LAMP ---Apache用户认证、域名跳转、Apache访问日志介绍······
2018-06-29 01:01
666 查看
Apache用户认证(针对目录)
这个功能就是在用户访问网站的时候,需要输入用户密码才能顺利访问。一些比较重要的站点或者网站后台通常会加上用户认证,目的是保证安全。1.虚拟主机的配置文件:
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 编辑配置文件更改111.com的虚拟主机认证内容如下:
<VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.example.com <Directory /data/wwwroot/111.com> AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </Directory> ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common </VirtualHost>
注释:
<Directory /data/wwwroot/111.com> //指定认证的目录 AllowOverride AuthConfig //这个相当于打开认证的开关 AuthName "111.com user auth" //自定义认证的名字,作用不大 AuthType Basic //认证的类型,一般为Basic,其他类型阿铭没用过 AuthUserFile /data/.htpasswd //指定密码文件所在位置 require valid-user //指定需要认证的用户为全部可用用户 </Directory>
2.Apache自带命令htpasswd创建密码文件
[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd -c -m /data/.htpasswd guo New password: //新建密码 Re-type new password: //再次输入密码 Adding password for user guo [root@xuexi-001 ~]# ls /data/.htpasswd //查看创建密码文件 /data/.htpasswd [root@xuexi-001 ~]# cat /data/.htpasswd //查看生成用户密码 guo:$apr1$9HwvE/Zz$65C8zBbv0d3lViWpCpq2U/
再创建一个用户并生成密码文件
[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd -c -m /data/.htpasswd laoshi New password: Re-type new password: Adding password for user laoshi [root@xuexi-001 ~]# ls /data/.htpasswd /data/.htpasswd [root@xuexi-001 ~]# cat /data/.htpasswd laoshi:$apr1$xwJc0bq2$dRFFgywsDVUmP6Bf5bkXd1
备注:
需要注意的是,再次生成用户密码文件的时候不用加-c 如果加上-c 会将之前生成的密码文件 .htpasswd 覆盖
[root@xuexi-001 ~]# /usr/local/apache2/bin/htpasswd -m /data/.htpasswd guo New password: Re-type new password: Adding password for user guo [root@xuexi-001 ~]# ls /data/.htpasswd /data/.htpasswd [root@xuexi-001 ~]# cat /data/.htpasswd laoshi:$apr1$xwJc0bq2$dRFFgywsDVUmP6Bf5bkXd1 guo:$apr1$CnZW7fTB$IewDNgxjxk.EhQcTai5Lz0
说明:
-c:是创建;
-m:是指定md5加密类型;
指定用户为xie(PS:如果再次新增用户,就不需要再加-c ,因为已经创建过密码文件了);
3.测试语法和加载配置文件
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -tSyntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
4.测试配置是否成功
[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
访问111.com,出现401状态码,说明访问的这个域名需要用户认证。
在本地windows系统里做hosts解析111.com ,C:\Windows\System32\drivers\etc,格式:192.168.5.130 111.com
定义完本地hosts后,用浏览器访问111.com网站时就会出现用户认证,用户密码就是刚才增加的用户和设置的密码
5.使用curl -x输入用户名密码访问
[root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111 111.com -I HTTP/1.1 200 OK Date: Wed, 27 Jun 2018 15:35:24 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8
说明:状态码变成200了,就是正常的,-u的作用是指定用户和密码。 -I 只显示请求头的信息
6.还可以针对单个文件进行认证(针对文件)
修改虚拟主机配置文件[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.example.com <FilesMatch 123.php> AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch> ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common </VirtualHost> [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
<VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.example.com <FilesMatch 123.php> //这里改为制定为文件,对123.php 文件做限制 AllowOverride AuthConfig AuthName "111.com user auth" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </FilesMatch> ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common </VirtualHost>
在111.com目录下编辑创建测试文件123.php
[root@xuexi-001 ~]# vi /data/wwwroot/111.com/123.php <?php echo"123.php"; ?> [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
用curl -x访问:
