• 本地搭建 Apache 服务器


    下载安装程序

    Apache2.2.4版下载,地址:http://httpd.apache.org/download,选择apache_2.2.4-win32-x86-no_ssl.msi,大约4M多。
     
    配置Apache


    一、配置文件

      Apache是一个后台运行的程序,没有界面。所有的配置,都包含在配置文件里。主配置文件是:

        C:/Program Files/Apache Group/Apache/conf/httpd.conf

      如果要修改Apache的配置,可以用任何一个文本编辑工具(例如记事本)编辑这个配置文件。在配置文件里,以“#”开头的行是注释行。


    二、配置选项

      在配置文件里的主要选项如下:

    #Listen 3000
    #Listen 12.34.56.78:80

      Apache的IP地址和端口。一般来说不需要设置,Apache会绑定在本机所有IP地址的80端口上。

    Port 80

      Apache的端口。默认值是80。

    ServerName test.dnschek.net

      Web服务器的名字。安装时输入的“Server Name”就是保存在这里。

    DocumentRoot "C:/Program Files/Apache Group/Apache/htdocs"

      这是网站的根目录。如果您想把网站文件存放在“D:/myweb”目录下,可以把DocumentRoot后面的目录修改为“D:/myweb”。

    Options Indexes FollowSymLinks MultiViews

      为了安全起见,请把上面的“Indexes”删掉。否则别人可以浏览到您网站里的所有文件。

    DirectoryIndex index.html

      默认首页文件名。在浏览器里输入一个地址(例如http://test.dnschek.net/)的时候,Apache会查找这个默认的首页文件打开。如果要配置多个默认首页文件名,请用空格分开。

    ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache/cgi-bin/"

      CGI文件存放路径。


    三、高级配置


    1、设置虚拟目录

      在配置文件中找下面这行:

        <IfModule mod_alias.c>

      在这行下面添加如下内容:

        Alias /vdir/ "c:/comexe/"

        <Directory "c:/comexe/">
        Options MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
        </Directory>

      这样,通过访问 http://test.dnschek.net/vdir/,就可以访问到c:/test/目录下的内容。

      Apache默认开设了两个虚拟目录:“/icons/”和“/manual/”。这两个虚拟目录没有用,可以在配置文件中删除。

    2、如何解决中文网页显示乱码

    (1)在配置文件中找包含“AddLanguage”或“AddCharset”的行,在这些行最前面增加一行:

        AddDefaultCharset GB2312

    (2)养成良好的习惯,在每个网页的<head></head>里加入这行:

        <meta http-equiv="Content-Type" content="text/html; charset=gb2312">

      一般的中文版网页编辑工具(例如FrontPage、Dreamweaver等)都会自动加上这行。


    3、如何解决中文文件名无法访问

      在ie中选择 工具 -> internet选项 -> 高级 -> 取消“总是以UTF-8发送URL”。

      这个方法很麻烦,请尽量不要使用中文的网站文件名。


    请注意:

    1、Apache配置过程中最关键的两点是:网站根目录和默认首页文件名。必须要把网站文件放在所指定的网站根目录下,而且默认首页文件名必须要设置正确,否则将看不到您的网页。

    2、每次配置文件更改后,要重新启动Apache才会生效。

    在windows xp下在apache服务器上搭建两个虚拟主机方法:

    对于conf/httpd.conf文件:

    1. 开启:Listen 80

    2.填写:ServerAdmin  管理员邮箱地址

    3.注释:#DocumentRoot ""

    4.给web服务器目录增加权限;<Directory "第一web服务器路径">

    5.设置默认自动运行的文件名:

    <IfModule dir_module>
        DirectoryIndex index.html index.php index.htm
    </IfModule>

    6. 将给web服务器目录增加权限的一对标签复制粘贴到上一标签的下面,将首标签更改为:

    <Directory "第二web服务器路径">

    对于:conf/extra/httpd-vhosts.conf 文件:

    1.开启:NameVirtualHost *:80     // *:代表本机的所以ip

    2.设置基于主机名的虚拟主机:

    <VirtualHost *:80>
        DocumentRoot " 第一web服务器路径"
        ServerName   写入第一个域名

    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "第二web服务器路径"
        ServerName   写入第二个域名

    </VirtualHost>

    3.不指定错误日志,则默认使用apache的错误日志!

    4.系统防火墙会阻止客户机对虚拟主机的访问,所以要本机关闭防火墙(郁闷了我一会子,才找出是本机防火墙的原因!)

