First, user authentication
The user authentication function is when the user visits the website, needs to enter the user name password to be able to access. Some of the better total site and site backstage will be added user authentication, to ensure security.
Example: Below the zlinux.com
site to do a full-site user authentication:
Step 1: Edit the virtual host configuration file
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf //在linuxtest.com虚拟主机下编辑添加以下内容<VirtualHost *:80> DocumentRoot "/data/wwwroot/123test" ServerName linuxtest.com <Directory /data/wwwroot/123test> //指定认证的目录 AllowOverride AuthConfig //这个相当于打开认证的开关 AuthName "linuxtest.com user auth" //自定义认证的名字,作用不大 AuthType Basic //认证的类型,一般为Basic AuthUserFile /data/.htpasswd //指定密码文件所在位置 require valid-user //指定需要认证的用户为全部可用用户 </Directory> ErrorLog "logs/dummy-host2.example.com-error_log" CustomLog "logs/dummy-host2.example.com-access_log" common
Step 2: Create a password
Before you create a password file, understand the HTPASSWD command:
The HTPASSWD command is an Apache Web server built-in tool for creating and updating password files that store user names, domains, and user Basic authentication.
Grammar:
htpasswd [选项] [参数]
Options:
-c:=create, create an encrypted file
-N: Do not update encrypted files, only the updated user name password is displayed on the screen
-M: Encrypt the password using the MD5 algorithm (default)
-D: Encrypt passwords using the crypt algorithm
-P: Password is not encrypted, that is, the plaintext password
-S: Encrypt passwords using the SHA algorithm
-B: Enter the user name and password at the command line instead of the password as prompted
-D: Delete the specified user
Create the password file below:
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf [[email protected] ~]# /usr/local/apache2/bin/htpasswd -cm /data/.htpasswd zlinux // -c 表示创建 -m 指定MD5加密 指定所在位置 如果再次增加用户可以不用-c选项,-c是首次创建文件使用的,,否则/data/.htpasswd会被重置,之前用户被清空New password: Re-type new password: Adding password for user zlinux[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful
Step 3: Test whether user authentication is enabled
To test in the browser, you need to modify the next Windows Hosts file to linuxtest.com
point the domain name to the Linux machine:
Use curl
to test:
[[email protected] ~]# curl -x 192.168.204.128:80 linuxtest.com -IHTTP/1.1 401 Unauthorized //说明:因为生成了密码,所以在不指定用户名和密码的情况下会报401错误Date: Fri, 02 Mar 2018 09:59:05 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30WWW-Authenticate: Basic realm="linuxtest.com user auth"Content-Type: text/html; charset=iso-8859-1[[email protected] ~]# curl -x 192.168.204.128:80 -uzlinux:passwd linuxtest.com -I //使用-u指定用户名和密码HTTP/1.1 200 OK //状态码“200”,即访问成功Date: Fri, 02 Mar 2018 10:00:34 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30X-Powered-By: PHP/5.6.30Content-Type: text/html; charset=UTF-8
Step 4: Single File for authentication
Add the following similar content (modified according to your own directory) in the configuration file:
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/123test" ServerName linuxtest.com <FilesMatch admin.php> //针对文件,这里针对admin.php AllowOverride AuthConfig AuthName "123.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch></VirtualHost>
Second, configure the domain name jump
A domain jump is similar to redirecting a Web page to another site, but the difference is that the domain jump transfers the domain name itself back to the site instead of using HTML or scripting to redirect it. When the domain name is set to jump to another site, the address of the domain name will not remain in the browser's URL bar, and the column will show the URL of the new page. If you want to keep the URLs in this column, you need to use stealth jumps.