[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com -I //不用-u加用户和密码了,也可以访问,出现200状态码 HTTP/1.1 200 OK Date: Wed, 27 Jun 2018 16:03:00 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/123.php -I //但是访问文件123.php时就出现401了,说明需要用户认证了 HTTP/1.1 401 Unauthorized Date: Wed, 27 Jun 2018 16:04:40 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 WWW-Authenticate: Basic realm="111.com user auth" Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111 111.com/123.php -I //只有用-u加用户和密码才能正常访问123.php。 HTTP/1.1 200 OK Date: Wed, 27 Jun 2018 16:05:34 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# curl -x192.168.5.130:80 -u guo:111111 111.com/123.php 123.php[root@xuexi-001 ~]# //使用用户验证后查看文件内容
域名跳转
域名跳转的作用有两点:
1.如果某个域名不再使用了,但是搜索引擎还留着之前的老域名的链接,这意味着用户可能会搜到我们的网站并且点击老的域名,固需要把老域名做个跳转跳到新域名,这样用户搜的时候,也可以访问网站。2.一个站点有多个域名会对SEO的排名有影响,如果把多个域名全部跳转到一个指定的域名,这样以这个域名为中心,就可以把权重集中在这个域名上,并给定义一个状态码为301,301叫作永久重定向。
需求,把非111.com域名跳转到111.com。
1.编辑虚拟主机配置文件
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf2.修改增加如下内容:
<VirtualHost *:80> DocumentRoot "/data/wwwroot/111.com" ServerName 111.com ServerAlias www.example.com aabbcc.com <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_HOST} !^111.com$ RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] </IfModule> </VirtualHost>
<IfModule mod_rewrite.c> //需要mod_rewrite模块支持 RewriteEngine on //打开rewrite功能 RewriteCond %{HTTP_HOST} !^111.com$ //定义rewrite的条件,主机名(域名)不是111.com满足条件 RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L] //定义rewrite规则,当满足上面的条件时,这条规则才会执行 </IfModule>
3.检测语法及重新加载配置:
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -tSyntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
4.检测apache是否加载了rewrite模块:
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -M|grep -i rewrite //若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的# [root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf #LoadModule rewrite_module modules/mod_rewrite.so //进入配置文件,搜索rewrite,把前面#去掉 LoadModule rewrite_module modules/mod_rewrite.so
5.检测语法及重新加载配置,查看加载模块:
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -tSyntax OK
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
6.测试
[root@xuexi-001 ~]# curl -x192.168.5.130:80 www.example.com -I HTTP/1.1 301 Moved Permanently Date: Wed, 27 Jun 2018 16:55:09 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Location: http://111.com/ Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# curl -x192.168.5.130:80 aabbcc.com -I HTTP/1.1 301 Moved Permanently Date: Wed, 27 Jun 2018 16:55:19 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Location: http://111.com/ Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# curl -x192.168.5.130:80 www.123456.com -I HTTP/1.1 200 OK Date: Wed, 27 Jun 2018 16:57:00 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/asd/123/345 -I HTTP/1.1 404 Not Found Date: Wed, 27 Jun 2018 16:57:36 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf Require all granted 改为 Require all denied [root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful [root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/asd/123/345 -I HTTP/1.1 403 Forbidden Date: Wed, 27 Jun 2018 17:05:20 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Content-Type: text/html; charset=iso-8859-1
说明:
-I 不显示访问内容,只看状态码
404 这个页面不存在
301 永久跳转
401 用户密码验证,密码验证不对就401,验证对了就200
403 把granted改成denied就会403
Apache访问日志
访问日志的作用很大,不仅可以记录网站的访问日志,还可以在网站有异常发生时帮助我们定位问题,比如有***时,是可以通过查看日志看到一些规律的.日志记录了很多系统的信息,通过读日志,可以找到系统问题的原因。而日志有不同的格式,分为common和combined,combined可以记录更多的信息。1.查看默认配置文件日志