    #
    # This is the main Apache HTTP server configuration file.  It contains the
    # configuration directives that give the server its instructions.
    # See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
    # In particular, see 
    # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
    # for a discussion of each configuration directive.
    #
    # Do NOT simply read the instructions in here without understanding
    # what they do.  They're here only as hints or reminders.  If you are unsure
    # consult the online docs. You have been warned.  
    #
    # Configuration and logfile names: If the filenames you specify for many
    # of the server's control files begin with "/" (or "drive:/" for Win32), the
    # server will use that explicit path.  If the filenames do *not* begin
    # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
    # with ServerRoot set to "C:/Program Files/Apache Software Foundation/Apache2.2" will be interpreted by the
    # server as "C:/Program Files/Apache Software Foundation/Apache2.2/logs/foo.log".
    #
    # NOTE: Where filenames are specified, you must use forward slashes
    # instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
    # If a drive letter is omitted, the drive on which httpd.exe is located
    # will be used by default.  It is recommended that you always supply
    # an explicit drive letter in absolute paths to avoid confusion.
    
    #
    # ServerRoot: The top of the directory tree under which the server's
    # configuration, error, and log files are kept.
    #
    # Do not add a slash at the end of the directory path.  If you point
    # ServerRoot at a non-local disk, be sure to point the LockFile directive
    # at a local disk.  If you wish to share the same ServerRoot for multiple
    # httpd daemons, you will need to change at least LockFile and PidFile.
    #
    ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2"
    
    #
    # Listen: Allows you to bind Apache to specific IP addresses and/or
    # ports, instead of the default. See also the <VirtualHost>
    # directive.
    #
    # Change this to Listen on specific IP addresses as shown below to 
    # prevent Apache from glomming onto all bound IP addresses.
    #
    #Listen 12.34.56.78:80
    Listen 8088
    
    #
    # Dynamic Shared Object (DSO) Support
    #
    # To be able to use the functionality of a module which was built as a DSO you
    # have to place corresponding `LoadModule' lines at this location so the
    # directives contained in it are actually available _before_ they are used.
    # Statically compiled modules (those listed by `httpd -l') do not need
    # to be loaded here.
    #
    # Example:
    # LoadModule foo_module modules/mod_foo.so
    #
    LoadModule actions_module modules/mod_actions.so
    LoadModule alias_module modules/mod_alias.so
    LoadModule asis_module modules/mod_asis.so
    LoadModule auth_basic_module modules/mod_auth_basic.so
    #LoadModule auth_digest_module modules/mod_auth_digest.so
    #LoadModule authn_alias_module modules/mod_authn_alias.so
    #LoadModule authn_anon_module modules/mod_authn_anon.so
    #LoadModule authn_dbd_module modules/mod_authn_dbd.so
    #LoadModule authn_dbm_module modules/mod_authn_dbm.so
    LoadModule authn_default_module modules/mod_authn_default.so
    LoadModule authn_file_module modules/mod_authn_file.so
    #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    #LoadModule authz_dbm_module modules/mod_authz_dbm.so
    LoadModule authz_default_module modules/mod_authz_default.so
    LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
    LoadModule authz_host_module modules/mod_authz_host.so
    #LoadModule authz_owner_module modules/mod_authz_owner.so
    LoadModule authz_user_module modules/mod_authz_user.so
    LoadModule autoindex_module modules/mod_autoindex.so
    #LoadModule cache_module modules/mod_cache.so
    #LoadModule cern_meta_module modules/mod_cern_meta.so
    LoadModule cgi_module modules/mod_cgi.so
    #LoadModule charset_lite_module modules/mod_charset_lite.so
    #LoadModule dav_module modules/mod_dav.so
    #LoadModule dav_fs_module modules/mod_dav_fs.so
    #LoadModule dav_lock_module modules/mod_dav_lock.so
    #LoadModule dbd_module modules/mod_dbd.so
    #LoadModule deflate_module modules/mod_deflate.so
    LoadModule dir_module modules/mod_dir.so
    #LoadModule disk_cache_module modules/mod_disk_cache.so
    #LoadModule dumpio_module modules/mod_dumpio.so
    LoadModule env_module modules/mod_env.so
    #LoadModule expires_module modules/mod_expires.so
    #LoadModule ext_filter_module modules/mod_ext_filter.so
    #LoadModule file_cache_module modules/mod_file_cache.so
    #LoadModule filter_module modules/mod_filter.so
    #LoadModule headers_module modules/mod_headers.so
    #LoadModule ident_module modules/mod_ident.so
    #LoadModule imagemap_module modules/mod_imagemap.so
    LoadModule include_module modules/mod_include.so
    #LoadModule info_module modules/mod_info.so
    LoadModule isapi_module modules/mod_isapi.so
    #LoadModule ldap_module modules/mod_ldap.so
    #LoadModule logio_module modules/mod_logio.so
    LoadModule log_config_module modules/mod_log_config.so
    #LoadModule log_forensic_module modules/mod_log_forensic.so
    #LoadModule mem_cache_module modules/mod_mem_cache.so
    LoadModule mime_module modules/mod_mime.so
    #LoadModule mime_magic_module modules/mod_mime_magic.so
    LoadModule negotiation_module modules/mod_negotiation.so
    #LoadModule proxy_module modules/mod_proxy.so
    #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
    #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    #LoadModule proxy_connect_module modules/mod_proxy_connect.so
    #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    #LoadModule proxy_http_module modules/mod_proxy_http.so
    #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
    #LoadModule reqtimeout_module modules/mod_reqtimeout.so
    #LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule setenvif_module modules/mod_setenvif.so
    #LoadModule speling_module modules/mod_speling.so
    #LoadModule ssl_module modules/mod_ssl.so
    #LoadModule status_module modules/mod_status.so
    #LoadModule substitute_module modules/mod_substitute.so
    #LoadModule unique_id_module modules/mod_unique_id.so
    #LoadModule userdir_module modules/mod_userdir.so
    #LoadModule usertrack_module modules/mod_usertrack.so
    #LoadModule version_module modules/mod_version.so
    #LoadModule vhost_alias_module modules/mod_vhost_alias.so
    