Here is an example of the www.linuxtestbak.com
domain to jump to linuxtest.com
:
Step 1: Modify the virtual host configuration file
<VirtualHost *:80> DocumentRoot "/data/wwwroot/123test" ServerName linuxtest.com ServerAlias www.linuxtestbak.com <IfModule mod_rewrite.c> //需要mod_rewrite模块支持 RewriteEngine on //打开rewrite功能 RewriteCond %{HTTP_HOST} !^linuxtest.com$ //定义rewrite的条件,主机名(域名)不是linuxtest.com满足条件 RewriteRule ^/(.*)$ http://linuxtest.com/$1 [R=301,L] //定义rewrite规则:当满足上面条件时才执行当前规则,即跳转到linuxtest.com。301表示永久跳转;302表示临时跳转。 </IfModule># <Directory /data/wwwroot/123test># AllowOverride AuthConfig# AuthName "linuxtest.com user auth"# AuthType Basic# AuthUserFile /data/.htpasswd# require valid-user# </Directory> ErrorLog "logs/dummy-host2.example.com-error_log" CustomLog "logs/dummy-host2.example.com-access_log" common</VirtualHost>
Step 2: Modify the httpd.conf file
[[email protected] ~]# vim /usr/local/apache2/conf/httpd.confLoadModule rewrite_module modules/mod_rewrite.so //去掉#,以启用这个模块
Step 3: Test
[[email protected] ~]# curl -x 192.168.204.128:80 www.linuxtestbak.com -IHTTP/1.1 301 Moved PermanentlyDate: Fri, 02 Mar 2018 10:53:51 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30Location: http://linuxtest.com/Content-Type: text/html; charset=iso-8859-1[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful
Using the browser (hosts need to modify), Access www.linuxtestbak.com
will jump directly tolinuxtest.com
Third, configure access log 1, Apache access log location:
[[email protected] ~]# ls /usr/local/apache2/logs/123test-access_log abstest-error_log dummy-host2.example.com-error_log error_log123test-error_log access_log dummy-host.example.com-access_log httpd.pidabctest-access_log dummy-host2.example.com-access_log dummy-host.example.com-error_log[[email protected] ~]# cat /usr/local/apache2/logs/123test-access_log //common格式日志192.168.204.128 - - [02/Mar/2018:19:06:28 +0800] "HEAD HTTP://linuxtestbak.com/ HTTP/1.1" 301 -192.168.204.128 - - [02/Mar/2018:19:07:51 +0800] "GET HTTP://linuxtest.com/ HTTP/1.1" 200 28192.168.204.128 - - [02/Mar/2018:19:09:05 +0800] "HEAD HTTP://www.linuxtestbak.com/ HTTP/1.1" 301 -192.168.204.1 - - [02/Mar/2018:19:10:55 +0800] "GET / HTTP/1.1" 200 28192.168.204.1 - - [02/Mar/2018:19:11:08 +0800] "GET / HTTP/1.1" 200 28
2. View Log format
[[email protected] ~]# vim /usr/local/apache2/conf/httpd.conf //搜索LogFormat<IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common
Description: Combined and common two formats, using common format by default.
3, the change log format is combined
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf ErrorLog "logs/123test-error_log" CustomLog "logs/123test-access_log" combined[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful
4, do some access, and then view the log.
[[email protected] ~]# cat/usr/local/apache2/logs/123test-access_log 192.168.204.128--[02/mar/2018:19:06:28 + 0800] "HEAD HTTP://linuxtestbak.com/HTTP/1.1" 301-192.168.204.128--[02/mar/2018:19:07:51 +0800] "GET HTTP://linuxtes t.com/http/1.1 "28192.168.204.128--[02/mar/2018:19:09:05 +0800]" HEAD HTTP://www.linuxtestbak.com/HTTP/1.1 "301- 192.168.204.1--[02/mar/2018:19:10:55 +0800] "get/http/1.1" 28192.168.204.1--[02/mar/2018:19:11:08 +0800] "GET /http/1.1 "28192.168.204.1--[02/mar/2018:19:20:16 +0800]" get/http/1.1 "-" "mozilla/5.0 (Windows NT 10.0 ; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.1--[02/mar/ 2018:19:20:19 +0800] "get/http/1.1"-"mozilla/5.0" (Windows NT 10.0; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.1--[02/mar/ 2018:19:20:27 +0800] "get/http/1.1"-"mozilla/5.0" (Windows NT 10.0; WOW64) AppleWebKit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.128--[02/mar/2018:19:20:39 +0800]" HEAD HTT p://www.linuxtestbak.com/http/1.1 "301-"-"" curl/7.29.0 "192.168.204.128--[02/mar/2018:19:20:45 +0800]" HEAD http:// www.linuxtestbak.com/HTTP/1.1 "301-"-"" curl/7.29.0 "192.168.204.128--[02/mar/2018:19:20:54 +0800]" GET HTTP://linux test.com/http/1.1 "-" "curl/7.29.0" 192.168.204.128--[02/mar/2018:19:20:57 +0800] "GET HTTP://linuxtest.com/HT tp/1.1 "-" "curl/7.29.0" 192.168.204.128--[02/mar/2018:19:20:58 +0800] "GET HTTP://linuxtest.com/HTTP/1.1" 200 "-" "curl/7.29.0"
Log format changes are obvious.
Apache (httpd) configuration-user authentication, domain jump and access log configuration