Apache user authentication, domain jump, access log format

Source: Internet
Author: User
Tags phpinfo apache access log

11.18 Apache user authentication

Note: This chapter uses a browser to detect the virtual machine IP and virtual host domain names in the physical machine hosts file.

Configure user authentication

Edit the virtual host profile "Httpd-vhosts.conf".
[[email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
...
<virtualhost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
Serveralias www.example.com
<directory/data/wwwroot/111.com>
#指定认证的目录
allowoverride authconfig
# This line is equivalent to opening a user-authenticated switch
AuthName "111.com user auth"
#自定义认证的名字, less useful
AuthType basic
#认证类型, generally basic
AUTHUSERFILE/DATA/.HTPASSWD
#指定密码文件所在位置 (need to be added manually)
require Valid-user
#设定需要认证的用户为 all available users defined in the AuthUserFile
</directory>
errorlog "Logs/111.com-error_log"
Customlog "Logs/111.com-access_log" Common
< /virtualhost>
Create the password file specified in httpd-vhosts.conf
[[email protected] ~]#/usr/local/apache2.4/bin/ Htpasswd-c-m/data/.htpasswd centos-01
New password:
re-type new password:
Adding password for user centos-0 1

[Email protected] ~]# CAT/DATA/.HTPASSWD
CENTOS-01: $apr 1$f7lsqit0$hegmt0nhuxh6.bpmlvi57/
That is, the "/data/.htpasswd" creates a password file that is encrypted with the MD5 algorithm for user centos-01 (auto-creation).
Note: the-C option is only added the first time you create the file.

Reload after configuration is complete
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-t
Syntax OK
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful
Test
[Email protected] ~]# curl-x192.168.8.131:80 111.com-i
http/1.1 401 Unauthorized
Date:mon, 01:42:50 GMT
server:apache/2.4.27 (Unix) php/5.6.30
Www-authenticate:basic realm= "111.com user auth"
content-type:text/html; Charset=iso-8859-1
The prompt status code is "401", indicating that the content currently being accessed requires user authentication.

Access using User & password:

[Email protected] ~]# curl-x192.168.8.131:80-ucentos-01:123456 111.com-i
http/1.1 OK
Date:mon, 02:18:21 GMT
server:apache/2.4.27 (Unix) php/5.6.30
x-powered-by:php/5.6.30
content-type:text/html; Charset=utf-8
Status code "200", that is, access succeeded.

To test with a browser:

Mark

Enter the user name "centos-01" and password to access:

Mark

HTPASSWD command

The HTPASSWD command is an Apache Web server built-in tool for creating and updating password files that store user names, domains, and user Basic authentication.

Syntax: htpasswd [option] [parameter]
Options:
-c:=create, create an encrypted file
-N: Do not update encrypted files, only the updated user name password is displayed on the screen
-M: Encrypt the password using the MD5 algorithm (default)
-D: Encrypt passwords using the crypt algorithm
-P: Password is not encrypted, that is, the plaintext password
-S: Encrypt passwords using the SHA algorithm
-B: Enter the user name and password at the command line instead of the password as prompted
-D: Delete the specified user

Application

Set up user authentication for the specified file in the website!

Virtual Host Configuration
[Email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<virtualhost *:80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
Serveralias www.example.com
#<directory/data/wwwroot/111.com>
<filesmatch 123.php>
AllowOverride authconfig
AuthName "111.com User auth"
AuthType Basic
authuserfile/data/.htpasswd
Require Valid-user
</FilesMatch>
#</directory>
Errorlog "Logs/111.com-error_log"
Customlog "Logs/111.com-access_log" common
</VirtualHost>
Note: Comment out < directory, remove user authentication for directory settings, and change to < Filesmatch>, i.e. set user authentication for file.

Detection
[Email protected] ~]# curl-x192.168.8.131:80 111.com
Welcome to 111.com

[Email protected] ~]# curl-x192.168.8.131:80 111.com/123.php-i
http/1.1 401 Unauthorized
Date:mon, 03:04:31 GMT
server:apache/2.4.27 (Unix) php/5.6.30
Www-authenticate:basic realm= "111.com user auth"
content-type:text/html; Charset=iso-8859-1
Description: The directory specified by "111.com" is freely accessible at this time, but when accessing the "123.php" file in the directory, an error is given: 401, that is, user authentication is required.

Access using the specified user name & password:

[Email protected] ~]# curl-x192.168.8.131:80-ucentos-01:123456 111.com/123.php
Welcom to 123file
Success!
Using browser detection:

Access "111.com":

Mark

Access "111.com/123.php":

Mark

Enter the specified user "centos-01" and password to access:

Mark

11.19-11.20 Domain Jump

Domain name jump classification and difference

Kinds:

301 means a permanent jump; 302 means a temporary jump.

