Apache (httpd) configuration-user authentication, domain jump and access log configuration

Source: Internet
Author: User
Tags apache access log

First, user authentication

The user authentication function is when the user visits the website, needs to enter the user name password to be able to access. Some of the better total site and site backstage will be added user authentication, to ensure security.
Example: Below the zlinux.com site to do a full-site user authentication:

Step 1: Edit the virtual host configuration file
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf    //在linuxtest.com虚拟主机下编辑添加以下内容<VirtualHost *:80>    DocumentRoot "/data/wwwroot/123test"    ServerName linuxtest.com    <Directory /data/wwwroot/123test>   //指定认证的目录            AllowOverride AuthConfig             //这个相当于打开认证的开关        AuthName "linuxtest.com user auth"       //自定义认证的名字,作用不大        AuthType Basic                            //认证的类型,一般为Basic        AuthUserFile /data/.htpasswd      //指定密码文件所在位置        require valid-user                        //指定需要认证的用户为全部可用用户    </Directory>    ErrorLog "logs/dummy-host2.example.com-error_log"    CustomLog "logs/dummy-host2.example.com-access_log" common
Step 2: Create a password

Before you create a password file, understand the HTPASSWD command:

The HTPASSWD command is an Apache Web server built-in tool for creating and updating password files that store user names, domains, and user Basic authentication.

Grammar:
htpasswd [选项] [参数]
Options:

-c:=create, create an encrypted file
-N: Do not update encrypted files, only the updated user name password is displayed on the screen
-M: Encrypt the password using the MD5 algorithm (default)
-D: Encrypt passwords using the crypt algorithm
-P: Password is not encrypted, that is, the plaintext password
-S: Encrypt passwords using the SHA algorithm
-B: Enter the user name and password at the command line instead of the password as prompted
-D: Delete the specified user

Create the password file below:

[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf [[email protected] ~]# /usr/local/apache2/bin/htpasswd -cm /data/.htpasswd zlinux   // -c 表示创建  -m 指定MD5加密 指定所在位置  如果再次增加用户可以不用-c选项,-c是首次创建文件使用的,,否则/data/.htpasswd会被重置,之前用户被清空New password: Re-type new password: Adding password for user zlinux[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful
Step 3: Test whether user authentication is enabled

To test in the browser, you need to modify the next Windows Hosts file to linuxtest.com point the domain name to the Linux machine:

Use curl to test:

[[email protected] ~]# curl -x 192.168.204.128:80 linuxtest.com -IHTTP/1.1 401 Unauthorized          //说明:因为生成了密码,所以在不指定用户名和密码的情况下会报401错误Date: Fri, 02 Mar 2018 09:59:05 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30WWW-Authenticate: Basic realm="linuxtest.com user auth"Content-Type: text/html; charset=iso-8859-1[[email protected] ~]# curl -x 192.168.204.128:80 -uzlinux:passwd linuxtest.com -I        //使用-u指定用户名和密码HTTP/1.1 200 OK                                                 //状态码“200”,即访问成功Date: Fri, 02 Mar 2018 10:00:34 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30X-Powered-By: PHP/5.6.30Content-Type: text/html; charset=UTF-8
Step 4: Single File for authentication

Add the following similar content (modified according to your own directory) in the configuration file:

[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80>    DocumentRoot "/data/wwwroot/123test"    ServerName linuxtest.com    <FilesMatch admin.php>    //针对文件,这里针对admin.php        AllowOverride AuthConfig        AuthName "123.com user auth"        AuthType Basic        AuthUserFile /data/.htpasswd        require valid-user    </FilesMatch></VirtualHost>
Second, configure the domain name jump

A domain jump is similar to redirecting a Web page to another site, but the difference is that the domain jump transfers the domain name itself back to the site instead of using HTML or scripting to redirect it. When the domain name is set to jump to another site, the address of the domain name will not remain in the browser's URL bar, and the column will show the URL of the new page. If you want to keep the URLs in this column, you need to use stealth jumps.
Here is an example of the www.linuxtestbak.com domain to jump to linuxtest.com :

Step 1: Modify the virtual host configuration file
<VirtualHost *:80>    DocumentRoot "/data/wwwroot/123test"    ServerName linuxtest.com    ServerAlias www.linuxtestbak.com    <IfModule mod_rewrite.c>          //需要mod_rewrite模块支持        RewriteEngine on                   //打开rewrite功能        RewriteCond %{HTTP_HOST} !^linuxtest.com$     //定义rewrite的条件,主机名(域名)不是linuxtest.com满足条件                RewriteRule ^/(.*)$ http://linuxtest.com/$1 [R=301,L]     //定义rewrite规则:当满足上面条件时才执行当前规则,即跳转到linuxtest.com。301表示永久跳转;302表示临时跳转。   </IfModule>#    <Directory /data/wwwroot/123test>#        AllowOverride AuthConfig#        AuthName "linuxtest.com user auth"#        AuthType Basic#        AuthUserFile /data/.htpasswd#        require valid-user#    </Directory>    ErrorLog "logs/dummy-host2.example.com-error_log"    CustomLog "logs/dummy-host2.example.com-access_log" common</VirtualHost>
Step 2: Modify the httpd.conf file
[[email protected] ~]# vim /usr/local/apache2/conf/httpd.confLoadModule rewrite_module modules/mod_rewrite.so     //去掉#,以启用这个模块
Step 3: Test
[[email protected] ~]# curl -x 192.168.204.128:80 www.linuxtestbak.com -IHTTP/1.1 301 Moved PermanentlyDate: Fri, 02 Mar 2018 10:53:51 GMTServer: Apache/2.4.29 (Unix) PHP/5.6.30Location: http://linuxtest.com/Content-Type: text/html; charset=iso-8859-1[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful

