Configure Apache logs----anti-theft chain

Apache does not record finger file types

Access http://www.test.com/, there are several log files under [[email protected] apache2]# cd/usr/local/apache2/logs/

[[email protected] logs]# ls

Access_log Error_log Httpd.pid

Not all events in the real world need to be recorded. So we need to customize to solve these problems.

The front is not modified before the Access_log

To intercept only a subset of the examples:

10.72.4.59--[23/sep/2016:12:53:14 +0800] "Get/install/images/stepnum.gif http/1.1" 304-

10.72.4.59--[23/sep/2016:12:53:14 +0800] "Get/install/images/bg_footer.gif http/1.1" 304-

10.72.4.59--[23/sep/2016:12:53:14 +0800] "Get/install/images/bg_repx.gif http/1.1" 304-

10.72.4.59--[23/sep/2016:12:53:14 +0800] "Get/install/images/bg_repno.gif http/1.1" 304-

When the modification is in progress ...

[Email protected] logs]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

<virtualhost *:80>

DocumentRoot "/tmp/123"

ServerName 1111.com

</VirtualHost>

<virtualhost *:80>

DocumentRoot "/data/www"

ServerName www.test.com

Serveralias www.aaa.com

Serveralias www.bbb.com

errorlog "Logs/www.test.com-error_log"

Setenvif Request_uri ". *\.gif$" Image-request

Setenvif Request_uri ". *\.jpg$" Image-request

Setenvif Request_uri ". *\.png$" Image-request

Setenvif Request_uri ". *\.bmp$" Image-request

Setenvif Request_uri ". *\.mid$" Image-request

Setenvif Request_uri ". *\.mmf$" Image-request

Setenvif Request_uri ". *\.js$" Image-request

Setenvif Request_uri ". *\.css$" Image-request

Customlog "|/usr/local/apache2/bin/rotatelogs-l/usr/local/apache2/logs/www.test.com-access_%y%m%d_log 86400" Combined Env=!image-request #这里是取反

[[email protected] logs]# apachectl-t check the grammar.

Syntax OK

Refresh Web page

[[email protected] logs]# ls

Access_log error_log httpd.pid Www.test.com-access_20160926_log www.test.com-error_log

[email protected] logs]# less Www.test.com-access_20160926_log

10.72.4.59--[26/sep/2016:23:13:11 +0800] "get/forum.php http/1.1" 12594 "-" "mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; trident/7.0; SLCC2;. NET CLR 2.0.50727;. NET CLR 3.5.30729;. NET CLR 3.0.30729; Media Center PC 6.0;. net4.0c;. net4.0e; infopath.3) "

10.72.4.59--[26/sep/2016:23:13:13 +0800] "get/home.php?mod=misc&ac=sendmail&rand=1474902791 HTTP/1.1" 200- "Http://www.test.com/forum.php" "mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; trident/7.0; SLCC2;. NET CLR 2.0.50727;. NET CLR 3.5.30729;. NET CLR 3.0.30729; Media Center PC 6.0;. net4.0c;. net4.0e; infopath.3) "

The small pictures on the website will not be recorded, the configuration is successful.

How not to record some static file configuration methods. 2016-09-27 16:56

###########################################################################################
Apache Static Cache configuration

There are some problems in the daily operation and maintenance work. There are a lot of small pictures when you visit a website. This picture occupies a lot of this page of primitive, occupies a large space, the transmission of the Web page is smaller, you can cache the static file on the side of the browser. This can be configured on the Apache side, which specifies how long the client caches. Doing so can save a lot of bandwidth resources.

[Email protected] logs]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

<ifmodule mod_expires.c> #模块名 (Static cached configuration template)

Expiresactive on

Expiresbytype image/gif "Access plus 1 days" #gif图片缓存1天

Expiresbytype image/jpeg "Access plus hours" #jpeg缓存1天

Expiresbytype image/png "Access plus hours" #png缓存1天

Expiresbytype text/css "Now plus 2 hour" #css缓存2小时

Expiresbytype Application/x-javascript "now plus 2 hours" #缓存2小时

Expiresbytype Application/x-shockwave-flash "now plus 2 hours" #缓存2小时

ExpiresDefault "now plus 0 min" #其余不缓存

</IfModule>

[Email protected] logs]# curl-x127.0.0.1:80 ' http://www.test.com/static/image/common/logo.png '-I

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/88/1F/wKioL1fqPRGAg6-IAAEQR9VKbso001.jpg-wh_500x0-wm_3 -wmp_4-s_1618142675.jpg "title=" dis17.jpg "alt=" Wkiol1fqprgag6-iaaeqr9vkbso001.jpg-wh_50 "/>

Note in the Picture:

cache-control:max-age=86400 86400s is one day.

This is the static file cache configuration.

Split Line ############################################################################## #分割线

Apache anti-theft chain configuration

Website pictures, flash, MP3, etc these resources may be embezzled by others

-------------------------------------------------------------------------

[Email protected] ~]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

Setenvifnocase Referer "^http://.*\.test\.com" local_ref #白名单 domain name can not be wrong or the picture will not show

Setenvifnocase Referer ". *\.aaa\.com" Local_ref #白名单

<filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif) "> #设置的图片格式

Require all denied

Require env local_ref condition equals local_ref

------------------------------------------------------------------------------------------

[Email protected] ~]# vim/usr/local/apache2/conf/extra/httpd-vhosts.conf

Setenvifnocase Referer "^http://.*\.1test\. com" Local_ref #此处如果改成其它的域名

Setenvifnocase Referer ". *\.aaa\.com" Local_ref

<filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif|png) ">

#Order Allow,deny

#Allow Form Env=local_ref

Require all denied

Require Env Local_ref

</filesmatch>

(PS: Currently the Apache version is 2.2, so the configuration is different than the version after 2.4 to cite some examples.) ）

[Email protected] ~]# apachectl-t

Syntax OK

[Email protected] ~]# apachectl restart

Re-visiting the site is the effect below. Picture files & restricted files are not displayed.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/88/2C/wKiom1fqnXPAncfvAAGvOliz75A446.jpg-wh_500x0-wm_3 -wmp_4-s_2260166219.jpg "title=" dis18.jpg "alt=" Wkiom1fqnxpancfvaagvoliz75a446.jpg-wh_50 "/>

Do the anti-theft chain when you must remember to add your own website into the Bai Ming, otherwise it will appear above the effect.

This article is from the "Cbo#boy_linux Road" blog, make sure to keep this source http://20151213start.blog.51cto.com/9472657/1857178

Configure Apache logs----anti-theft chain