Article Directory
1. Apache webpage optimization
1 Overview
- In enterprises, only the default configuration parameters are used after the deployment of Apache, which will cause many problems for the website. In other words, the default configuration is for the previous low server configuration, and the previous configuration is no longer suitable for the current Internet era.
- In order to meet the needs of enterprises, it is necessary to consider how to improve the performance and stability of Apache. This is the content of Apache optimization
2. Optimize content
- Configure web page compression function to increase access rate
- Configure web page caching to reduce concurrency
- Selection of working mode and parameter optimization
- Configure hidden version number
- Configure anti-leech
- …
3.gzip introduction
- Configure Apache's web page compression function to use the gzip compression algorithm to compress the web page content, and then transmit it to the client browser
- Transmit after compression, reducing the number of bytes transmitted over the network, thus speeding up the loading of web pages
- It can also save traffic and improve the user’s browsing experience
- gzip has a better relationship with search engine crawlers
4. Apache compression module
- Apache's functional modules for web page compression include:
-mod_gzip module
-mod_deflate module
- Apache 1.x
does not have built-in web page compression technology, but can use third-party mod_gzip module to perform compressionHas been eliminated
- When Apache 2.x
was developed, the module mod_deflate was built in to replace mod_gzip
- The mod_gzip module and mod_deflate module
both use the gzip compression algorithm, and the principle of operation is similarMod_gzip compression speed is slightly faster, while mod_gzip compression ratio is slightly higher
Mod_gzip occupies more server cpu
For high-traffic servers, using mod_deflate may load faster than mod_gzip
5. Configure web page compression
5.1 Check whether the mod_deflate module is installed
apachectl -t -D DUMP_MODULES | grep "deflate"
5.2 If it is not installed, recompile and install Apache and add the module
cd /usr/local/httpd/conf/
mv httpd.conf httpd.conf.bak1
systemctl stop httpd.service
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate #加入mod_deflate模块
make -j 4
make install
5.3 Configure mod_deflate module enable
vim /usr/local/httpd/conf/httpd.conf
--52行--修改
Listen 192.168.126.11:80
--105行--取消注释
LoadModule deflate_module modules/mod_deflate.so ##开启mod_deflate模块
--197行--取消注释,修改
ServerName www.xcf.com:80
--末行添加--
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
#代表对什么样的内容启用gzip压缩
DeflateCompressionLevel 9
#代表压缩级别,范围为1~9
SetOutputFilter DEFLATE
#代表启用deflate模块对本站点的输出进行gzip压缩
</IfModule>
5.4 Check the installation and start the service
apachectl -t
#验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "deflate"
#检查模切模块是否已安装
deflate_module (shared)
Systemctl start httpd.service
5.5 Test whether mod_deflate compression takes effect
cd /usr/local/httpd/htdocs
#先上传一张图传到/usr/local/httpd/htdocs目录下,Xshell直接拖进去即可
vim index.html
<html><body><h1>30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!!</h1>
<img src= "zxc123.jpg"/>
</body></html>
systemctl restart httpd.service
echo "192.168.126.11 www.xcf.com" >> /etc/hosts
vim /etc/resolv.conf
nameserver 192.168.126.11
Open the browser to access
Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the element.
Select Network—>Select HTML, WS. Other
access http://192.168.126.11, double-click the 200 response message to view the response header Contains Content- Encoding: gzip
Method 2:
Install the fiddler software in the Windows system and open the fiddler software.
Select inspectors —> select the Headers
browser to visit http://192.168.126.11, double-click the 200 response message to view Content-Encoding: gzipInstall tools in virtual win10, drag the software directly into it, double-click to install, click start, click the program to
open, we refresh the browser interface twice, and then return to the software to view
6. Configure the cache time of web pages
- Configure apache through the mod_expire module configuration module so that web pages can be cached in the client browser for a period of time to avoid repeated requests
- After the mod_expire module is enabled, the Expires tag and the Cache-Control tag in the page header information will be automatically generated. The client browser decides based on the tag that the next visit is to obtain the page in the cache of the local machine without making another request to the server. Reduce the frequency and number of visits by the client to achieve the purpose of reducing unnecessary traffic and increasing access speed
6.1 Check whether the mod_expires module is installed
apachectl -t -D DUMP_MODULES | grep "expires"
6.2 If the mod_ expires module is not installed, recompile and install Apache and add the mod_ expires module
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf{
,.bak2}
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
#加入mod_ expires模块
make -j 4
make install
6.3 Configure mod_expires module enable
vim /usr/local/httpd/conf/httpd.conf
--52行--修改
Listen 192.168.126.11:80
--111行- -取消注释
LoadModule expires_ module modules/mod_expires.so
#开启mod_expires模块
--199行--取消注释并修改
ServerName www.xcf.com:80
--末行添加--
<IfModule mod_expires.c>
ExpiresActive On
#打开网页缓存功能
ExpiresDefault "access plus 60 seconds"
#设置缓存60秒
</IfModule>
6.4 Check the installation and start the service
apachectl -t
#验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "expires"
#检查mod_ deflate模块是否已安装
deflate_module (shared)
#已安装的正确结果
systemctl restart httpd.service
6.5 Test whether the cache is effective
cat /usr/local/httpd/htdocs/index.html
Method 1:
In the Linux system, open the Firefox browser, right-click and click to view the elements.
