http的用户认证，域名跳转，访问日志

Posted 2020-11-09

httpd的用户认证

• 网站的特殊页面需要二级认证

• vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //编辑111.com虚拟主机

  <VirtualHost *:80>
  DocumentRoot "/data/wwwroot/111.com"
  ServerName 111.com
  <Directory /data/wwwroot/111.com> #//指定认证的目录
      AllowOverride AuthConfig #//这个相当于打开认证的开关
      AuthName "111.com user auth" #//自定义认证的名字，作用不大
      AuthType Basic #//认证的类型，一般为Basic，其他类型阿铭没用过
      AuthUserFile /data/.htpasswd  #//指定密码文件所在位置
      require valid-user #//指定需要认证的用户为全部可用用户
  </Directory>
  </VirtualHost>

• /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd aming //创建/data/.htpasswd密码文件，并加入用户aming，设置密码为MD5加密。

  [[email protected] ~]#  /usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd aming 
  New password: 
  Re-type new password: 
  Adding password for user aming
  [[email protected] ~]# cat /data/.htpasswd 
  aming:$apr1$IcrnKsgm$peDVR4iChx.0E9/zaD.HK.

• /usr/local/apache2.4/bin/apachectl -t
• /usr/local/apache2.4/bin/apachectl graceful

• 测试

  [[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com
  111.com[[email protected] ~]# curl -x127.0.0.1:80 111.com -I
  HTTP/1.1 401 Unauthorized   ##401表示这个页面需要用户认证
  Date: Mon, 31 Jul 2017 15:03:56 GMT
  Server: Apache/2.4.27 (Unix) php/7.1.6
  WWW-Authenticate: Basic realm="111.com user auth"
  Content-Type: text/html; charset=iso-8859-1
  [[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com
  111.com[[email protected] ~]# 

• 对单个文件进行认证

  <VirtualHost *:80>
  DocumentRoot "/data/wwwroot/www.123.com"
  ServerName www.123.com
  <FilesMatch admin.php>          #//对admin.php页面进行认证
      AllowOverride AuthConfig
      AuthName "123.com user auth"
      AuthType Basic
      AuthUserFile /data/.htpasswd
      require valid-user
  </FilesMatch>
  </VirtualHost>

[[email protected] ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[[email protected] ~]# /usr/local/apache2.4/bin/apachectl graceful
[[email protected] ~]# curl -x127.0.0.1:80 111.com/admin.php -I
HTTP/1.1 401 Unauthorized
Date: Mon, 31 Jul 2017 15:26:10 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[[email protected] ~]# curl -x127.0.0.1:80 -uaming:123456 111.com/admin.php
admin.php[[email protected] ~]# 

域名跳转

• 需求，把123.com域名跳转到www.123.com，配置如下：

  <VirtualHost *:80>
  DocumentRoot "/data/wwwroot/www.123.com"
  ServerName www.123.com
  ServerAlias 123.com
  <IfModule mod_rewrite.c> //需要mod_rewrite模块支持
      RewriteEngine on  //打开rewrite功能
      RewriteCond %{HTTP_HOST} !^www.123.com$  //定义rewrite的条件，主机名（域名）不是www.123.com满足条件
      RewriteRule ^/(.*)$ http://www.123.com/$1 [R=301,L] //定义rewrite规则，当满足上面的条件时，这条规则才会执行
  </IfModule>
  </VirtualHost> 

• /usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块，需要编辑配置文件httpd.conf，删除rewrite_module (shared) 前面的#
• 重新加载配置-t , graceful
• curl -x127.0.0.1:80 -I 123.com //状态码为301永久跳转，302临时跳转，401需要验证，404页面不存在，403未授权，

  apache访问日志记录用户的每一个请求

• vim /usr/local/apache2.4/conf/httpd.conf //搜索LogFormat

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common 
  默认是common,改为combined,h来源ip，u用户，t是时间，r行为，s是状态码，b是大小，Referer是进入当前页面得上一个页面得地址，User-Agent用户代理
  即用户使用的浏览器，curl命令等

• 把虚拟主机配置文件改成如下：

  <VirtualHost *:80>
  DocumentRoot "/data/wwwroot/www.123.com"
  ServerName www.123.com
  ServerAlias 123.com
  CustomLog "logs/123.com-access_log" combined
  </VirtualHost>

• 重新加载配置文件 -t,graceful
• curl -x127.0.0.1:80 -I 123.com
• tail /usr/local/apache2.4/logs/123.com-access_log

扩展

• apache虚拟主机开启php的短标签