Apache Web Page and Security Optimization Guide

1. Apache webpage optimization
Overview of Apache web optimization

        In an enterprise, only the default configuration parameters are used after Apache is deployed, which will cause many problems for the website. In other words, the default configuration is for the previous low server configuration, and the previous configuration is no longer suitable for the current Internet era.

Simple Application Server
USD1.00 New User Coupon
* Only 3,000 coupons available.
* Each new user can only get one coupon(except users from distributors).
* The coupon is valid for 30 days from the date of receipt. 

      In order to meet the needs of enterprises, it is necessary to consider how to improve the performance and stability of Apache. This is the content of Apache optimization.

Optimize content

1. Configure web page compression
2. Configure web cache
3. Selection of working mode and parameter optimization
4. Configure the hidden version number
5. Configure anti-theft chain

1.1 Web page compression

1.1.1 Introduction to gzip
Configure Apache's web page compression function to use gzip compression algorithm to compress the web page content and then transmit it to the client browser
effect
1. Reduce the number of bytes transmitted over the network and speed up the loading of web pages
2. Save traffic and improve users' browsing experience
3. gzip has a better relationship with the crawling tools of search engines
1.1.2, Apache's compression module
Compression module overview
        The Apache 1.x series does not have built-in web page compression technology, and uses an additional third-party mod gzip module to perform compression. When Apache 2.x was officially developed, web page compression was taken into consideration, and the module mod deflate was built in to replace mod-gzip. Both of them use the gzip compression algorithm, and their operating principles are similar. . The compression speed of mod deflate is slightly faster and the compression ratio of mod gzip is slightly higher. Generally, by default, mod gzip will compress 4%~6% more than mod deflate.
        Generally speaking, mod gzip occupies more server CPU. mod deflate is a compression module used specifically to ensure the performance of the server. moddeflate requires less resources to compress files. This means that on high-traffic servers, using mod deflate may load faster than mod gzip.

        In short, if the website has a small number of visits and you want to speed up the loading speed of the webpage, use mod gzip. Although it will consume some additional server resources, it is also worthwhile. If the website has a lot of visits, a shared virtual host is used, and the allocated system resources are limited, then mod deflate will be a better choice.

        In addition, starting from Apache 2.0.45, the mod deflate module can use the DeflateCompressionLevel directive to set the compression level. The value of this command can be an integer between 1 and (the fastest compression speed, the lowest compression quality) 9 (the slowest compression speed, the highest compression rate), and its default value is 6 (compression speed and compression quality are more balanced Value) This simple change makes mod deflate easily comparable to mod-gzip compression.

Apache's functional modules for web page compression include
1. Mod_gzip module
2. Mod_deflate module
Apache 1.x
There is no built-in web compression technology, but the third-party mod_gzip module can be used to perform compression
Apache 2.x
During development, the module mod_deflate is built in to replace mod gzip
mod_gzip module and mod_deflate module
1. Both use the gzip compression algorithm and the principle of operation is similar
2. The compression speed of mod_deflate is slightly faster, while the compression ratio of mod_gzip is slightly higher
3. Mod_gzip occupies more server CPU
4. For high-traffic servers, using mod_deflate may load faster than mod_gzip
1.1.3, Apache's compression experiment
First of all, we must first ensure that the HTTP service has been installed and surely configured. For details, please see my previous blog
https://blog.csdn.net/m0_46563938/article/details/108321606 This is the blog address, welcome to watch.

Turn off the HTTP service before installing the compression module

[root@localhost httpd-2.4.29]# systemctl stop httpd
[root@localhost httpd-2.4.29]# yum -y install zlib-devel ##Be sure to install this, otherwise an error will be reported or the compression module cannot be installed

Now install the compression module

[root@localhost httpd-2.4.29]#
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-cgid \
--enable-deflate ##This is the compression module
-------------------------------------
prefix: Specify the directory under which the httpd service program is installed, such as /usr/local/httpd
--enable-so: enable dynamic loading module support, so that httpd has the ability to further expand its functions.
--enable-rewrite: Enable web address rewriting function for website optimization and catalog migration maintenance.
--enable-charset-lite: enable character set support to support the use of various character set encoding network
--enable-cgi: Enable CGI script program support, which is convenient for expanding the application access capability of the website.

