Article Directory
1. Apache webpage optimization
1. Overview of Apache webpage optimization
In enterprises, after deploying Apache, only the default configuration parameters can be used, which will cause a lot of problems for the website. In other words, the default configuration is for the previously low server configuration, and the previous configuration is not applicable to the current Internet era.
2. Optimize content
- Configure web page compression
- Configure web cache
- Selection of working mode and parameter optimization
- Configure hidden version number
- Configure anti-leech
- …
3. Web page compression
3.1 Introduction to gzip
- Configure Apache's web page compression function to use gzip compression algorithm to compress the web page content and then transmit it to the client browser
3.2 Function
- Reduce the number of bytes transmitted over the network and speed up web page loading
- Save traffic and improve the user’s browsing experience
- gzip has a better relationship with search engine crawlers
3.3 The functional modules that Apache implements web page compression include
- mod_gzip module
- mod deflate module
Apache 1.x
- There is no built-in web compression technology, but the third-party mod_gzip module can be used to perform compression
Apache 2.x
- During development, the module mod_deflate is built in instead of mod_gzip
3.4 mod_gzip module and mod_deflate module
- Both use the gzip compression algorithm and the principle of operation is similar
- mod_deflate compression speed is slightly faster, while mod_gzip compression ratio is slightly higher
- mod_gzip occupies more server CPU
- For high-traffic servers, using mod_deflate may load faster than mod_gzip
4. Configure web page compression function
Note: The previous step is to compile and install Apache normally, but yum installs more zlib-devel (compression function); one more deflate module is enabled in the configure configuration, which has an additional compression function than the previously installed Apache environment
1. Install Apache
tar zxf apr-1.6.2.tar.gz
tar zxf apr-util-1.6.0.tar.gz
tar jxf httpd-2.4.29.tar.bz2
mv apr-1.6.2 httpd-2.4.29/srclib/apr
mv apr-util-1.6.0 httpd-2.4.29/srclib/apr-util
yum -y install gcc gcc-c++ make pcre-devel expat-devel perl zlib-devel
cd httpd-2.4.29/
./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-charset-lite --enable-cgi --enable-deflate
make && make install
cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
vim /etc/init.d/httpd
添加:
#chkconfig:35 85 21
#description:Apache HTTP Server
chkconfig --add httpd
chkconfig --list
ln -s /usr/local/httpd/conf/httpd.conf /etc/
ln -s /usr/local/httpd/bin/* /usr/bin/
vi /etc/httpd.conf
修改:
ServerName www.nb.com:80
systemctl stop firewalld
setenforce 0
2. Configure mod_deflate module to start
[root@server1 ~]# vi /etc/httpd.conf
LoadModule deflate_module/mod_deflate.so #把前面的#删掉,启用mod_deflate模块
[root@server1 ~]# systemctl start httpd
[root@server1 ~]# systemctl status httpd
[root@server1 ~]# netstat -anpt | grep httpd
[root@server1 ~]# apachectl -D DUMP_MODULES | grep deflate
Compression is on
5. Configure web page compression
1. Set compressed content type
[root@server1 ~]# vi /etc/httpd.conf
#............#在文件末尾加入以下内容
#AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript
#DeflateCompressionLevel 9 #9代表压缩等级一般用6即可
#SetOutputFilter DEFLATE text/javascript
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
[root@server1 ~]# systemctl start httpd
[root@server1 ~]# httpd -t
2. Web page settings
[root@server1 ~]# echo "<h1>This is the fa</h1>" > /usr/local/httpd/htdocs/index.html
Packet capture test:
enter IP on the browser to access and
use packet capture software to view
6. Configure web cache function
1. Steps to enable web caching
- Check whether the mod_expire module is installed
- Modify the configuration file to enable the cache function
- Access test
Solve the problem of Chinese garbled
vi /etc/httpd.conf
添加:
AddDefaultCharset utf-8
1. Open the expire module
[root@server1 ~]# vi /etc/httpd.conf
去除#号,开启expire模块
LoadModule expires_module modules/mod_expires.so
[root@server1 ~]# systemctl start httpd
[root@server1 ~]# apachectl -D DUMP_MODULES | grep expires
2. Set up the configuration file
[root@server1 ~]# vi /etc/httpd.conf
[root@server1 ~]# httpd -t
[root@server1 ~]# systemctl stop httpd
[root@server1 ~]# systemctl start httpd
<IfModule mod_expires.c> 当expire模块开启时,命令生效
ExpiresActive On
ExpiresDefault "access plus 3 day" 缓存3天
</IfModule>
Test:
input on this machine: 20.0.0.13 visit, then capture the packet
2. Apache security optimization
1. Configure Apache to hide version information
- The version information of Apache reveals certain vulnerability information, which brings security risks to the website
- Configure Apache to hide version information in the production environment
2. Assignment of ServerTokens
ServerTokens Prod 显示“Server:Apache” 显示版本信息
ServerTokens Major 显示“Server:Apache/2” 版本数
ServerTokens Minor 显示“Server:Apache/2.2” 版本数下发行的版本数
ServerTokens Min 显示“Server:Apache/2.2.17” 完整版本
ServerTokens OS 显示“Server:Apache/2.2.17 (Unix)”平台
ServerTokens Full 显示“Server:Apache/2.2.17 (Unix) PHP/5.3.5”其它平台所有信息(apache嵌存PHP模块)
3. Hidden version configuration
[root@server1 ~]# vi /usr/local/httpd/conf/extra/httpd-default.conf
修改为:
ServerTokens Prod
2. Configuration file
[root@server1 ~]# vi /etc/httpd.conf
修改:
Include conf/extra/httpd-default.conf #取消注释
[root@server1 ~]# systemctl stop httpd
[root@server1 ~]# systemctl start httpd
Test
Input on this machine: 20.0.0.13 visit, then capture
4. Anti-leech
1. The role of anti-leech
- Anti-hotlinking is to prevent others' website code from embezzling pictures, files, videos and other related resources on our own server
- If others embezzle these static resources of the website, it will obviously increase the bandwidth pressure of the server
- As the maintainer of the website, we must prevent the static resources of the server from being embezzled by other websites
2. No anti-theft chain
1. Delete domain configuration
[root@server1 ~]# cd /usr/local/httpd/htdocs/
[root@server1 htdocs]# ls
index.html
[root@server1 htdocs]# rm -rf index.html
[root@server1 htdocs]#
2. Edit the configuration file
[root@server1 ~]# vi /etc/httpd.conf
修改:
LoadModule rewrite_module modules/mod_rewrite.so #取消配置
Prepare 2 emoticons and an html page and
import them into Xshell
Using the local IP address to access,
restart a machine (20.0.0.14)
1. Install httpd, configure the domain name
[root@server2 ~]# yum -y install httpd
[root@server2 ~]# vi /var/www/html/index.html
添加:
<html><body>Theft<img src="http://20.0.0.13/a.jpg"/></body></html>
[root@server2 ~]# systemctl stop firewalld
[root@server2 ~]# setenforce 0
[root@server2 ~]# systemctl start httpd
Test:
can be directly stolen
3. Configure anti-theft chain
1. Edit the configuration file on the host
[root@server1 ~]# vi /etc/httpd.conf
[root@server1 ~]# httpd -t
[root@server1 ~]# systemctl stop httpd
[root@server1 ~]# systemctl start httpd
AllowOverride All
RewriteEngine On
RewriteCond %{
HTTP_REFERER} !^http://20.0.0.13/.*$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://20.0.0.13/* [NC]
RewriteCond %{HTTP_REFERER} !^http://20.0.0.13$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://20.0.0.13/b.png [R,NC]