[root@xuexi-001 ~]# ls /usr/local/apache2/logs/ 111.com-access_log abc.com-access_log access_log 111.com-error_log abc.com-error_log error_log [root@xuexi-001 ~]# ls /usr/local/apache2/logs/111.com-access_log /usr/local/apache2/logs/111.com-access_log [root@xuexi-001 ~]# cat /usr/local/apache2/logs/111.com-access_log 192.168.5.130 - - [27/Jun/2018:22:39:20 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7 192.168.5.130 - - [27/Jun/2018:22:40:40 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 192.168.5.130 - - [27/Jun/2018:22:40:50 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 192.168.5.130 - - [27/Jun/2018:22:41:21 +0800] "GET HTTP://www.example.com/ HTTP/1.1" 200 7 192.168.5.130 - - [27/Jun/2018:23:27:11 +0800] "GET HTTP://111.com/ HTTP/1.1" 401 381 192.168.5.1 - - [27/Jun/2018:23:29:43 +0800] "GET /favicon.ico HTTP/1.1" 401 381 192.168.5.1 - - [27/Jun/2018:23:29:44 +0800] "GET / HTTP/1.1" 401 381 192.168.5.1 - - [27/Jun/2018:23:29:45 +0800] "GET / HTTP/1.1" 401 381 192.168.5.1 - guo [27/Jun/2018:23:29:55 +0800] "GET / HTTP/1.1" 200 7 192.168.5.1 - guo [27/Jun/2018:23:29:55 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.5.1 - - [27/Jun/2018:23:30:08 +0800] "GET / HTTP/1.1" 401 381 192.168.5.1 - - [27/Jun/2018:23:31:22 +0800] "GET /favicon.ico HTTP/1.1" 401 381 192.168.5.130 - guo [27/Jun/2018:23:33:18 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 192.168.5.130 - guo [27/Jun/2018:23:33:33 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 192.168.5.130 - guo [27/Jun/2018:23:35:05 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - 192.168.5.130 - guo [27/Jun/2018:23:35:24 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - 192.168.5.130 - guo [27/Jun/2018:23:41:32 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 7 192.168.5.130 - guo [27/Jun/2018:23:41:38 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - 192.168.5.130 - - [28/Jun/2018:00:03:00 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - 192.168.5.130 - - [28/Jun/2018:00:04:40 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 401 - 192.168.5.130 - guo [28/Jun/2018:00:05:34 +0800] "HEAD HTTP://111.com/123.php HTTP/1.1" 200 - 192.168.5.130 - guo [28/Jun/2018:00:06:16 +0800] "GET HTTP://111.com/123.php HTTP/1.1" 200 7 127.0.0.1 - - [28/Jun/2018:00:46:52 +0800] "HEAD http://111.com/adfjadfa/adfdafadfaf HTTP/1.1" 404 - 192.168.5.130 - - [28/Jun/2018:00:49:20 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 - 192.168.5.1 - - [28/Jun/2018:00:50:49 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.5.1 - - [28/Jun/2018:00:50:52 +0800] "GET / HTTP/1.1" 200 7 192.168.5.1 - - [28/Jun/2018:00:50:52 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.5.1 - - [28/Jun/2018:00:51:04 +0800] "GET /1.php HTTP/1.1" 404 203 192.168.5.1 - - [28/Jun/2018:00:51:04 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.5.1 - - [28/Jun/2018:00:51:22 +0800] "GET /123.php HTTP/1.1" 200 7 192.168.5.1 - - [28/Jun/2018:00:51:22 +0800] "GET /favicon.ico HTTP/1.1" 404 209 192.168.5.130 - - [28/Jun/2018:00:53:27 +0800] "HEAD HTTP://111.com/ HTTP/1.1" 200 - 192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 - 192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 - 192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 -
2.介绍日志配置文件格式
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf LogLevel warn <IfModule log_config_module> # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule>
访问日志记录用户的每一个请求说明如下:
%h:为访问网站的IP;
%l:为访问远程登录名,这个字段基本上为"-";
%u:为用户名,当使用用户认证时,这个字段为认证的用户名;
%t:为时间;
%r:为请求的动作(比如用ctrl-I是就为HEADE);
%s:为请求的状态,写成%>s为最后的状态码;
%b:为传输数据大小;
%{Referer}i:为referer信息(请求本次地址上一次的地址就为referer,比如在百度中搜索阿铭linux,然后通过百度的搜索结果页面点击然后到了阿名的论坛,那访问阿铭的论坛的这次请求的referer就是baidu,当然那个地址肯定是很长的);
%{User-Agent}i:为浏览器标识,比如你用Firefox或者Chrome浏览器,则该字段显示内容不一样,是带有浏览器的标识的。
3.定义虚拟主机配置文本日志格式:
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 把common日志格式格式改成combined日志格式,示例如下: ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" combined
4.测试语法及重新加载配置
