Apache--Webpage Optimization--Theory + Experimental Detailed Explanation--Web Page Compression, Configure Web Page Cache Time, Hide Version Information, and Configure Anti-theft Chain

---

1. Apache webpage optimization

1 Overview

• In enterprises, only the default configuration parameters are used after the deployment of Apache, which will cause many problems for the website. In other words, the default configuration is for the previous low server configuration, and the previous configuration is no longer suitable for the current Internet era.
• In order to meet the needs of enterprises, it is necessary to consider how to improve the performance and stability of Apache. This is the content of Apache optimization

2. Optimize content

• Configure web page compression function to increase access rate
• Configure web page caching to reduce concurrency
• Selection of working mode and parameter optimization
• Configure hidden version number
• Configure anti-leech
• …

3.gzip introduction

• Configure Apache's web page compression function to use the gzip compression algorithm to compress the web page content, and then transmit it to the client browser
• Transmit after compression, reducing the number of bytes transmitted over the network, thus speeding up the loading of web pages
• It can also save traffic and improve the user’s browsing experience
• gzip has a better relationship with search engine crawlers

4. Apache compression module

1. Apache's functional modules for web page compression include:
   -mod_gzip module
   -mod_deflate module

2. Apache 1.x
   does not have built-in web page compression technology, but can use third-party mod_gzip module to perform compression

Has been eliminated

3. When Apache 2.x
   was developed, the module mod_deflate was built in to replace mod_gzip

4. The mod_gzip module and mod_deflate module
   both use the gzip compression algorithm, and the principle of operation is similar

Mod_gzip compression speed is slightly faster, while mod_gzip compression ratio is slightly higher

Mod_gzip occupies more server cpu

For high-traffic servers, using mod_deflate may load faster than mod_gzip

5. Configure web page compression

5.1 Check whether the mod_deflate module is installed

apachectl -t -D DUMP_MODULES | grep "deflate"

5.2 If it is not installed, recompile and install Apache and add the module

cd /usr/local/httpd/conf/
mv httpd.conf httpd.conf.bak1
systemctl stop httpd.service

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel

cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate    #加入mod_deflate模块

make -j 4 
make install

5.3 Configure mod_deflate module enable

vim /usr/local/httpd/conf/httpd.conf

--52行--修改
Listen 192.168.126.11:80
--105行--取消注释
LoadModule deflate_module modules/mod_deflate.so        ##开启mod_deflate模块
--197行--取消注释，修改
ServerName www.xcf.com:80

--末行添加--
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
#代表对什么样的内容启用gzip压缩
DeflateCompressionLevel 9
#代表压缩级别，范围为1~9
SetOutputFilter DEFLATE
#代表启用deflate模块对本站点的输出进行gzip压缩
</IfModule>

5.4 Check the installation and start the service

apachectl -t
#验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "deflate"
#检查模切模块是否已安装
 deflate_module (shared)

Systemctl start httpd.service

5.5 Test whether mod_deflate compression takes effect

cd /usr/local/httpd/htdocs
#先上传一张图传到/usr/local/httpd/htdocs目录下，Xshell直接拖进去即可

vim index.html 

<html><body><h1>30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!!</h1>
<img src= "zxc123.jpg"/>
</body></html>


systemctl restart httpd.service

echo "192.168.126.11 www.xcf.com" >> /etc/hosts

vim /etc/resolv.conf
nameserver 192.168.126.11

Open the browser to access


Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the element.
Select Network—>Select HTML, WS. Other
access http://192.168.126.11, double-click the 200 response message to view the response header Contains Content- Encoding: gzip

Method 2:
Install the fiddler software in the Windows system and open the fiddler software.
Select inspectors —> select the Headers
browser to visit http://192.168.126.11, double-click the 200 response message to view Content-Encoding: gzip

Install tools in virtual win10, drag the software directly into it, double-click to install, click start, click the program to
open, we refresh the browser interface twice, and then return to the software to view

6. Configure the cache time of web pages

• Configure apache through the mod_expire module configuration module so that web pages can be cached in the client browser for a period of time to avoid repeated requests
• After the mod_expire module is enabled, the Expires tag and the Cache-Control tag in the page header information will be automatically generated. The client browser decides based on the tag that the next visit is to obtain the page in the cache of the local machine without making another request to the server. Reduce the frequency and number of visits by the client to achieve the purpose of reducing unnecessary traffic and increasing access speed

6.1 Check whether the mod_expires module is installed

apachectl -t -D DUMP_MODULES | grep "expires"

6.2 If the mod_ expires module is not installed, recompile and install Apache and add the mod_ expires module

systemctl stop httpd.service

cd /usr/local/httpd/conf
mv httpd.conf{
    
    ,.bak2}

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel

cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
#加入mod_ expires模块

make -j 4
make install

6.3 Configure mod_expires module enable

vim /usr/local/httpd/conf/httpd.conf

--52行--修改
Listen 192.168.126.11:80
--111行- -取消注释
LoadModule expires_ module modules/mod_expires.so
#开启mod_expires模块
--199行--取消注释并修改
ServerName www.xcf.com:80
--末行添加--
<IfModule mod_expires.c>
  ExpiresActive On
  #打开网页缓存功能
  ExpiresDefault "access plus 60 seconds"
  #设置缓存60秒
</IfModule>

6.4 Check the installation and start the service

apachectl -t
#验证配置文件的配置是否正确

apachectl -t -D DUMP_MODULES | grep "expires"
#检查mod_ deflate模块是否已安装 
  deflate_module (shared)
  #已安装的正确结果

systemctl restart httpd.service

6.5 Test whether the cache is effective

cat /usr/local/httpd/htdocs/index.html

Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network —> select HTML, WS, and others.
Visit http://192.168.126.11 and double-click the 200 message to view the Expires item in the response header

