Contains other configuration files
- Include file-path|directory-path|wildcard
- IncludeOptional file-path|directory-path|wildcard
Difference:
When there is no matching file, include will report an error, and IncludeOptional will ignore the error. It is
recommended to change the configuration and operate on the included file
Include conf.modules.d/*.conf
IncludeOptional conf.d/*.conf
Listening port
- LISTEN
At least one Listen command can be repeated multiple times. By default, it monitors port 80 of all IPs of this machine, and can also monitor the specified IP port of this machine
#Listen 12.34.56.78:80
Listen 80
Define the document page path of the Main server
- Specify the starting position of the URL
- Access authorization
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
Define the main page of the site
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
The server will look up the main page one by one
[root@centos8 ~]#ll /var/www/html/
total 8
-rw-r--r-- 1 root root 10 Jan 22 15:46 index.htm
-rw-r--r-- 1 root root 10 Jan 22 15:47 index.html
[root@centos8 ~]#curl 10.0.0.8
html file
[root@centos8 ~]#rm -rf /var/www/html/index.html
[root@centos8 ~]#curl 10.0.0.8
htm file
Access control for directories and URLs
** Options command: **
followed by one or more options list separated by blank characters. The + and-before the options indicate adding or deleting the specified options. Both + or-are required. 默认禁止访问索引列表
.
Common options:
-
Indexes: When there is no resource file that matches the defined main page resource under the specified URL path, return the index list to the user
-
FollowSymLinks: Allow access to the source file pointed to by the symbolic link file
-
None: Disable all
-
All: Allow all
[root@centos8 ~]#cat /etc/httpd/conf.d/test.conf
DocumentRoot "/data/html"
<Directory "/data/html">
options Indexes FollowSymLinks
Require all granted
</Directory>
[root@centos8 ~]#ll /data/html/
total 4
drwxr-xr-x 2 root root 6 Jan 22 16:11 hahah
drwxr-xr-x 2 root root 6 Jan 22 16:11 hehehe
-rw-r--r-- 1 root root 11 Jan 22 16:10 index.html
lrwxrwxrwx 1 root root 5 Jan 22 16:03 linketc -> /etc/
The simulated URL path does not exist
[root@centos8 ~]#rm -f /data/html/index.html
[root@centos8 ~]#curl 10.0.0.8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="hahah/">hahah/</a> </td><td align="right">2021-01-22 16:11 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="hehehe/">hehehe/</a> </td><td align="right">2021-01-22 16:11 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="linketc/">linketc/</a> </td><td align="right">2021-01-22 15:48 </td><td align="right"> - </td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
Simulation is not enabled to allow access to symbolic link files
[root@centos8 ~]#cat /etc/httpd/conf.d/test.conf
DocumentRoot "/data/html"
<Directory "/data/html">
options Indexes
Require all granted
</Directory>
[root@centos8 ~]#curl 10.0.0.8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="hahah/">hahah/</a> </td><td align="right">2021-01-22 16:11 </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="hehehe/">hehehe/</a> </td><td align="right">2021-01-22 16:11 </td><td align="right"> - </td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
AllowOverride Directive
Which directives related to access control can be placed in the .htaccess (specified by the AccessFileName directive, AccessFileName .htaccess is the default value) file in the specified directory, overriding the previous configuration directives, only valid for the statement
Common usage:
- AllowOverride All: All directives in .htaccess are valid
- AllowOverride None: .htaccess file is invalid, this is the default value of httpd 2.3.9 and later
- In the AllowOverride AuthConfig .htaccess file, all commands except AuthConfig cannot take effect
Access control based on the client's IP address
- Directory without explicit authorization, rejected by default
- Allow all hosts to access: Require all granted
- Deny access to all hosts: Require all denied
Control specific IP access:
- Require ip IPADDR: Authorize IP access from the specified source
- Require not ip IPADDR: Deny specific IP access
Control specific host access:
- Require host HOSTNAME: Authorize specific host access
- Require not host HOSTNAME:拒绝
HOSTNAME:
- FQDN: specific host
- domin.tld: all hosts under the specified domain name
User-based access control
htpasswd
-c automatically creates a file, it should only be used when the file does not exist
-p plaintext password
-d CRYPT format encryption, the default
-m md5 format encryption
encryption
-D delete the specified user
Configuration:
AuthType Basic
AuthName "Administator private"
AuthUserFile "/etc/httpd/conf.d/.htpasswd"
AuthGroupFile "/etc/httpd/conf.d/.htgroup"