Apache Configure domain name jump, log cut, static cache, anti-theft chain, access control

Source: Internet
Author: User

/usr/local/apache2/bin/apachectl-m: See which modules are installed

/usr/local/apache/bin/apachectl-v: Viewing the mode used

/usr/local/apache2/bin/apachectl-t: Checking for syntax errors

/usr/local/apache2/bin/apachectl-l: Viewing the installed library files

/usr/local/apache2/bin/apachectl Graceful: Reload configuration

/usr/local/apache2/htcocs Home Store Directory

/usr/local/apache2/bin/apachectl Startup file directory

/usr/local/apache2/conf configuration file path

1. Domain Jump

• Site can be set domain name multiple domain name alias, set access alias is jump to primary domain name

• The primary domain name is www.1.com alias Www.a.com,www.b.com. Jump to www.1.com when accessing aliases

• 301 is a permanent jump, 302 is a temporary jump, there are multiple domain names to jump with to add "OR"

• Module: Rewrite

Configuration:

<ifmodule mod_rewrite.c>

Rewriteengine on rewrite engine [open]

Rewritecond%{http_host} ^www.a.com$ Override condition: is www.a.com

Rewriterule ^/(. *) $ www.1.com/$1 [r=301,l] rewrite rule: jump to www.1.com

</IfModule>

2. Log polling (cutting)

(1) The log format defined in the Apache master configuration file, the first of which is the complex format, the second is the normal format

Logformat "%h%l%u%t \"%r\ "%&gt;s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined

Logformat "%h%l%u%t \"%r\ "%&gt;s%b" common

(2) Access log format explanation:

%H: IP address of the client

%l: Client Login Name

%u: Authenticated Users

%t: Date and time of the visit

%r: How customers access, what resources to access, what agreements

%>s request corresponding status code #2开头正常, 3 start is redirected, 4 start client present error, 5 Start server side encounters error

%b: Number of bytes transferred

%{referer}: from which page (such as Baidu Search to the QQ space, that Referer is Baidu

%{user-agent}: What browser does the customer use

(3) Configure log cutting: Avoid generating large files, you can generate a daily

• Define log format in httpd.conf, only call log format in virtual host

Configuration:

Setenvif Request_uri ". *\.gif$" Image-request #定义不记录进日志的内容, Image-request is the calling name

Setenvif Request_uri ". *\.jpg$" Image-request

Setenvif Request_uri ". *\.png$" Image-request

Setenvif Request_uri ". *\.bmp$" Image-request

Setenvif Request_uri ". *\.swf$" Image-request

Setenvif Request_uri ". *\.js$" Image-request

Setenvif Request_uri ". *\.css$" Image-request

Customlog "|/usr/local/apache/bin/rotatelogs-l/var/log/access_%y%m%d.log 86400" combined env=!image-request

#env =!image-request only records content that was not image-requset.

3. Static caching

• Benefits: When users first visit, the definition of the cache in the browser, the second access will not need to request again, speed up access

• Define image, CSS, JS, SWF expiration time

• Module: MOD_EXPIRES.C

Configuration

<ifmodule mod_expires.c>

Expiresactive on #有效期 [open]

Expiresbytype image/gif "Access plus 1 day" #过期的类型, access more than one

Expiresbytype image/jpeg "Access plus hours"

Expiresbytype image/png "Access plus hours"

Expiresbytype image/css "Now plus 2 Day"

Expiresbytype Application/javascript "now plus 2 hours"

Expiresbytype Application/shockwave-flash "now plus 2 hours"

ExpiresDefault "now plus 0 min"

</IfModule>

• Cache Time Test: curl-x127.0.0.1:80 www.a.com/1.gif #查看过期时间

4. Anti-theft chain

• Protect websites from images, documents, music, and other forms of misappropriation of links, allowing only designated domain names to be linked

• Hotlinking: Put a picture on someone else's website, copy the link, then send it on your own website, users to visit their website, bear the burden and traffic is someone else's server.

Configuration:

<Directory/data/www>

Setenvifnocase Referer "www.1.com" Local_ref #定义访问的域名

Setenvifnocase Referer "www.a.com" Local_ref #定义访问的域名

Setenvifnocase Referer "www.b.com" Local_ref #定义访问的域名

Setenvifnocase Referer "^$" Local_ref

<filesmatch "Txt|doc|mps|rar|zip|jpeg|png|jpg|gif" > #定义禁止盗链的格式

Order Allow,deny

Allow from Env=local_ref #这里设置规则, allowed or not allowed

</filesmatch>

</Directory>

• Use CURL-E to detect anti-theft chains

• Explanation: The domain name is defined in Setenvifnocase to access the contents of the Forbidden hotlinking defined in FilesMatch

• Note: A 403 error will be displayed if the domain name is not defined above

• 403 error on other websites using hotlinking address

5. Access control

• Disable IP access to websites

<Directory/data/www>

Order Allow,deny

Deny from all

</Directory>

• Access control for WordPress background home page

<Directory/data/www/wp-admin>

<filesmatch "index.php" >

Order Deny,allow

Deny from all

Allow from 127.0.0.1

</filesmatch>

</Directory>

Test: If not the machine into the background page into the background, appears 403 forbidden.

6. Disable parsing of PHP (prevent source code from being seen)

<Directory/data/www/wp-admin>

Php_admin_flag engine off #关闭解析

<filesmatch "(. *) PHP" > #/data/www/wp-admin directory of any php files, are forbidden to parse

Order Deny,allwo

Deny from all

</filesmatch>

</Directory>

7. Pseudo-Static

Adding to the Rewrite module

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/topic-(. +) \.html$/portal.php?mod=topic&topic=$1&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/article-([0-9]+)-([0-9]+) \.html$/portal.php?mod=view&aid=$1&page=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/forum-(\w+)-([0-9]+) \.html$/forum.php?mod=forumdisplay&fid=$1&page=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/thread-([0-9]+)-([0-9]+)-([0-9]+] \.html$/forum.php?mod=viewthread&tid=$1&extra=page\%3d$3 &page=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/group-([0-9]+)-([0-9]+) \.html$/forum.php?mod=group&fid=$1&page=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/space-(Username|uid)-(. +) \.html$/home.php?mod=space&$1=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/blog-([0-9]+)-([0-9]+) \.html$/home.php?mod=space&uid=$1&do=blog&id=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/archiver/(Fid|tid)-([0-9]+) \.html$/archiver/index.php?action=$1&value=$2&%1

Rewritecond%{query_string} ^ (. *) $

Rewriterule ^/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+) \.html$/plugin.php?id=$1:$2&%1


This article is from the "Ming Linux blog" blog, be sure to keep this source http://zhaijunming5.blog.51cto.com/10668883/1690308

Apache Configure domain name jump, log cut, static cache, anti-theft chain, access control

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.