Apache Configure domain name jump, log cut, static cache, anti-theft chain, access control

Last Update:2015-09-01 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

/usr/local/apache2/bin/apachectl-m: See which modules are installed

/usr/local/apache/bin/apachectl-v: Viewing the mode used

/usr/local/apache2/bin/apachectl-t: Checking for syntax errors

/usr/local/apache2/bin/apachectl-l: Viewing the installed library files

/usr/local/apache2/bin/apachectl Graceful: Reload configuration

/usr/local/apache2/htcocs Home Store Directory

/usr/local/apache2/bin/apachectl Startup file directory

/usr/local/apache2/conf configuration file path

1. Domain Jump

• Site can be set domain name multiple domain name alias, set access alias is jump to primary domain name

• The primary domain name is www.1.com alias Www.a.com,www.b.com. Jump to www.1.com when accessing aliases

• 301 is a permanent jump, 302 is a temporary jump, there are multiple domain names to jump with to add "OR"

• Module: Rewrite

Configuration:

Rewriteengine on rewrite engine [open]

Rewritecond%{http_host} ^www.a.com$ Override condition: is www.a.com

Rewriterule ^/(. *) $ www.1.com/$1 [r=301,l] rewrite rule: jump to www.1.com

</IfModule>

2. Log polling (cutting)

(1) The log format defined in the Apache master configuration file, the first of which is the complex format, the second is the normal format

Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined

Logformat "%h%l%u%t \"%r\ "%>s%b" common

(2) Access log format explanation:

%H: IP address of the client

%l: Client Login Name

%u: Authenticated Users

%t: Date and time of the visit

%r: How customers access, what resources to access, what agreements

%>s request corresponding status code #2开头正常, 3 start is redirected, 4 start client present error, 5 Start server side encounters error

%b: Number of bytes transferred

%{referer}: from which page (such as Baidu Search to the QQ space, that Referer is Baidu

%{user-agent}: What browser does the customer use

(3) Configure log cutting: Avoid generating large files, you can generate a daily

• Define log format in httpd.conf, only call log format in virtual host

Configuration:

Setenvif Request_uri ". *\.gif$" Image-request #定义不记录进日志的内容, Image-request is the calling name

Setenvif Request_uri ". *\.jpg$" Image-request

Setenvif Request_uri ". *\.png$" Image-request

Setenvif Request_uri ". *\.bmp$" Image-request

Setenvif Request_uri ". *\.swf$" Image-request

Setenvif Request_uri ". *\.js$" Image-request

Setenvif Request_uri ". *\.css$" Image-request

Customlog "|/usr/local/apache/bin/rotatelogs-l/var/log/access_%y%m%d.log 86400" combined env=!image-request

#env =!image-request only records content that was not image-requset.

3. Static caching

• Benefits: When users first visit, the definition of the cache in the browser, the second access will not need to request again, speed up access

• Define image, CSS, JS, SWF expiration time

• Module: MOD_EXPIRES.C

Configuration

Expiresactive on #有效期 [open]

Expiresbytype image/gif "Access plus 1 day" #过期的类型, access more than one

Expiresbytype image/jpeg "Access plus hours"

Expiresbytype image/png "Access plus hours"

Expiresbytype image/css "Now plus 2 Day"

Expiresbytype Application/javascript "now plus 2 hours"

Expiresbytype Application/shockwave-flash "now plus 2 hours"

ExpiresDefault "now plus 0 min"

</IfModule>

• Cache Time Test: curl-x127.0.0.1:80 www.a.com/1.gif #查看过期时间

4. Anti-theft chain

• Protect websites from images, documents, music, and other forms of misappropriation of links, allowing only designated domain names to be linked

• Hotlinking: Put a picture on someone else's website, copy the link, then send it on your own website, users to visit their website, bear the burden and traffic is someone else's server.

Configuration:

Setenvifnocase Referer "www.1.com" Local_ref #定义访问的域名

Setenvifnocase Referer "www.a.com" Local_ref #定义访问的域名

Setenvifnocase Referer "www.b.com" Local_ref #定义访问的域名

Setenvifnocase Referer "^$" Local_ref

<filesmatch "Txt|doc|mps|rar|zip|jpeg|png|jpg|gif" > #定义禁止盗链的格式

Order Allow,deny

Allow from Env=local_ref #这里设置规则, allowed or not allowed

</filesmatch>

</Directory>

• Use CURL-E to detect anti-theft chains

• Explanation: The domain name is defined in Setenvifnocase to access the contents of the Forbidden hotlinking defined in FilesMatch

• Note: A 403 error will be displayed if the domain name is not defined above

• 403 error on other websites using hotlinking address

5. Access control

• Disable IP access to websites

Order Allow,deny

Deny from all

</Directory>

• Access control for WordPress background home page

Order Deny,allow

Deny from all

Allow from 127.0.0.1

</filesmatch>

</Directory>

Test: If not the machine into the background page into the background, appears 403 forbidden.

6. Disable parsing of PHP (prevent source code from being seen)

Php_admin_flag engine off #关闭解析

<filesmatch "(. *) PHP" > #/data/www/wp-admin directory of any php files, are forbidden to parse

Order Deny,allwo

Deny from all

</filesmatch>

</Directory>

7. Pseudo-Static

Adding to the Rewrite module