4.13 Apache user authentication, jump and access logs

Apache user authentication

有的网站在访问的时候需要我们输入账户名和密码，这样做的好处是增加了安全性，但是用户体验会很差。但是在我们在工作中还需要在一些重要的地方做一些安全认证。首先我们编辑虚拟主机的配置文件

Vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
Let's experiment with a second virtual host, and then below the servername below:
<Directory/data/wwwroot/123.com>//Specify the directory of authentication (here the URL to and the previous configuration file URL must be consistent, responsible will not succeed)
AllowOverride authconfig//This equivalent to open the authentication switch
AuthName "123.com user auth"//Custom certified name, not very useful
AuthType Basic//authentication type, generally basic, other types of Amin useless
AUTHUSERFILE/DATA/.HTPASSWD//Specify the location of the password file
Require Valid-user//specify that users who require authentication are all available users
</Directory>

After the exit we are going to create a htpasswd file, which we need to build with Apache's own commands.
/USR/LOCAL/APACHE2.4/BIN/HTPASSWD-CM/DATA/.HTPASSWD aming (Here we tentative user named aming, the work is to be defined according to the actual situation) (-c,create. Create-M is MD5 encryption mode)
Enter the password after you press ENTER, and then enter the password repeatedly.
If we create a user and his password again, then we do not have to add the parameter-C, we have already created within.
Then we load the new test
[[email protected] ~]#/usr/local/apache2.4/bin/apachectl-t (grammar check)
Syntax OK
[email  protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful (reload)

Curl-x Test
[Email protected] ~]# curl-x127.0.0.1:80 111.com
<! DOCTYPE HTML PUBLIC "-//ietf//dtd HTML 2.0//en" >
<title>401 unauthorized</title> (401 means that the content to be accessed requires user authentication)
<p>this Server could not verify
is authorized to access the document
Requested. Either you supplied the wrong
credentials (e.g., bad password), or your
Browser doesn ' t understand how to supply
The Credentials required.</p>
</body>This allows you to enter a user name and password when viewing a website with a dialog box

How to enter a password under Linux
[[email protected] ~]# curl-x127.0.0.1:80-uaming:19860127 111.com (user name after-u, ":" followed by the password).
http/1.1 OK (when the password is correct, the status code is 200, if not, then 401)
Date:sun, APR 2018 12:56:22 GMT
server:apache/2.4.33 (Unix) php/5.6.30
x-powered-by:php/5.6.30
Content-length:7
content-type:text/html; Charset=utf-8

User authentication can also be certified for a file
You can also authenticate against a single file <virtualhost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
<filesmatch admin.php> and website Certification The difference is that it uses filesmatch instead of directory, and that the start and end are consistent.
AllowOverride authconfig
AuthName "123.com User auth"
AuthType Basic
authuserfile/data/.htpasswd
Require Valid-user
</FilesMatch>
</VirtualHost>

Domain Jump

一个网站会有多个域名，比如A可以访问一个域名，B也可以访问一个域名，而用A访问时浏览器的网址直接变成了B。这就是域名跳转过程。，那么他有什么作用呢？第一，一个网站有多个域名对SEO有影响，就是百度搜索关键词的排名有影响，如果把多个域名集中在一起，以一个域名为中心，这样就可以把权重集中在这个域名上，所以排名就靠前了。第二，如果之前的老域名不再使用，但搜索域名还留着以前的老域名，这样用户会搜索到我们的老域名并点击它，需要把老域名做一个跳转到新域名，这样用户搜索时候，也可以跳转到新域名。

Do the following
first open the virtual machine configuration file
vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
and then add the configuration file
<ifmodule mod_rewrite.c>//Need mod_rewrite module support, this module in the time we compile Apache to use a moust module, this module will compile most of the modules in. If not added, then this module will not have.
Rewriteengine on//Open rewrite function
Rewritecond%{http_host}!^www.111.com$//define rewrite conditions, When the host name (domain name) is not www.111.com, it will automatically jump to 111.com! We're going to define the beginning and the end, and if we don't define the beginning and the end, as long as there are 111 in the domain name, it will be the correct domain name. So we must add ^ and $ before and after the main domain.
Rewriterule ^/(. *) $ http://www.123.com/$1 [r=301,l]//define rewrite rules, when the above conditions are met, this rule will execute 301 for a permanent jump, 302 for a temporary jump, We usually use 301.
</ifmodule>

After changing the configuration file we need to detect the syntax and reload
Then we also need to see if the LoadModule rewrite_module modules/mod_rewrite.so is loaded in the Apache configuration file, and if it is commented, then we need to reload it.
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewrite
Rewrite_module (Shared) (loaded successfully)
If modified, we also have to do syntax detection and reload after the save exits.
Then we detect
[Email protected] ~]# curl-x192.168.1.106:80 2111.com.cn-i
http/1.1 301 Moved Permanently
Date:sun, APR 2018 14:54:17 GMT
server:apache/2.4.33 (Unix) php/5.6.30
location:http://111.com/
content-type:text/html; Charset=iso-8859-1
The status code is 301 and has now successfully jumped.

Apache Access Log

In Cat/usr/local/apache2.4/logs/111.com-access_log there's an access log we need to look at
[Email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log
192.168.1.106--[15/apr/2018:13:56:22 +0800] "GET HTTP://www.example.com/HTTP/1.1" 200 7
192.168.1.106--[15/apr/2018:14:19:25 +0800] "GET HTTP://www.789.com/HTTP/1.1" 200 7
192.168.1.106--[15/apr/2018:20:34:16 +0800] "GET HTTP://www.111.com/HTTP/1.1" 200 7
Try our access to the format of the log, and this format we can be defined in the format, in the Apache main configuration file Search Logformat, under which there are two format definitions, respectively, combined and common,combined content will be richer, it is more Referer and User-agent, we'll edit the virtual host profile, change the common to combined, revisit the test, view the log
<virtualhost *:80>
DocumentRoot "/data/wwwroot/www.123.com"
ServerName www.123.com
Serveralias 123.com
Customlog "Logs/123.com-access_log" combined (formerly Common)
</VirtualHost>

4.13 Apache user authentication, jump and access logs