    <IfModule !mpm_netware_module>
    <IfModule !mpm_winnt_module>
    #
    # If you wish httpd to run as a different user or group, you must run
    # httpd as root initially and it will switch.  
    #
    # User/Group: The name (or #number) of the user/group to run httpd as.
    # It is usually good practice to create a dedicated user and group for
    # running httpd, as with most system services.
    #
    User daemon
    Group daemon
    
    </IfModule>
    </IfModule>
    
    # 'Main' server configuration
    #
    # The directives in this section set up the values used by the 'main'
    # server, which responds to any requests that aren't handled by a
    # <VirtualHost> definition.  These values also provide defaults for
    # any <VirtualHost> containers you may define later in the file.
    #
    # All of these directives may appear inside <VirtualHost> containers,
    # in which case these default settings will be overridden for the
    # virtual host being defined.
    #
    
    #
    # ServerAdmin: Your address, where problems with the server should be
    # e-mailed.  This address appears on some server-generated pages, such
    # as error documents.  e.g. admin@your-domain.com
    #
    ServerAdmin ls@alpha-it-system.com
    
    #
    # ServerName gives the name and port that the server uses to identify itself.
    # This can often be determined automatically, but we recommend you specify
    # it explicitly to prevent problems during startup.
    #
    # If your host doesn't have a registered DNS name, enter its IP address here.
    #
    ServerName 127.0.0.1:8080
    
    #
    # DocumentRoot: The directory out of which you will serve your
    # documents. By default, all requests are taken from this directory, but
    # symbolic links and aliases may be used to point to other locations.
    #
    DocumentRoot "c:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
    #
    # Each directory to which Apache has access can be configured with respect
    # to which services and features are allowed and/or disabled in that
    # directory (and its subdirectories). 
    #
    # First, we configure the "default" to be a very restrictive set of 
    # features.  
    #
    <Directory />
        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>
    
    #
    # Note that from this point forward you must specifically allow
    # particular features to be enabled - so if something's not working as
    # you might expect, make sure that you have specifically enabled it
    # below.
    #
    
    #
    # This should be changed to whatever you set DocumentRoot to.
    #
    <Directory "C:/Program Files(x86)/Apache Software Foundation/Apache2.2/htdocs">
        #
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        #
        Options Indexes FollowSymLinks
    
        #
        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        #
        AllowOverride None
    
        #
        # Controls who can get stuff from this server.
        #
        Order allow,deny
        Allow from all
    
    </Directory>
    
    
    listen 92
    <VirtualHost *:92>
    DocumentRoot "F:/workspace/oab-v2/doc/cn/html"
    <Directory />
        #
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        #
        