Compile after installation

[root@localhost httpd-2.4.29]# make && make install
[root@localhost httpd-2.4.29]# systemctl restart httpd ## Start http service

After compiling and installing, the mod deflate module needs to be enabled in the httpd.conf file to take effect.

[root@localhost httpd-2.4.29]# vi /usr/local/httpd/conf/httpd.conf ##Add the following code
LoadModule deflate_module modules/mod_deflate.so
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript image/png image/jpg
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
The first line represents what kind of content is enabled for gzip compression,
The second line represents the compression level
The third line represents enabling the deflate module to gzip the output of this site.
==>> wq save

Do test page now

## Put local pictures in xshell or other software in /usr/local/httpd/htdocs
[root@localhost httpd-2.4.29]# vi /usr/local/httpd/htdocs/index.html
<html>
<head>
<title>--Compression test page--</title>
</head>
<body>
<h1>This is the content of the compressed page</h1>
<img src=b.jpg /> ## b.jpg is the name of the picture
</body>
</html>

Verification experiment
Enter 20.0.0.26 on the web page, check the display successfully!

Insert picture description here

1.2. Web page caching
1.2.1 Overview of web page caching
        Web page caching is to cache a part of the page that often does not change and rarely changes, the next time the browser visits these again
There is no need to download these pages again when it comes to pages, which improves the user's access speed.
        Apache's mod expires module will automatically generate the Expres tag and Cache-Control in the page header information
Tag, the client browser decides based on the tag that the next visit is to get the page in the cache of the local machine, without the need to
Send the request again, thereby reducing the frequency and number of visits by the client, achieving the purpose of reducing unnecessary traffic and increasing the access speed.

1.2.2, configure the cache time of the webpage
Configure Apache through the mod_expire module, so that web pages can be cached in the client browser for a period of time to avoid repeated requests
After the mod_expire module is enabled, the Expires tag and the Cache-Control tag in the page header information will be automatically generated, thereby reducing the frequency and frequency of client access, achieving the purpose of reducing unnecessary traffic and increasing access speed
Check whether the mod_expire module is installed
1. /usr/local/apache/bin/apachectl -t-D DUMP_MODULES
2. If there is no expires_module (static) in the output, it means that mod_expires was not installed during compilation
If not installed, you need to recompile and install
1. ./configure --enable-expires...
2. make && make install
Modify the httpd.conf configuration file
1. Enable the mod_expires module, and set the document in any format under the http protocol to expire after 60 seconds

<lfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 60 seconds"
</lfModule>

Restart httpd service
Restart the Apache service, and then use the browser to visit the test website
In the browser, select "View Elements" and you can see the "Expires" item indicates that the cache is in effect
1.2.3, configure web page cache time experiment
Turn off the HTTP service first

[root@localhost httpd-2.4.29]# systemctl stop httpd

Install the cache time module

[root@localhost opt]# cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-cgid \
--enable-deflate \
--enable-expires

Compile now

[root@localhost httpd-2.4.29]# make && make install

[root@localhost httpd-2.4.29]# vi /usr/local/httpd/conf/httpd.conf
LoadModule expires_module modules/mod_expires.so ## Remove the # in front, and then insert it below
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 60 seconds"
</IfModule>
==>> wq save

Check httpd.conf syntax and start the service

[root@localhost httpd-2.4.29]# httpd -t
Syntax OK
[root@localhost httpd-2.4.29]# systemctl restart httpd ##Start http service

Use wireshaerk to capture packets now to see if the transmission is cached
Insert picture description here