Linux Environment compilation Apache+awstats analysis + Access restrictions

I. Install apache1.1 compile and install Apache Web Services

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_140843431723NF.png" height= "192"/ >

--prefix: Specifies that the HTTPD service is installed in that directory, such as/USR/LOCAL/HTTPD

--ENABLE-SO: Enable dynamic load module support, httpd with the ability to further expand functionality

--enable-rewrite: Start Page address rewriting function for website optimization and directory Migration maintenance

--enable-chatset-list: Launch character set support to support Web pages that are encoded using a variety of character sets

--ENABLE-CGI: Enable CGI scripting support for easy access to Web pages

1.2 Determining the installation Results

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_14084343175SaP.png" height= "247"/ >

Bin: Various execution Program files for HTTPD service, including main program httpd, Service Control tool APACHECTL, etc.

Cgi-bin: Store various CGI program files.

Htdocs: Store Web documents, including the default home page file index.html and so on.

Conf: A variety of configuration files that store httpd services, including the main profile httpd.conf, enhanced configuration subdirectory extra, and more.

Logs: Log file that holds the HTTPD service.

Modules: A variety of module files that store httpd services.

1.3 Optimizing Execution paths

By compiling the installed HTTPD service through source code, the program path is not in the default search path, so you can add symbolic links to related programs in order to make the service more convenient to use.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434317PMZt.png" height= "210"/ >

1.4 Adding HTTPD system services

If the system is added httpd to be managed by Chkconfig, a controllable service script will be created. You can copy the Apachectl script to/etc/init.d/httpd and add the chkconfig recognition configuration at the beginning of the file, and then add it as a standard Linux system service.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_14084343183vJj.png" height= "180"/ >

Service identification parameters, 35 for start in level 3,5, and 85,15 for start and close order, respectively

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://img1.51cto.com/attachment/201408/19/8809812_1408434318uqhZ.png" height= "245"/ >

1.5 Start the Service verification site is successful (because there is no DNS, so use IP address access)

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434318hp1G.png" height= "207"/ >

httpd.conf configuration file

ServerRoot: Sets the root directory of the httpd server, which includes subdirectories and files that are required to run the Web site. The default root directory is/USR/LOCAL/HTTPD, which is the same as the HTTPD installation directory. In the httpd.conf configuration file, if the specified directory or file location does not use an absolute path, the directory or file location is considered to be under the root directory of the server.

Listen: Set the network port number that the HTTPD server listens on, default is 80.

User: Sets the identity of users when running the httpd process, which defaults to daemon.

Group: Sets the identity of groups when running the httpd process, which defaults to daemon.

ServerAdmin: Set the Administrator e-mail address of the HTTPD server, you can contact the administrator of the Web site in time by this e-mail address.

ServerName: Sets the full host name (that is, FQDN) of the Web site.

DocumentRoot: Sets the root directory of the Web site, where the Web document actually stores the path in the system.

Directorylndex: Sets the default index page for the site (first page).

Errorlog: Sets the path to the error log file, and the default path is Log/error_log.

LogLevel: Sets the level of logging, with the default level of warn (warning).

Customlog: Sets the path to the access log file, the log type, the default path is Logs/access_log, and uses the type common common format.

Pidfile: Sets the (PID) file to hold the httpd process number, the default save address is Logs/httpd.pid, and the logs directory is located in the root directory of Apachectl.

Charsetdefault: Sets the default character encoding used by Web pages in the site, such as UTF-8, gb2312, and so on.

Lnclude: Contains the contents of another configuration file, you can implement some special features of the configuration into a separate file, the use of Lnclude configuration items to include it in httpd.conf, so that the ability to independently configure functionality without affecting the master configuration file.

Zone Configuration Items

<directory/>

Options followsymlinks control option that allows symbolic connections to be used

AllowOverride None does not allow overwrite configuration in the implicit control file

Order Deny,allow access control policy application sequence

Deny from all prohibits anyone from accessing this zone

</Directory>

Two. Website Access Statistics 2.1 installation Awstats

Unpack the Package

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434318sGyH.png" height= "262"/ >

Move the extracted directory

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434318ahVI.png" height= "247"/ >

2.2 Interactive Configuration

Enter the Awstats/tools directory, execute awstats_configure.pl, then enter an interactive configuration process, will check the Awstarts installation directory, httpd service configuration file path, logging format and other system environment, and prompts the user to specify the site name, setting the path to the configuration file.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "http://img1.51cto.com/attachment/201408/19/8809812_1408434318c3Gi.png" height= "231"/ >

The configuration script will find and identify the main configuration file for the HTTPD service to automatically add the relevant configuration content.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434319tdrp.png" height= "182"/ >

Set the access name for a site

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_14084343193GJ1.png" height= "165"/ >

Specify a data directory to hold the log

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434319C0eg.png" height= "125"/ >

Use the AWSTATS_UPDATEALL.PLL script provided by Awstats. You can update the log statistics for all sites (based on the site profile). When the script is executed, the new log content is automatically parsed and the results of the analysis are updated to the statistics database. Because the content of the Web log file is constantly updated, in order to timely feedback the site access, log analysis work needs to be performed regularly and automatically. You can set up scheduled tasks through the Crond service.

2.3 Making a Web file that accesses the AWB

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_140843431956nr.png" height= "272"/ >

The Awstats analysis system can be accessed by entering the AWB Web page file during the visit.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_14084343191IFs.png" height= "241"/ >

Three. Access control for HTTPD services

Access to the Awstats log Analysis system is not required to enter the password and anyone can access, if others know, this access address, will give the site's safety belts a great hidden danger.

This is where you can set IP address restrictions and access encryption settings

3.1 IP Address Restrictions

The configuration item order, deny from, allow from can be used to determine whether client access is run based on the host name or IP address of the client. Where order is used to set the throttling order, the Deny from and allow from are used to set the specific throttling content.

When you use the order configuration item, you can set it to "Allow,deny" or "Deny allow" to determine the order in which the host applies the Enable, deny policies.

Allow, deny: Deny after first, deny all client addresses that are not explicitly allowed by default.

Deny, allow: Deny once allowed, all client addresses that are not explicitly denied are allowed by default.

For example, allowing only 192.168.1.1 computers to access AWS

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434319r1BJ.png" height= "237"/ >

No permissions with 192.168.1.1 Access prompt

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434319vfBe.png" height= "242"/ >

3.2 User Authorization restrictions

Create a user authentication data file

HTTPD's Basic authentication verifies whether a user is allowed to access by verifying the user name and password combination. User accounts authorized for access need to be built and saved in a fixed data file. Using a dedicated HTPASSWD utility, you can create an authorized user data file and maintain the user account in it.

Create a Zhangsan user.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434320QDsD.png" height= "250"/ >

AuthName: Defines the protected realm name, which is displayed in the authentication dialog box that pops up in the browser.

AuthType: Sets the type of authentication, and basic represents the base certificate.

AuthUserFile: Set the authentication file path for saving user account and password.

Require Valid-user: Requires all users to be accessible if a user is set up that is accessible only to one user.

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_14084343205BPp.png" height= "242"/ >

650) this.width=650; "style=" border-bottom:0px;border-left:0px;border-top:0px;border-right:0px; "title=" image " Border= "0" alt= "image" Src= "Http://img1.51cto.com/attachment/201408/19/8809812_1408434320EbDG.png" height= "305"/ >

This article from "Plum blossom fragrance from bitter cold" blog, please be sure to keep this source http://wangjunkang.blog.51cto.com/8809812/1542081