        Options +Includes
        #
        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        #
        AllowOverride None
    
        #
        # Controls who can get stuff from this server.
        #
        Order allow,deny
        Allow from all
        AddType text/html .html
        AddOutputFilter INCLUDES .html
    </Directory>
    </VirtualHost>
    
    
    #
    # DirectoryIndex: sets the file that Apache will serve if a directory
    # is requested.
    #
    <IfModule dir_module>
        DirectoryIndex index.html
    </IfModule>
    
    #
    # The following lines prevent .htaccess and .htpasswd files from being 
    # viewed by Web clients. 
    #
    <FilesMatch "^\.ht">
        Order allow,deny
        Deny from all
        Satisfy All
    </FilesMatch>
    
    #
    # ErrorLog: The location of the error log file.
    # If you do not specify an ErrorLog directive within a <VirtualHost>
    # container, error messages relating to that virtual host will be
    # logged here.  If you *do* define an error logfile for a <VirtualHost>
    # container, that host's errors will be logged there and not here.
    #
    ErrorLog "logs/error.log"
    
    #
    # LogLevel: Control the number of messages logged to the error_log.
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    #
    LogLevel warn
    
    <IfModule log_config_module>
        #
        # The following directives define some format nicknames for use with
        # a CustomLog directive (see below).
        #
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
    
        <IfModule logio_module>
          # You need to enable mod_logio.c to use %I and %O
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
    
        #
        # The location and format of the access logfile (Common Logfile Format).
        # If you do not define any access logfiles within a <VirtualHost>
        # container, they will be logged here.  Contrariwise, if you *do*
        # define per-<VirtualHost> access logfiles, transactions will be
        # logged therein and *not* in this file.
        #
        CustomLog "logs/access.log" common
    
        #
        # If you prefer a logfile with access, agent, and referer information
        # (Combined Logfile Format) you can use the following directive.
        #
        #CustomLog "logs/access.log" combined
    </IfModule>
    
    <IfModule alias_module>
        #
        # Redirect: Allows you to tell clients about documents that used to 
        # exist in your server's namespace, but do not anymore. The client 
        # will make a new request for the document at its new location.
        # Example:
        # Redirect permanent /foo http://127.0.0.1/bar
    
        #
        # Alias: Maps web paths into filesystem paths and is used to
        # access content that does not live under the DocumentRoot.
        # Example:
        # Alias /webpath /full/filesystem/path
        #
        # If you include a trailing / on /webpath then the server will
        # require it to be present in the URL.  You will also likely
        # need to provide a <Directory> section to allow access to
        # the filesystem path.
    
        #
        # ScriptAlias: This controls which directories contain server scripts. 
        # ScriptAliases are essentially the same as Aliases, except that
        # documents in the target directory are treated as applications and
        # run by the server when requested rather than as documents sent to the
        # client.  The same rules about trailing "/" apply to ScriptAlias
        # directives as to Alias.
        #
        ScriptAlias /cgi-bin/ "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin/"
    
    </IfModule>
    
    <IfModule cgid_module>
        #
        # ScriptSock: On threaded servers, designate the path to the UNIX
        # socket used to communicate with the CGI daemon of mod_cgid.
        #
        #Scriptsock logs/cgisock
    </IfModule>
    
    #
    # "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>
    
    #
    # DefaultType: the default MIME type the server will use for a document
    # if it cannot otherwise determine one, such as from filename extensions.
    # If your server contains mostly text or HTML documents, "text/plain" is
    # a good value.  If most of your content is binary, such as applications
    # or images, you may want to use "application/octet-stream" instead to
    # keep browsers from trying to display binary files as though they are
    # text.
    #
    DefaultType text/plain
    
    <IfModule mime_module>
        #
        # TypesConfig points to the file containing the list of mappings from
        # filename extension to MIME-type.
        #
        TypesConfig conf/mime.types
    
        #
        # AddType allows you to add to or override the MIME configuration
        # file specified in TypesConfig for specific file types.
        #
        #AddType application/x-gzip .tgz
        #
        # AddEncoding allows you to have certain browsers uncompress
        # information on the fly. Note: Not all browsers support this.
        #
        #AddEncoding x-compress .Z
        #AddEncoding x-gzip .gz .tgz
        #
        # If the AddEncoding directives above are commented-out, then you
        # probably should define those extensions to indicate media types:
        #
        AddType application/x-compress .Z
        AddType application/x-gzip .gz .tgz
    