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
5.做几个操作命令后查看日志
iptables -I INPUT -p tcp --dport 80 -j ACCEPT // 临时打开80端口[root@xuexi-001 ~]# curl -x 192.168.5.130:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Thu, 28 Jun 2018 15:08:27 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# curl -x 192.168.5.130:80 http://111.com/123.php -I HTTP/1.1 200 OK Date: Thu, 28 Jun 2018 15:08:47 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# tail /usr/local/apache2/logs/111.com-access_log 192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0"
访问日志不记录静态文件
网站大多元素为静态文件,如图片、css、js等,这些元素可以不用记录将一下内容拷贝至虚拟主机配置文件 /usr/local/apache2/conf/extra/httpd-vhosts.conf
SetEnvIf Request_URI ".*.gif$" img
SetEnvIf Request_URI ".*.jpg$" img
SetEnvIf Request_URI ".*.png$" img
SetEnvIf Request_URI ".*.bmp$" img
SetEnvIf Request_URI ".*.swf$" img
SetEnvIf Request_URI ".*.js$" img
SetEnvIf Request_URI ".*.css$" img
CustomLog "logs/123.com-access_log" combined env=!img
1.修改配置文件
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf ErrorLog "logs/111.com-error_log" SetEnvIf Request_URI ".*\.gif$" img SetEnvIf Request_URI ".*\.jpg$" img SetEnvIf Request_URI ".*\.png$" img SetEnvIf Request_URI ".*\.bmp$" img SetEnvIf Request_URI ".*\.swf$" img SetEnvIf Request_URI ".*\.js$" img SetEnvIf Request_URI ".*\.css$" img CustomLog "logs/111.com-access_log" combined env=!img
2.测试语法及重新加载配置
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.测试记录日志文件,访问后缀jpg、gif、png、bmp、swf、js、css的文件不被记录,后缀为jpg1等不包括以上后缀名的会被记录
[root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.jpg1 -I HTTP/1.1 404 Not Found Date: Thu, 28 Jun 2018 15:45:29 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# tail /usr/local/apache2/logs/111.com-access_log 192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 - 192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 - 192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 - comdined comdined 192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 192.168.5.130 - - [28/Jun/2018:23:45:29 +0800] "HEAD HTTP://111.com/123.jpg1 HTTP/1.1" 404 - "-" "curl/7.29.0"
[root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.jpg -I HTTP/1.1 404 Not Found Date: Thu, 28 Jun 2018 15:47:30 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Content-Type: text/html; charset=iso-8859-1 [root@xuexi-001 ~]# tail /usr/local/apache2/logs/111.com-access_log 192.168.5.130 - - [28/Jun/2018:00:55:09 +0800] "HEAD HTTP://www.example.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:55:19 +0800] "HEAD HTTP://aabbcc.com/ HTTP/1.1" 301 - 192.168.5.130 - - [28/Jun/2018:00:57:36 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 - 192.168.5.130 - - [28/Jun/2018:01:05:20 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 403 - 192.168.5.130 - - [28/Jun/2018:01:06:07 +0800] "HEAD HTTP://111.com/asd/123/345 HTTP/1.1" 404 - comdined comdined 192.168.5.130 - - [28/Jun/2018:23:08:27 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 192.168.5.130 - - [28/Jun/2018:23:08:47 +0800] "HEAD http://111.com/123.php HTTP/1.1" 200 - "-" "curl/7.29.0" 192.168.5.130 - - [28/Jun/2018:23:45:29 +0800] "HEAD HTTP://111.com/123.jpg1 HTTP/1.1" 404 - "-" "curl/7.29.0"
访问日志切割
日志一直记录总有一天会把整个磁盘占满,所以有必要让它自动切割,并删除老的日志文件把虚拟主机配置文件改成如下:
<VirtualHost *:80> DocumentRoot "/data/wwwroot/www.123.com" ServerName www.123.com ServerAlias 123.com SetEnvIf Request_URI ".*\.gif$" img SetEnvIf Request_URI ".*\.jpg$" img SetEnvIf Request_URI ".*\.png$" img SetEnvIf Request_URI ".*\.bmp$" img SetEnvIf Request_URI ".*\.swf$" img SetEnvIf Request_URI ".*\.js$" img SetEnvIf Request_URI ".*\.css$" img CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/123.com-access_%Y%m%d.log 86400" combined env=!img </VirtualHost>
