11.18 Apache user authentication
Edit the/usr/local/apache2.4/conf/extra/httpd-vhosts.conf and edit the second virtual host to the following:
• Parameter Description:
<Directory/data/wwwroot/www.111.com> //Designation of certified directories
allowoverride authconfig //This equivalent to open the authentication switch, no line equivalent to not open
AuthName "111.com user auth" //Custom certified name, not very useful
AuthType Basic //authentication type, generally basic, other types not used
AUTHUSERFILE/DATA/.HTPASSWD //Specify the location of the password file
Require Valid-user //Specify that users who require authentication are all available users
• Add Users:
[Email protected] ~]#/USR/LOCAL/APACHE2.4/BIN/HTPASSWD-CM/DATA/.HTPASSWD user1
Use HTPASSWD to create a username and password
-C Create a new file
-M MD5 Encryption mode
/DATA/.HTPASSWD Password Location
Define 111.com in the hosts so that it can jump to the local
This will prompt you for authentication when you enter 111.com
Enter the new user name and password that you added earlier to jump
• Use Curl to enter the user name password:
Curl-x127.0.0.1:80-u User name: password address-I
[Email protected] ~]# curl-x127.0.0.1:80-uuser1:123456 111.com-i
• Can be certified for a single file:
Web site has a variety of sensitive information, then may be the background access to the two authentication, then the background access to the address, such as 123.php, then you can do a certification for 123.php
Change vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf, specify 123.php matching file, don't forget </FilesMatch> at the end
Added 123.php
[Email protected] ~]# vim/data/wwwroot/111.com/123.php
Add any content, don't forget ""
Then 111.com does not require user name and password authentication
111.com/123.php, however, cannot be connected because the configuration file limits the 123.php <filesmatch 123.php>
So the 111.com/123.php requires a username and password
11.19/11.20 Domain Jump
Edit/usr/local/apache2.4/conf/extra/httpd-vhosts.conf, comment out previously edited configuration, add new configuration
• Parameter Description:
<ifmodule mod_rewrite.c> //requires Mod_rewrite module support
Rewriteengine on //open rewrite function
Rewritecond%{http_host}!^111.com$ //define the condition of the rewrite, the hostname (domain name) is not 111.com then the condition is satisfied
Rewriterule ^/(. *) $111.com/$1 [r=301,l] //define rewrite rules, this rule executes when the above conditions are met (meaning the contents of the first parenthesis; 301 is a permanent redirect; L means jump only once)
</IfModule>
• See if the rewrite module is loaded
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewrite
If not loaded, you need to open the rewrite module, compile Apache when you select most, so there must be
[Email protected] ~]# vi/usr/local/apache2.4/conf/httpd.conf
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-tsyntax ok[[email protected] ~]#/usr/local/apache2.4/bin/ Apachectl Graceful[[email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewriterewrite_module (shared)
As you can see, the input www.example.com can be successfully redirected to 111.com
• Common error Codes:
200 User name password verification is correct
301 Permanent Jump
302 Temporary Jump
401 User name password authentication is incorrect
403 granted instead of denied (/usr/local/apache2.4/conf/httpd.conf)
404 page does not exist
11.21 Apache Access Log
• Access logs record each user's request
[Email protected] ~]# cat/usr/local/apache2.4/logs/111.com-access_log abc.com-access_log access_log httpd.pid 111.com-error_log abc.com-error_log error_log[[email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log
(Get is not add-i)
• Define the format:
[[email protected] ~]# vim/usr/local/apache2.4/conf/httpd.conf search Logformat
Referer, the web address that the browser visited once, the log of the visit page is the Referer of the previous browsing page.
user-agent, user agent, through the browser, through curl to access, to obtain the site content, the browser is the user agent
• In the virtual host configuration file, change the format type to common to combined
[Email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-t[[email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful[[email protected] ~]# curl-x127.0.0.1:80 111.com/123.php-ihttp/1.1 Okdate:fri, Mar 2018 17:08:20 GMTSer Ver:apache/2.4.29 (Unix) php/7.1.6x-powered-by:php/7.1.6content-type:text/html; Charset=utf-8[[email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log
(the format has changed to clearly see Referer and User-agent)
If there is any mistake, please correct me.
2018-3-2 10 weeks 3 lessons Apache user authentication, domain jump, Apache access log