        #
        # AddHandler allows you to map certain file extensions to "handlers":
        # actions unrelated to filetype. These can be either built into the server
        # or added with the Action directive (see below)
        #
        # To use CGI scripts outside of ScriptAliased directories:
        # (You will also need to add "ExecCGI" to the "Options" directive.)
        #
        #AddHandler cgi-script .cgi
    
        # For type maps (negotiated resources):
        #AddHandler type-map var
    
        #
        # Filters allow you to process content before it is sent to the client.
        #
        # To parse .shtml files for server-side includes (SSI):
        # (You will also need to add "Includes" to the "Options" directive.)
        #
        #AddType text/html .shtml
        #AddOutputFilter INCLUDES .shtml
    </IfModule>
    
    #
    # The mod_mime_magic module allows the server to use various hints from the
    # contents of the file itself to determine its type.  The MIMEMagicFile
    # directive tells the module where the hint definitions are located.
    #
    #MIMEMagicFile conf/magic
    
    #
    # Customizable error responses come in three flavors:
    # 1) plain text 2) local redirects 3) external redirects
    #
    # Some examples:
    #ErrorDocument 500 "The server made a boo boo."
    #ErrorDocument 404 /missing.html
    #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
    #ErrorDocument 402 http://127.0.0.1/subscription_info.html
    #
    
    #
    # MaxRanges: Maximum number of Ranges in a request before
    # returning the entire resource, or one of the special
    # values 'default', 'none' or 'unlimited'.
    # Default setting is to accept 200 Ranges.
    #MaxRanges unlimited
    
    #
    # EnableMMAP and EnableSendfile: On systems that support it, 
    # memory-mapping or the sendfile syscall is used to deliver
    # files.  This usually improves server performance, but must
    # be turned off when serving from networked-mounted 
    # filesystems or if support for these functions is otherwise
    # broken on your system.
    #
    #EnableMMAP off
    #EnableSendfile off
    
    # Supplemental configuration
    #
    # The configuration files in the conf/extra/ directory can be 
    # included to add extra features or to modify the default configuration of 
    # the server, or you may simply copy their contents here and change as 
    # necessary.
    
    # Server-pool management (MPM specific)
    #Include conf/extra/httpd-mpm.conf
    
    # Multi-language error messages
    #Include conf/extra/httpd-multilang-errordoc.conf
    
    # Fancy directory listings
    #Include conf/extra/httpd-autoindex.conf
    
    # Language settings
    #Include conf/extra/httpd-languages.conf
    
    # User home directories
    #Include conf/extra/httpd-userdir.conf
    
    # Real-time info on requests and configuration
    #Include conf/extra/httpd-info.conf
    
    # Virtual hosts
    #Include conf/extra/httpd-vhosts.conf
    
    # Local access to the Apache HTTP Server Manual
    #Include conf/extra/httpd-manual.conf
    
    # Distributed authoring and versioning (WebDAV)
    #Include conf/extra/httpd-dav.conf
    
    # Various default settings
    #Include conf/extra/httpd-default.conf
    
    # Secure (SSL/TLS) connections
    #Include conf/extra/httpd-ssl.conf
    #
    # Note: The following must must be present to support
    #       starting without SSL on platforms with no /dev/random equivalent
    #       but a statically compiled-in mod_ssl.
    #
    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    </IfModule>
  • 相关阅读:
    struts2 CVE-2014-0050(DoS), CVE-2014-0094(ClassLoader manipulation) S2-20 DoS attacks and ClassLoader manipulation
    struts2 CVE-2013-4316 S2-019 Dynamic method executions Vul
    struts2 CVE-2013-2251 S2-016 action、redirect code injection remote command execution
    struts2 CVE-2013-1965 S2-012 Showcase app vulnerability allows remote command execution
    struts2 CVE-2012-0392 S2-008 Strict DMI does not work correctly allows remote command execution and arbitrary file overwrite
    struts2 Advanced Learning
    2015阿里安全峰会
    PHPCMS phpsso_serverphpcmsmodulesphpssoindex.php、apiget_menu.php Authkey Leakage
    CMSEASY /lib/tool/front_class.php、/lib/default/user_act.php arbitrary user password reset vulnerability
    QTVA-2015-198545、WooYun-2015-104148 .NET Framework Arbitrary File Permissions Modify Vul
  • 原文地址:https://www.cnblogs.com/mingforyou/p/2878129.html
Copyright © 2020-2023  润新知