Using the browser (hosts need to modify), Access www.linuxtestbak.com will jump directly tolinuxtest.com

Third, configure access log 1, Apache access log location:
[[email protected] ~]# ls /usr/local/apache2/logs/123test-access_log  abstest-error_log                   dummy-host2.example.com-error_log  error_log123test-error_log   access_log                          dummy-host.example.com-access_log  httpd.pidabctest-access_log  dummy-host2.example.com-access_log  dummy-host.example.com-error_log[[email protected] ~]# cat  /usr/local/apache2/logs/123test-access_log     //common格式日志192.168.204.128 - - [02/Mar/2018:19:06:28 +0800] "HEAD HTTP://linuxtestbak.com/ HTTP/1.1" 301 -192.168.204.128 - - [02/Mar/2018:19:07:51 +0800] "GET HTTP://linuxtest.com/ HTTP/1.1" 200 28192.168.204.128 - - [02/Mar/2018:19:09:05 +0800] "HEAD HTTP://www.linuxtestbak.com/ HTTP/1.1" 301 -192.168.204.1 - - [02/Mar/2018:19:10:55 +0800] "GET / HTTP/1.1" 200 28192.168.204.1 - - [02/Mar/2018:19:11:08 +0800] "GET / HTTP/1.1" 200 28
2. View Log format
[[email protected] ~]# vim /usr/local/apache2/conf/httpd.conf      //搜索LogFormat<IfModule log_config_module>    #    # The following directives define some format nicknames for use with    # a CustomLog directive (see below).    #    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined    LogFormat "%h %l %u %t \"%r\" %>s %b" common

Description: Combined and common two formats, using common format by default.

3, the change log format is combined
[[email protected] ~]# vim /usr/local/apache2/conf/extra/httpd-vhosts.conf    ErrorLog "logs/123test-error_log"    CustomLog "logs/123test-access_log" combined[[email protected] ~]# /usr/local/apache2/bin/apachectl -tSyntax OK[[email protected] ~]# /usr/local/apache2/bin/apachectl graceful
4, do some access, and then view the log.
[[email protected] ~]# cat/usr/local/apache2/logs/123test-access_log 192.168.204.128--[02/mar/2018:19:06:28 + 0800] "HEAD HTTP://linuxtestbak.com/HTTP/1.1" 301-192.168.204.128--[02/mar/2018:19:07:51 +0800] "GET HTTP://linuxtes t.com/http/1.1 "28192.168.204.128--[02/mar/2018:19:09:05 +0800]" HEAD HTTP://www.linuxtestbak.com/HTTP/1.1 "301- 192.168.204.1--[02/mar/2018:19:10:55 +0800] "get/http/1.1" 28192.168.204.1--[02/mar/2018:19:11:08 +0800] "GET /http/1.1 "28192.168.204.1--[02/mar/2018:19:20:16 +0800]" get/http/1.1 "-" "mozilla/5.0 (Windows NT 10.0 ; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.1--[02/mar/ 2018:19:20:19 +0800] "get/http/1.1"-"mozilla/5.0" (Windows NT 10.0; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.1--[02/mar/ 2018:19:20:27 +0800] "get/http/1.1"-"mozilla/5.0" (Windows NT 10.0; WOW64) AppleWebKit/537.36 (khtml, like Gecko) chrome/64.0.3282.186 safari/537.36 "192.168.204.128--[02/mar/2018:19:20:39 +0800]" HEAD HTT p://www.linuxtestbak.com/http/1.1 "301-"-"" curl/7.29.0 "192.168.204.128--[02/mar/2018:19:20:45 +0800]" HEAD http:// www.linuxtestbak.com/HTTP/1.1 "301-"-"" curl/7.29.0 "192.168.204.128--[02/mar/2018:19:20:54 +0800]" GET HTTP://linux test.com/http/1.1 "-" "curl/7.29.0" 192.168.204.128--[02/mar/2018:19:20:57 +0800] "GET HTTP://linuxtest.com/HT tp/1.1 "-" "curl/7.29.0" 192.168.204.128--[02/mar/2018:19:20:58 +0800] "GET HTTP://linuxtest.com/HTTP/1.1" 200 "-" "curl/7.29.0"

Log format changes are obvious.

Apache (httpd) configuration-user authentication, domain jump and access log configuration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.