Difference:

Use different effects
302 Jump is a temporary jump, the search engine will crawl new content and retain the old URL. Because the server returns 302 code, the search engine thinks the new URL is only temporary.
301 redirects are permanent redirects, and search engines also replace old URLs with redirected URLs while crawling new content.
SEO using different ways
In the search engine Optimization 302 jumps by many black Hat SEO optimization personnel pursue, to the website to carry on the malicious 302 to the non-user target visits the website, therefore the search engine for the website 302 jumps is usually relatively unfriendly, therefore must be cautious to use 302 jumps!
Seo

SEO (Search engine Optimization) search engine optimization, on the basis of understanding the natural ranking mechanism of the search engine, the site for internal and external adjustment optimization, improve the site in search engine keywords natural ranking, get more traffic, In order to achieve the website sales and brand construction of the expected target.

Domain Jump Configuration

Configure the virtual host configuration file: Httpd-vhosts.conf.
[[email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
...
<virtualhost : 80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
Serveralias www.example.com
<ifmodule mod_rewrite.c>
#需要mod_rewrite的支持
Rewriteengine on
#开启rewrite功能
Rewritecond%{http_host}!^111.com$
#Cond =condition, define rewrite condition: all non-111.com hostname (domain name)
Rewriterule ^/(.
) $ http://111.com/$1 [r=301,l]
#定义rewrite规则: When the above conditions are met, the current rule is executed, that is, jump to 111.com.
</ifmodule>
errorlog "Logs/111.com-error_log"
Customlog "Logs/111.com-access_log" Common
</ Virtualhost>
Check System configuration:
[[email protected] ~]#/usr/local/apache2.4/bin/apachectl-t
Syntax OK
[[ Email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful
[[email protected] ~]#/usr/local/ Apache2.4/bin/apachectl-m
here to check if Apache has loaded the rewrite module called in the virtual host configuration, and if not, you need to edit the Apache configuration file "httpd.conf":

[Email protected] ~]# vim/usr/local/apache2.4/conf/httpd.conf
......
LoadModule Rewrite_module modules/mod_rewrite.so
LoadModule Php5_module modules/libphp5.so
#LoadModule Php7_module modules/libphp7.so
That is, remove the comment symbol "#" and load the rewrite module.

Detection
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-t
Syntax OK
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-m |grep rewrite
Rewrite_module (Shared)
Using Curl Detection:

[Email protected] ~]# curl-x192.168.8.131:80 Www.example.com-I
http/1.1 301 Moved Permanently
Date:mon, 07:17:37 GMT
server:apache/2.4.27 (Unix) php/5.6.30
location:http://111.com/
content-type:text/html; Charset=iso-8859-1
At this time, the status code is 301, that is, set the domain name permanent jump!

When the browser detects, the access "www.example.com" jumps directly to "111.com".

11.21 Apache Access Log

Log file Location:

[Email protected] ~]# Ls/usr/local/apache2.4/logs
111.com-access_log Abc.com-access_log Access_log Httpd.pid
111.com-error_log Abc.com-error_log Error_log
Custom log Format

System comes with log format:

Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined
Logformat "%h%l%u%t \"%r\ "%>s%b" common
#h表示host来源IP, l means the login user, u represents the user password, T represents time, R indicates request (behavior), s indicates status code, B is byte size
#user-agent: User agent
#referer: Jumps to the previous URL at the current location (that is, the Web site that provides the current IP)
That is, there are two formats for combine and common, and common mode is used by default.

Configuration log Format

Edit the virtual host profile "httpd-vhosts.conf":

[Email protected] ~]# vim/usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<virtualhost :80>
DocumentRoot "/data/wwwroot/111.com"
ServerName 111.com
Serveralias www.example.com
<ifmodule mod_rewrite.c>
Rewriteengine on
Rewritecond%{http_host}!^111.com$
Rewriterule ^/(.
) $ http://111.com/$1 [r=301,l]
</IfModule>
Errorlog "Logs/111.com-error_log"
Customlog "Logs/111.com-access_log" combined
</VirtualHost>
Note: Change the original common behind the log file to combined.

Reload:

[Email protected] ~]#/usr/local/apache2.4/bin/apachectl-t
Syntax OK
[Email protected] ~]#/usr/local/apache2.4/bin/apachectl Graceful
Style:

[Email protected] ~]# Cat/usr/local/apache2.4/logs/111.com-access_log
Mark

Apache Virtual host opens PHP short tag

Add the following to the virtual host configuration file:

Php_admin_flag Short_open_tag on
Short label Action

If you do not open the short label, the server will not be able to parse the following form of PHP files:

<?
Phpinfo ()
?>
and can only parse:

<?php
Phpinfo ()
?>
This form of PHP file.

Apache user authentication, domain jump, access log format

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.