2018-3-2 10 weeks 3 lessons Apache user authentication, domain jump, Apache access log

11.18 Apache user authentication

Edit the/usr/local/apache2.4/conf/extra/httpd-vhosts.conf and edit the second virtual host to the following:

• Parameter Description:

<Directory/data/wwwroot/www.111.com> //Designation of certified directories

allowoverride authconfig //This equivalent to open the authentication switch, no line equivalent to not open

AuthName "111.com user auth" //Custom certified name, not very useful

AuthType Basic //authentication type, generally basic, other types not used

AUTHUSERFILE/DATA/.HTPASSWD //Specify the location of the password file

Require Valid-user //Specify that users who require authentication are all available users

• Add Users:

[Email protected] ~]#/USR/LOCAL/APACHE2.4/BIN/HTPASSWD-CM/DATA/.HTPASSWD user1

Use HTPASSWD to create a username and password

-C Create a new file

-M MD5 Encryption mode

/DATA/.HTPASSWD Password Location

Define 111.com in the hosts so that it can jump to the local

This will prompt you for authentication when you enter 111.com

Enter the new user name and password that you added earlier to jump

• Use Curl to enter the user name password:

Curl-x127.0.0.1:80-u User name: password address-I

[Email protected] ~]# curl-x127.0.0.1:80-uuser1:123456 111.com-i

• Can be certified for a single file:

Web site has a variety of sensitive information, then may be the background access to the two authentication, then the background access to the address, such as 123.php, then you can do a certification for 123.php

Change vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf, specify 123.php matching file, don't forget </FilesMatch> at the end

Added 123.php

[Email protected] ~]# vim/data/wwwroot/111.com/123.php

Add any content, don't forget ""

Then 111.com does not require user name and password authentication

111.com/123.php, however, cannot be connected because the configuration file limits the 123.php <filesmatch 123.php>

So the 111.com/123.php requires a username and password

11.19/11.20 Domain Jump

Edit/usr/local/apache2.4/conf/extra/httpd-vhosts.conf, comment out previously edited configuration, add new configuration

• Parameter Description:

<ifmodule mod_rewrite.c> //requires Mod_rewrite module support

Rewriteengine on //open rewrite function

Rewritecond%{http_host}!^111.com$ //define the condition of the rewrite, the hostname (domain name) is not 111.com then the condition is satisfied

Rewriterule ^/(. *) $111.com/$1 [r=301,l] //define rewrite rules, this rule executes when the above conditions are met (meaning the contents of the first parenthesis; 301 is a permanent redirect; L means jump only once)

</IfModule>

• See if the rewrite module is loaded

[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewrite

If not loaded, you need to open the rewrite module, compile Apache when you select most, so there must be

[Email protected] ~]# vi/usr/local/apache2.4/conf/httpd.conf

[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-tsyntax ok[[email protected] ~]#/usr/local/apache2.4/bin/ Apachectl Graceful[[email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewriterewrite_module (shared)

As you can see, the input www.example.com can be successfully redirected to 111.com

• Common error Codes:

200 User name password verification is correct

301 Permanent Jump

302 Temporary Jump

401 User name password authentication is incorrect

403 granted instead of denied (/usr/local/apache2.4/conf/httpd.conf)

404 page does not exist

11.21 Apache Access Log

• Access logs record each user's request

[Email protected] ~]# cat/usr/local/apache2.4/logs/111.com-access_log abc.com-access_log access_log httpd.pid 111.com-error_log abc.com-error_log error_log[[email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log

(Get is not add-i)

• Define the format:

[[email protected] ~]# vim/usr/local/apache2.4/conf/httpd.conf search Logformat

Referer, the web address that the browser visited once, the log of the visit page is the Referer of the previous browsing page.

user-agent, user agent, through the browser, through curl to access, to obtain the site content, the browser is the user agent

• In the virtual host configuration file, change the format type to common to combined

[Email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-t[[email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful[[email protected] ~]# curl-x127.0.0.1:80 111.com/123.php-ihttp/1.1 Okdate:fri, Mar 2018 17:08:20 GMTSer Ver:apache/2.4.29 (Unix) php/7.1.6x-powered-by:php/7.1.6content-type:text/html; Charset=utf-8[[email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log

(the format has changed to clearly see Referer and User-agent)

If there is any mistake, please correct me.

2018-3-2 10 weeks 3 lessons Apache user authentication, domain jump, Apache access log