Web website Service (ii)
Specific steps:
L Client Address restrictions
By configuring the item order, Deny from, let from, you can decide whether to allow client access based on the host name or IP address of the client. Where order is used to set the throttling order, the Deny from and allow from are used to set the specific throttling content.
When you use the order configuration item, you can set it to "Allow,deny" or "Deny,allow" to determine the order in which the host applies the Allow, deny policies.
? Allow , deny: allow after deny, deny all client addresses that are not explicitly allowed by default.
? Deny Allow : deny once allowed, all customers and addresses that are not explicitly denied are allowed by default.
When using the Allow and deny configuration items, you need to set the client address to form the complete throttling policy, in the form of an IP address, network address, host name, domain name, and any address using the name "all". The format of the throttling format policy is as follows:
Allow from Address1 address2 ...
Deny from Address1 address2 ...
Typically, the Web server is open to all clients, and there is no restriction on the document directory of the Web page, so a policy of "Allow by all" is used, which means that access from any client is allowed. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image002 "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrbtjhwxfaaakgmphye0943.jpg "244" height= "Notoginseng"/>
When you need to use the " allow only " throttling policy, you should change the processing order to "Allow,deny" and explicitly set the Allow policy to allow only a subset of host access. For example, if you only want a network administrator with IP address 173.16.16.173 to be able to access the Awstats system, the following settings should be set for the directory area of the Awstats system.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image004 "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrbxqrd42aaakbfjngxw226.jpg "" 244 "height="/>
When you need to use the " deny only " throttling policy, you should change the processing order to "Deny,allow" and explicitly set the Deny policy to disallow only a subset of host access. For example, if you only want to prohibit host access from two network segments 192.168.0.0/24 and 192.168.1.0/24, but allow any other host access, you can use the following throttling policy.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image006 "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrbxivy3vaaaksyjr4pe803.jpg "244" height= "Notoginseng"/>
• User Authorization Restrictions
The HTTPD server supports two ways of using Digest authentication (Digest) and Basic authentication. Using Digest authentication requires adding the "-enable-auth-digest" option before compiling httpd, but not all browsers support Digest authentication, while Basic authentication httpd the basic functionality of the service without the need for pre-configured special options.
User-based access control contains two procedures for authentication and authorization (authentication) refers to the process of identifying a user, and authorization (Authorization) is a process that allows a specific user to access a specific directory region.
1. Create a user authentication data file
HTTPD's Basic authentication verifies whether a user is allowed to access by verifying the user name and password combination. User accounts authorized for access need to be established in advance and stored in a fixed data file. Using a dedicated HTPASSWD tool, you can create authorized user data files and maintain user accounts in them.
When using the htpasswd tool, you must specify the location of the user data file, and the add "-C" option indicates that the file is newly created. For example, do the following to create a new data file,/usr/local/httpd/conf/.awspwd, that contains a user information named WebAdmin.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image008 "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrbbsnffpaaavrl786by178.jpg "" 244 "height="/>
Omitting the "-C" option indicates that the specified user data file already exists to add a new user or to modify the password of an existing user. For example, when you need to add a new user Pengjie to the. Awspwd data file, you can do the following:
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image010 "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M02/77/55/ Wkiol1zmriawf-dtaaatroqawpk235.jpg "" 244 "height="/>
2. Add user authorization configuration
With an authorized user account, you also need to modify the httpd.conf configuration file to add an authorization configuration to the specific directory area to enable Basic authentication and set which users are allowed access. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image012 "border=" 0 "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/M02/77/55/ Wkiol1zmries404xaaainru33ku057.jpg "244" height= "one"/>650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image014 "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M00/77/56/ Wkiom1zmrbjz0b4saaathhvi1qy023.jpg "" 244 "height="/>
In the above configuration, the meanings of the relevant configuration items are as follows:
? AuthName: defines the protected realm name, which is displayed in the authentication dialog box that pops up in the browser.
? AuthType : Set the type of authentication, basic indicates the base certificate
? AuthUserFile : Set the authentication file path for saving user account and password.
? require Valid-user : requires only legitimate users in the authentication file to access it. Where Valid-user indicates that all legitimate users, if only authorized to a single user, can be changed to the specified user name.
3. Verifying user access rights
Login interface for Basic authentication. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image015 "border=" 0 "alt=" clip_image015 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrbih1giqaabangzrgbg309.png "" 244 "height="/>
Access is denied when authentication fails. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image017 "border=" 0 "alt=" clip_image017 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrbnq6sonaaa1iqgd8_8440.jpg "" 244 "height="/>
L Domain-based virtual host
1. provide domain name resolution for virtual hosting
Build a DNS server.
2. Prepare the Web document for the virtual host
Create two subdirectories in the/var/www/html/directory, respectively, as the site root of the two sites, and write the test page files separately. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image019 "border=" 0 "alt=" clip_image019 "src=" http://s3.51cto.com/wyfs02/M01/77/55/ Wkiol1zmriqtop9gaaaq9j1hcks047.jpg "" 244 "height="/>
3. Add a virtual host configuration
In the main configuration file of the HTTPD server, to enable domain-based virtual web hosts, you typically need to configure several aspects of the content.
? Listening Address: Use the Namevirtualhost configuration item to specify the IP address that provides the virtual host service, which is the IP address of each virtual Web host when the domain name is queried.
? Virtual Host Area: Use the <virtualhost Listener address >......</VirtualHost> zone configuration to establish separate configuration content for each virtual Web host. This should include at least the Web site name of the virtual host, the configuration items of the root of the Web page, and other configuration items such as managing mailboxes, access logs, etc., which can be added according to actual needs.
