Apache user authentication, domain jump, access log

One: Apache user authentication

Sometimes, we need to give some special access to set up a user authentication mechanism to increase security. Like we just
Installed Discuz Forum, there is a management background, although the management of the background itself has a password, but we in order to more
Plus security, you can set up a layer of user authentication.
#vim/usr/local/apache2/conf/extra/httpd-vhosts.conf
In the corresponding virtual host configuration, add the following configuration:
<Directory/data/www/admin.php>
AllowOverride authconfig
AuthName "ALKSDJFLKASJDF"
AuthType Basic
authuserfile/data/.htpasswd
Require Valid-user
</Directory>
Description: First specify which directory to validate, AuthName custom, authuserfile specify user secret
Where the code file is.
#/usr/local/apache2/bin/htpasswd-cm/data/.htpasswd aming
This step is to create the user to authenticate, the first time to add a-c option, the purpose is to create a/data/.htpasswd
Password file, enter the password you want to set is OK.
Then restart the Apache service
#/usr/local/apache2/bin/apachectl-t
Check that the configuration is correct first
#/usr/local/apache2/bin/apachectl Graceful
Here with graceful equivalent is the reload configuration.

Two: Domain name jump

A site will inevitably have multiple domain names, and multiple domain names must have a primary and secondary, such as my site can use two domains
Name access: www.abc.com and www.123.com But everyone found that no matter which domain I used to access,
Will eventually jump to www.123.com. So, this behavior is called the domain jump, here the 301 is only
A status code that jumps beyond 301 and has 302. Let's configure how to get www.abc.com to jump
To www.123.com.
#vim/usr/local/apache2/conf/extra/httpd-vhosts.conf
In the corresponding virtual host configuration file, add
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_host} ^www.abc.com$
Rewriterule ^/(.) $ http://www.123.com/$1 [r=301,l]
</IfModule>
If you have more than one domain name, you can set this:
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_host} ^www.abc.com [OR]
Rewritecond%{http_host} ^www.abc.net$
Rewriterule ^/(.) $ http://www.123.com/$1 [r=301,l]
</IfModule>
Or:
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_host}!^www.123.com$
Rewriterule ^/(. *) $ http://www.123.com/$1 [r=301,l]
</IfModule>
After restarting Apache, the browser access www.abc.com will jump directly to www.123.com.
If you want to test the effect quickly, you can actually use the Curl command directly on the Linux command line.
#curl-x127.0.0.1:80 Www.123.com/bbs/forum.php-I
http/1.1 301 Moved Permanently
server:nginx/1.0.15
Connection:keep-alive
Date:thu, 14:12:56 GMT
Content-type:text/html
content-length:185
location:http://www.123.com/bbs/forum.php
x-upstream-echo-time:53

Three: Access logs

About the log format is defined inside the/usr/local/apcahe2/conf/httpd.conf.
#grep logformat/usr/local/apache2/conf/httpd.conf
Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined
Logformat "%h%l%u%t \"%r\ "%>s%b" common
Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "%I%O"
Combinedio

Agent IP and real client IP are recorded in Apache log
By default, the log log format is:
Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined
Where%h is the IP of the record visitor, if there is a layer of proxy in the front of the web, then this%h is actually the IP of the proxy machine, this is not what we want. In this case,
The%{x-forwarded-for}i field records the client's true IP. So log logs should read:
Logformat "%h%{x-forwarded-for}i%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined

Apache logs only the specified URI
My need is to www.aaa.com/aaa/a similar request ... The log is logged only for such requests.
Add in httpd.conf or the associated virtual host configuration file
Setenvif RequestURI "^/aaa/.*" aaa-request
Customlog "|/usr/local/apache/bin/rotatelogs-l/usr/local/apache/logs/aaa-access%Y%m%d.log 86400" combined env =aaa-request

Apache Logging Client-requested domain name
Under normal circumstances, there is no need to record this, after all, we mostly based on the virtual host to set the corresponding access log, but there are individual cases, such as
ServerName *.abc.com
This is a pan-parsed form, so it is necessary to record which domain name the user is requesting.
And the Apache Logformat has exactly one value that satisfies this requirement. That is,%V here is the upper case V, the lowercase v record is we set in the virtual host servername, this really does not need to record.

Apache user authentication, domain jump, access log