重新加载配置文件 -t, graceful
ls /usr/local/apache2.4/logs
1.修改配置文件
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf 修改 CustomLog "logs/111.com-access_log" combined env=!img 修改完后: CustomLog "|/usr/local/apache2/bin/rotatelogs -l logs/111.com-access_%Y%m%d.log 86400" combined env=!img
说明:
|/usr/local/apache2/bin/rotatelogs // Apache 专门进行日志切割的工具
-l // 指定按照CST 当前时间为基准,如果不指定按照UTC 美国时间
111.com-access_%Y%m%d.log // 按照时间记录 %Y%m%d 年月日命名
86400 // 按天生成 指定每天换算成秒 为86400 秒
2.测试语法及重新加载配置
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.先进行访问,才会记录文件。测试
[root@xuexi-001 ~]# ls /usr/local/apache2/logs/ 111.com-access_log abc.com-access_log access_log httpd.pid 111.com-error_log abc.com-error_log error_log ···目前还没有生成新的文件 访问: [root@xuexi-001 ~]# curl -x 192.168.5.130:80 111.com/123.php -I HTTP/1.1 200 OK Date: Thu, 28 Jun 2018 16:18:05 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 X-Powered-By: PHP/5.6.36 Content-Type: text/html; charset=UTF-8 [root@xuexi-001 ~]# ls /usr/local/apache2/logs/ 111.com-access_20180629.log 111.com-error_log abc.com-error_log error_log 111.com-access_log abc.com-access_log access_log httpd.pid
备注:
此时,需要做一个任务计划,将超过多久的日志文件进行删除。
静态元素过期时间
浏览器访问网站的图片时会把静态的文件缓存在本地电脑里,这样下次再访问时就不用去远程下载了增加配置
<IfModule mod_expires.c> ExpiresActive on //打开该功能的开关 ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hour" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>
需要expires_module
curl测试,看cache-control: max-age
1.修改配置文件
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/extra/httpd-vhosts.conf <IfModule mod_expires.c> ExpiresActive on ExpiresByType image/gif "access plus 1 days" ExpiresByType image/jpeg "access plus 24 hours" ExpiresByType image/png "access plus 24 hours" ExpiresByType text/css "now plus 2 hour" ExpiresByType application/x-javascript "now plus 2 hours" ExpiresByType application/javascript "now plus 2 hours" ExpiresByType application/x-shockwave-flash "now plus 2 hours" ExpiresDefault "now plus 0 min" </IfModule>
说明:打开mod_expires.c 过期时间模块
[root@xuexi-001 ~]# vi /usr/local/apache2/conf/httpd.conf #LoadModule expires_module modules/mod_expires.so // 将上面这一行中的#去掉修改为: LoadModule expires_module modules/mod_expires.so [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -M |grep expir expires_module (shared)
2.测试语法及重新加载配置
[root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl -t Syntax OK [root@xuexi-001 ~]# /usr/local/apache2/bin/apachectl graceful
3.网页测试
4.命令行下测试
[root@xuexi-001 ~]# curl -x192.168.5.130:80 111.com/baidu.jpg -I HTTP/1.1 200 OK Date: Thu, 28 Jun 2018 16:52:16 GMT Server: Apache/2.4.33 (Unix) PHP/5.6.36 Last-Modified: Thu, 28 Jun 2018 16:33:20 GMT ETag: "30ed-56fb64a095b87" Accept-Ranges: bytes Content-Length: 12525 Cache-Control: max-age=86400 Expires: Fri, 29 Jun 2018 16:52:16 GMT Content-Type: image/jpeg
相关文章推荐
- linux的Apache用户认证、域名跳转、Apache访问日志介绍
- Apache用户认证、域名跳转、Apache访问日志介绍
- LAMP架构(五)之Apache用户认证,域名跳转,访问日志
- 11.18 Apache用户认证 11.19/11.20 域名跳转 11.21 Apache访问日志
- LAMP架构(apache用户认证,域名重定向,apache访问日志)
- 11.18 Apache用户认证 11.19/11.20 域名跳转 11.21 Apache访问日志
- Apache用户认证、域名跳转、访问日志格式
- 十周第三次课 2017.12.20 Apache用户认证、域名跳转、Apache访问日志
- apache用户认证 域名跳转 Apache访问日志
- apache用户认证 域名跳转 Apache访问日志
- Apache用户认证,域名跳转,访问日志
- Apache用户认证、域名跳转、访问日志格式
- apache用户认证,域名跳转,查看访问日志
- 2018-3-2 10周3次课 Apache用户认证、域名跳转、Apache访问日志
- Apache用户认证、域名跳转、配置访问日志
- 11.18 Apache用户认证 11.19/11.20 域名跳转 11.21 Apache访问日志
- Apache用户认证、域名跳转、Apache访问日志
- Apache用户认证,域名跳转,Apache访问日志
- Apache用户认证、域名跳转、访问日志格式
- Apache用户认证、域名跳转、Apache访问日志