? Directory Permissions: use the <directory directory location >......</Directory> zone configuration to set access permissions for each virtual Web host's site directory, such as allowing anyone access. Directory party access can inherit the permissions of its parent directory, so you can simplify the configuration by taking a method that directly grants access to the parent folder.
When the number of virtual web hosts is large, it is recommended that you use a separate virtual host configuration file and then load these configurations through include in the httpd.conf file. This minimizes changes to the httpd.conf file and facilitates the maintenance of the configuration content.
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image021 "border=" 0 "alt=" clip_image021 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrbramma_aaajrsuvup0625.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image023 "border=" 0 "alt=" clip_image023 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrbvzc4fcaaanhkbjciw237.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image025 "border=" 0 "alt=" clip_image025 "src=" http://s3.51cto.com/wyfs02/M02/77/55/ WKioL1Zmriyzmjc-aaaaodwcnaa244.jpg "" 244 "height="/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image012[1] "border=" 0 "alt=" clip_image012[1] "src=" http://s3.51cto.com/wyfs02/M00/77 /56/wkiom1zmrbybgxp0aaainru33ku848.jpg "244" height= "one"/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image027 "border=" 0 "alt=" clip_image027 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrb2yiwgjaaajjpffj7i580.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image029 "border=" 0 "alt=" clip_image029 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrb2ck9zraaajtvozhwm316.jpg "" 244 "height="/>
4. Accessing the virtual Web host in the client
In the client's browser, use the site name to access different virtual web hosts, confirming that you can see different page content. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image031 "border=" 0 "alt=" clip_image031 "src=" http://s3.51cto.com/wyfs02/M01/77/55/ Wkiol1zmri6sxffcaaanblgigdw450.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image033 "border=" 0 "alt=" clip_image033 "src=" http://s3.51cto.com/wyfs02/M00/77/55/ Wkiol1zmri_jnn4haaanjkacjok946.jpg "" 244 "height="/>
L IP address-based virtual host
When you configure a virtual Web host that is based on an IP address, the Namevirtualhost configuration item is no longer used to specify the IP address of the listening service, as long as the IP address of the respective domain name is specified in the VirtualHost configuration of each virtual Web host.
Specific steps:
1. Prepare Web page documents for the virtual host
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image035 "border=" 0 "alt=" clip_image035 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrb-cnkccaaamiiiewtq592.jpg "" 244 "height="/>
2. Edit the configuration file
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image021[1] "border=" 0 "alt=" clip_image021[1] "src=" http://s3.51cto.com/wyfs02/M01/77 /55/wkiol1zmrjch_3tlaaajrsuvup0175.jpg "" 244 "height="/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image037 "border=" 0 "alt=" clip_image037 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ Wkiom1zmrcdtwt4jaaaj5cnoeri964.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image039 "border=" 0 "alt=" clip_image039 "src=" http://s3.51cto.com/wyfs02/M00/77/56/ Wkiom1zmrcgqwhxwaaaqtrh_y9g601.jpg "244" height= "WU"/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image012[2] "border=" 0 "alt=" clip_image012[2] "src=" http://s3.51cto.com/wyfs02/M02/77 /55/wkiol1zmrjhbby7qaaainru33ku946.jpg "" 244 "height=" one "/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image027[1] "border=" 0 "alt=" clip_image027[1] "src=" http://s3.51cto.com/wyfs02/M00/77 /56/wkiom1zmrchcmt2taaajjpffj7i097.jpg "" 244 "height="/>
L Port-based virtual host
When you configure a port-based virtual host web host, you no longer need to use the Namevirtualhost configuration item. Instead, you specify the TCP port number to listen on by multiple listen configuration items, and the IP address and port number should be specified in the VirtualHost configuration for each virtual Web host.
Specific steps:
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image041 "border=" 0 "alt=" clip_image041 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrckipbqxaaahwrxswnw389.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image043 "border=" 0 "alt=" clip_image043 "src=" http://s3.51cto.com/wyfs02/M00/77/55/ Wkiol1zmrjlqkktiaaaik_sihn0169.jpg "244" height= "/>650" this.width=650; "style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image045 "border=" 0 "alt=" clip_image045 "src=" http://s3.51cto.com/wyfs02/M02/77/56/ WKiom1Zmrcptxx3-aaaqwgzibro755.jpg "" 244 "height="/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image012[3] "border=" 0 "alt=" clip_image012[3] "src=" http://s3.51cto.com/wyfs02/M02/77 /55/wkiol1zmrjpql7braaainru33ku958.jpg "" 244 "height=" one "/>
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image047 "border=" 0 "alt=" clip_image047 "src=" http://s3.51cto.com/wyfs02/M00/77/56/ Wkiom1zmrctbagneaaaond1m8mk621.jpg "" 244 "height="/>
Access on the client, plus the port number after the domain name. :
650) this.width=650; "Style=" background-image:none; border-bottom:0px; border-left:0px; margin:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image049 "border=" 0 "alt=" clip_image049 "src=" http://s3.51cto.com/wyfs02/M00/77/56/ Wkiom1zmrctqhp1daaae1c2nxbu093.jpg "" 244 "height=" 127 "/>650) this.width=650;" Style= "background-image:none; border-bottom:0px; border-left:0px; padding-left:0px; padding-right:0px; border-top:0px; border-right:0px; padding-top:0px "title=" clip_image051 "border=" 0 "alt=" clip_image051 "src=" http://s3.51cto.com/wyfs02/M01/77/56/ Wkiom1zmrcxjfmfraaaezd6oxus289.jpg "" 244 "height=" 127 "/>
Web site Services (ii)