"
ExpiresByType image/jpeg "access plus 24 hours"
ExpiresByType image/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hours"
ExpiresByType application/x-javascript "now plus 2 hours"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
</VirtualHost>
# /usr/local/apache2.4/bin/apachectl -t
# /usr/local/apache2.4/bin/apachectl graceful
# /usr/local/apache2.4/bin/apachectl -M |grep -i expires
//没有模块
# vim /usr/local/apache2.4/conf/httpd.conf
#LoadModule expires_module modules/mod_expires.so
//去掉注释
# /usr/local/apache2.4/bin/apachectl graceful
# /usr/local/apache2.4/bin/apachectl -M |grep -i expires
//有输出
# curl -x127.0.0.1:80 -I www.123.com/test.jpg
//200 ok
//max-age=86400 缓存时间 使用浏览器的状态码为304(访问本地缓存)
# curl -x127.0.0.1:80 -I www.123.com/test.txt
//200 ok
//max-age=0 缓存时间
6.配置防盗链
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/abc.com>
SetEnvIfNoCase Referer "http://www.abc.com" local_ref
SetEnvIfNoCase Referer "http://abc.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch ".(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
</Directory>
</VirtualHost>
测试:
# /usr/local/apache2.4/bin/apachectl -t # /usr/local/apache2.4/bin/apachectl graceful # curl -x127.0.0.1:80 -I -e "http://www.abc.com/123.txt" http://www.abc.com/test.jpg //200 ok # curl -x127.0.0.1:80 -I -e "http://www.1234.com/123.txt" http://www.abc.com/test.jpg //403 Forbidden # curl -x127.0.0.1:80 -I -e "http://www.1234.com/123.txt" http://www.abc.com/index.html //200 ok 访问html类型文件不受保护
7.访问控制
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/abc.com/admin/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
测试:
# mkdir /data/wwwroot/abc.com/admin/ # echo "admin" > /data/wwwroot/abc.com/admin/index.html # > /usr/local/apache2.4/logs/abc.com-access_20170319.log # curl -x192.168.188.128:80 -I www.abc.com/admin/index.html //403 Forbidden # curl -x127.0.0.1:80 -I www.abc.com/admin/index.html //200 ok # curl -x192.168.188.128:80 -I www.abc.com/admin/index.htmlcat # cat /usrlocal/apache2.4/log/abc.com-access_20170319.log
单独针对某个文件来做限制:
<Directory /data/wwwroot/abc.com/admin/>
<Filesmatch "admin.php(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Filesmatch>
</Directory>
2.设置上传的目录禁止解析PHP
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined
<Directory /data/wwwroot/abc.com/upload>
php_admin_flag engine off
</Directory>
</VirtualHost>
测试:
# /usr/local/apache2.4/bin/apachectl -t
# /usr/local/apache2.4/bin/apachectl graceful
# cp /usr/local/apache2.4/htdocs/1.php /data/wwwroot/abc.com/upload
# curl -x127.0.0.1:80 abc.com/upload/1.php
<?php
echo "php解析正常"
?>
//php没有正常解析
二:
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
<Directory /data/wwwroot/abc.com/upload>
php_admin_flag engine off #将PHP解析引擎关闭
<Filesmatch "(.*)php"> #匹配
Order deny,allow
Deny from all #禁止解析所有,若不加filematch,只是将engine off,在浏览器访问该文件时,会将php文件下载下来,这样不好
</Filesmatch>
</Directory>
</VirtualHost>
3.user_agent限制访问
user_agent(浏览器标识,限制一些不友好的搜索引擎爬虫),限制恶意请求(cc攻击)
# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/wwwroot/abc.com"
ServerName www.abc.com
ServerAlias abc.com
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/abc.com-access_%Y%m%d.log 86400" combined
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} .*curl.* [NC,OR] //OR:或者
RewriteCond %{HTTP_USER_AGENT} .*baidu.com* [NC] //NC:不区分大小写
RewriteRule .* - [F] //F:Forbidden
</IfModule>
</VirtualHost>
测试:
# /usr/local/apache2.4/bin/apachectl -t # /usr/local/apache2.4/bin/apachectl graceful # curl -I -x127.0.0.1:80 www.abc.com/upload/1.php //403 Forbidden # curl -A "123123" -I -x127.0.0.1:80 www.abc.com/upload/1.php //200 ok -A:user_agent为自定义"123123"
出处:《跟阿铭学Linux》