Select Network —> select HTML, WS, and others.
Visit http://192.168.126.11 and double-click the 200 message to view the Expires item in the response header
Method 2:
Install Microsoft.NET4 and fiddler software in the Windows system in turn, open the fiddler software,
select inspectors —> select the Headers
browser to visit http://192.168.126.11, double-click the 200 message to view the Expires item
2. Apache security optimization
1. Hide version information
- The version information of Apache reveals certain vulnerability information, which brings security risks to the website
- Configure Apache to hide version information in the production environment
The version information can be seen in the previous experiment, which is: 2.4.29 (Unix)
vim /usr/local/httpd/conf/httpd.conf
-- 491行--取消注释
Include conf/extra/httpd-default.conf
vim /usr/local/httpd/conf/extra/httpd-default.conf
--55行--修改
ServerTokens Prod
#将原本的 Full 改为 Prod,将只显示名称,没有版本
#ServerTokens 表示 Server 回送给客户端的响应头域是否包含关于服务器 OS 类型和编译过的模块描述信息
systemctl restart httpd.service
浏览器访问http://192.168.126.11,双击200消息查看 Server 项
You can see that the version information has been successfully hidden, and we can also forge it, and continue to learn more later~
2. Anti-leech
- Anti-hotlinking is to prevent others' website codes from embezzling pictures, files, videos and other related resources on our own servers
- If others embezzle these static resources of the website, it will obviously increase the bandwidth pressure of our server
- It is equivalent to direct prostitution, accessing the same thing, so that their website is accessed, but our server resources are used
- As the maintainer of the website, we must prevent the static resources of the server from being embezzled by other websites
Configure a hotlink virtual machine
Turn on another hotlink host as a "white prostitution", and use the server without an anti-leech host to access the webpage
#安装httpd服务
yum -y install httpd
systemctl start httpd
#配置临时dns映射
echo "192.168.126.11 www.xcf.com" >>/etc/hosts
echo "192.168.126.12 www.zxc.com" >>/etc/hosts
Edit web hosting website homepage
vim /var/www/html/index.html
<html><body><h1>30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!30bian!!</h1>
<img src= "http://www.xcf.com/zxc123.jpg"/>
</body></html>
systemctl restart httpd.service
Use local domain name access
2.2 Configure anti-leech
2.2.1 Check whether the mod_rewrite module is installed
apachectl -t -D DUMP_MODULES | grep "rewrite"
2.2.2 If the mod_rewrite module is not installed, recompile and install Apache to add the mod_ rewrite module
systemctl stop httpd.service
cd /usr/local/httpd/conf/
mv httpd.conf{
,.bak3}
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
make -j 4
make install
2.2.3 Configure mod_rewrite module enable
vim /usr/local/httpd/conf/httpd.conf
--157行--取消注释
LoadModule rewrite_module modules/mod_rewrite.so
--224行--
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
#打开 rewrite功能,加入 mode_rewrite 模板内容
RewriteEngine On
RewriteCond %{
HTTP_REFERER} !^http://xcf.com/.*$ [NC] #设置匹配规则
RewriteCond %{
HTTP_REFERER} !^http://xcf.com$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.xcf.com/.*$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.xcf.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.xcf.com/error.png #设置跳转动作
</Directory>
RewriteCond %{
HTTP_REFERER} !^http://www.chenweicom/.$ [NC] 的字段含义:
“%{
HTTP_REFERER}” :存放一个链接的 URL,表示从哪个链接访问所需的网页。
“!^” :表示不以后面的字符串开头。
“http://www.chenwei.com” :是本网站的路径,按整个字符串匹配。
“.$” :表示以任意字符结尾。
“[NC]” :表示不区分大小写字母。
RewriteRule ..(gif|jpg|swf)$ http://www.chenwei.com/error.png 的字段含义:
“.” :表示匹配一个字符。
“” :表示匹配 0 到多个字符,与“.”合起来的意思是匹配 0 到多次前面的任意字符,如果是 1 到多次匹配可以用“+”表示。
“.” :在这里的“\”是转义符,“.”就代表符号“.”的意思。因为“.”在指令中是属于规则字符,有相应的含义, 如果需要匹配,需要在前面加个转义符“\”,其它规则字符如果需要匹配,也做同样处理。
“(gif|jpg|swf)” :表示匹配“gif”、“jpg”、“swf”任意一个,“$”表示结束。最后的规则是以“.gif”、“.jpg”、“.swf”结尾, 前面是1到多个字符的字符串,也就是匹配图片类型的文件。
“http://www.chenwei.com/error.png” :表示转发到这个路径 。
整个配置的含义是 使用本网站以外的网站域名 访问本站的图片文件时,显示 error.png 这个图片
2.2.4 Web page preparation
cd /usr/local/httpd/htdocs
#将error.png文件(这里自己可以挑一张png格式的图片,Xshell拖进去即可)
传到/usr/local/httpd/htdocs目录下