Method 2:
Install Microsoft.NET4 and fiddler software in the Windows system in turn, open the fiddler software,
select inspectors —> select the Headers
browser to visit http://192.168.126.11, double-click the 200 message to view the Expires item

---

2. Apache security optimization

1. Hide version information

• The version information of Apache reveals certain vulnerability information, which brings security risks to the website
• Configure Apache to hide version information in the production environment

The version information can be seen in the previous experiment, which is: 2.4.29 (Unix)

vim /usr/local/httpd/conf/httpd.conf
-- 491行--取消注释
Include conf/extra/httpd-default.conf

vim /usr/local/httpd/conf/extra/httpd-default.conf
--55行--修改
ServerTokens Prod
#将原本的 Full 改为 Prod，将只显示名称，没有版本
#ServerTokens 表示 Server 回送给客户端的响应头域是否包含关于服务器 OS 类型和编译过的模块描述信息

systemctl restart httpd.service

浏览器访问http://192.168.126.11，双击200消息查看 Server 项

You can see that the version information has been successfully hidden, and we can also forge it, and continue to learn more later~

2. Anti-leech

• Anti-hotlinking is to prevent others' website codes from embezzling pictures, files, videos and other related resources on our own servers
• If others embezzle these static resources of the website, it will obviously increase the bandwidth pressure of our server
• It is equivalent to direct prostitution, accessing the same thing, so that their website is accessed, but our server resources are used
• As the maintainer of the website, we must prevent the static resources of the server from being embezzled by other websites

Configure a hotlink virtual machine

Turn on another hotlink host as a "white prostitution", and use the server without an anti-leech host to access the webpage

#安装httpd服务
yum -y install httpd
systemctl start httpd

#配置临时dns映射
echo "192.168.126.11 www.xcf.com" >>/etc/hosts
echo "192.168.126.12 www.zxc.com" >>/etc/hosts

Edit web hosting website homepage

vim /var/www/html/index.html
<html><body><h1>30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!!</h1>
<img src= "http://www.xcf.com/zxc123.jpg"/>
</body></html>

systemctl restart httpd.service

Use local domain name access

2.2 Configure anti-leech

2.2.1 Check whether the mod_rewrite module is installed

apachectl -t -D DUMP_MODULES | grep "rewrite"

2.2.2 If the mod_rewrite module is not installed, recompile and install Apache to add the mod_ rewrite module

systemctl stop httpd.service
cd /usr/local/httpd/conf/
mv httpd.conf{
    
    ,.bak3}

yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel

cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires

make -j 4
make install

2.2.3 Configure mod_rewrite module enable

vim /usr/local/httpd/conf/httpd.conf
--157行--取消注释
LoadModule rewrite_module modules/mod_rewrite.so
--224行--
<Directory "/usr/local/httpd/htdocs">
    
    Options Indexes FollowSymLinks
    
    AllowOverride None
    
    Require all granted
    
    #打开 rewrite功能，加入 mode_rewrite 模板内容
    RewriteEngine On
    
    RewriteCond %{
    
    HTTP_REFERER} !^http://xcf.com/.*$ [NC]               #设置匹配规则
    RewriteCond %{
    
    HTTP_REFERER} !^http://xcf.com$ [NC]
    RewriteCond %{
    
    HTTP_REFERER} !^http://www.xcf.com/.*$ [NC]
    RewriteCond %{
    
    HTTP_REFERER} !^http://www.xcf.com/$ [NC]
    RewriteRule .*\.(gif|jpg|swf)$ http://www.xcf.com/error.png         #设置跳转动作
</Directory>

RewriteCond %{
    
    HTTP_REFERER} !^http://www.chenweicom/.$ [NC] 的字段含义：
“%{
    
    HTTP_REFERER}” ：存放一个链接的 URL，表示从哪个链接访问所需的网页。
“!^” ：表示不以后面的字符串开头。
“http://www.chenwei.com” ：是本网站的路径，按整个字符串匹配。
“.$” ：表示以任意字符结尾。
“[NC]” ：表示不区分大小写字母。

RewriteRule ..(gif|jpg|swf)$ http://www.chenwei.com/error.png 的字段含义：
“.” ：表示匹配一个字符。
“” ：表示匹配 0 到多个字符，与“.”合起来的意思是匹配 0 到多次前面的任意字符，如果是 1 到多次匹配可以用“+”表示。
“.” ：在这里的“\”是转义符，“.”就代表符号“.”的意思。因为“.”在指令中是属于规则字符，有相应的含义， 如果需要匹配，需要在前面加个转义符“\”，其它规则字符如果需要匹配，也做同样处理。
“(gif|jpg|swf)” ：表示匹配“gif”、“jpg”、“swf”任意一个，“$”表示结束。最后的规则是以“.gif”、“.jpg”、“.swf”结尾， 前面是1到多个字符的字符串，也就是匹配图片类型的文件。
“http://www.chenwei.com/error.png” ：表示转发到这个路径 。

整个配置的含义是 使用本网站以外的网站域名 访问本站的图片文件时，显示 error.png 这个图片

2.2.4 Web page preparation

cd /usr/local/httpd/htdocs

#将error.png文件(这里自己可以挑一张png格式的图片，Xshell拖进去即可)
传到/usr/local/httpd/htdocs目录下

2.2.5 Try to access again on the hotlink host