Apache web optimization
- 1. Apache webpage optimization
- Two, Apache's compression module
- Three, configure the cache time of the webpage
- Fourth, configure Apache to hide version information
- Five, configure Apache to realize anti-leech
-
- 5.1 Apache anti-leech
-
- 5.1.1 Check whether the mod rewrite module is installed
- 5.1.2 If the mod_rewrite module is not installed, recompile and install Apache to add the mod_rewrite module
- 5.1.3 Configure mod_rewrite module enable
- 5.1.4 Web page preparation (you can configure the hotlink host first to check whether the hotlink is successful)
- 5.1.5 Perform browser verification on the host of the stolen image website
在企业中,部署Apache后只采用默认的配置参数,会引发网站很多问题,换言之默认配置是针对以前较低的服务器配置的,以前的配置已经不适用当今互联网时代
为了适应企业需求,就需要考虑如何提升Apache的性能与稳定性,这就是Apache优化的内容Ap
1. Apache webpage optimization
1.1 Optimize content
1. Configure web page compression function
2. Configure web cache
3. Work mode selection and parameter optimization
4. Configure hidden version number
5. Configure anti-theft chain,
etc.
Two, Apache's compression module
2.2 Introduction to gzip
Configure Apache's web page compression function to use gzip compression algorithm to compress the web page content and then transmit it to the client browser.
Reduce the number of bytes transmitted over the network, speed up the loading of web pages, save traffic, and improve the browsing experience of users.
Gzip has a better relationship with the crawling tools of search engines.
2.2.1 The functional modules that Apache implements web page compression include
mod_gzip模块(压缩)
mod_deflate模块(缩小)
2.2.1.1 Apache 1.x
没有内建网页压缩技术,但可使用第三方mod_gzip模块执行压缩
2.2.1.2 Apache 2.x
在开发的时候,内建了mod_deflate这个模块,取代mod_gzip
2.2.2 mod_gzip module and mod_deflate module
两者均使用gzip压缩算法,运作原理类似
mod_deflate压缩速度略快,而mod_gzip的压缩比略高
mod_gzip对服务器CPU的占用要高一些
高流量的服务器,使用mod_deflate可能会比mod-gzip加载速度更快
2.3 Configure web page compression
2.3.1 Steps to enable web page compression
查看是否安装mod_deflate模块----->修改配置文件启用压缩功能----->访问测试
2.3.2 Check whether the mod_deflate module is installed
执行apachectl -t -D DUMP_MODULES命令
If there is no deflate_module (static) in the output, the mod_deflate module was not installed during compilation
If it is not installed, recompile and install
./configure --enable-deflate...
make && make install
2.4 Web page compression
1、检查是否安装mod_deflate模块
apachectl -t -D DUMP_MODULES | grep "deflate"
2、如果没有安装mod_deflate模块,重新编译安装Apache添加mod_deflate模块
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd/ \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate
make && make install
--enable-deflate 加入mod deflate模块
3、配置mod_deflate模块启用
vim /usr/local/httpd/conf/httpd.conf
--52行-修改
Listen 192.168.238.20:80
--105行--取消注释
LoadModule deflate_module modules/mod_deflate. so 开启mod deflate模块
--197行--取消注释,修改
ServerName www.xyw.com:80
--末行添加--
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png
#代表对什么样的内容启用gzip压缩
DeflateCompressionLevel 9 代表压缩级别,范围为1~9
SetOutputFilter DEFLATE 代表启用deflate模块对本站点的输出进行gzip压缩
</IfModule>
4、检查安装情况,启动服务
apachectl -t 验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep deflate 检查mod deflate模块是否已安装
deflate_module (shared) 已安装的正确结果
systemctl start httpd.service
5、测试mod_deflate压缩是否生效
cd /usr/local/httpd/htdocs
First transfer the game.jpg file to the /usr/local/httpd/htdocs directory
vim index.html
<html><body><h1> It works ! It works! It works!It works ! It works! It works !It works ! It works! It works ! It works ! It works! Itworks! It works! It works!It works! It works!It works ! It works!It works! It works!It works! It works !It works ! It works! Itworks! It works! It works!It works! It works!It works! It works!It works! It works!It works! It works!It works ! It works!Itworks! It works! It works!It works! It works!It works! It works!It works! It works!It works! It works!It works ! It works! Itworks!It works! It works!It works! It works!It works! It works !It works! It works !It works! It works !It works! It works! Itworks!</h1>
<img src="gou.jpg"/>
</body></html>
method one:
在Linux系统中,打开火狐浏览器,右击点查看元素
选择 网络---->选择 HTML、ws、其他
访问http://192.168.238.20,双击200响应消息查看响应头中包含Content-Encoding:gzip
Method Two:
在Windows系统中依次安装Microsoft.NET4和fiddler软件,打开fiddler软件
选择inspectors---->选择Headers
浏览器访问http://192.168.238.20,双击200响应消息查看Content-Encoding: gzip
Three, configure the cache time of the webpage
Configure Apache through the mod_expire module so that web pages can be cached in the client browser for a period of time to avoid repeated requests.
After the mod_expire module is enabled, the Expires tag and Cache-Control tag in the page header information will be automatically generated. The label determines that the next visit is to get the page in the cache of the local machine, and there is no need to send a request to the server again, thereby reducing the frequency and frequency of client access, achieving the purpose of reducing unnecessary traffic and increasing access speed
3.1 Steps to enable web caching
查看是否安装mod_expire模块---->修改配置文件启用缓存功能----->访问测试
3.1.1 Web cache
1、检查是否安装mod_expires模块
apachectl -t -D DUMP_MODULES | grep "expires"
2、如果没有安装mod_expires模块,重新编译安装Apache添加mod_expires模块
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak1
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \ 加入mod_deflate模块
--enable-expires 加入mod_expires模块
make && make install
3、配置mod_expires模块启用
vim /usr/local/httpd/conf/httpd.conf
--52行--修改
Listen 192.198.238.20:80
--111行--取消注释
LoadModule expires_module modules/mod_expires.so 开启mod expires模块
--199行--取消注释,修改
ServerName www.xyw.com:80
--末行添加--
<IfModule mod_expires.c>
ExpiresActive On 打开网页缓存功能
ExpiresDefault "access plus 60 seconds" 设置缓存60秒
</IfModule>
4、检查安装情况,启动服务
apachectl -t 验证配置文件的配置是否正确
apachectl -t -D DUMP_MODULES | grep "expires" 检查mod_expires模块是否已安装
deflate module (shared) 已安装的正确结果
systemctl start httpd.service
5、测试缓存是否生效
cat /usr/local/httpd/htdocs/index.html
method one:
在Linux系统中,打开火狐浏览器,右击点查看元素
选择 网络---->选择HTML、WS、其他
访问http://192.168.238.20,双击200消息查看响应头中包含 Expires 项
Method Two:
在Windows系统中依次安装Microsoft.NET4和fiddler软件,打开fiddler软件
选择inspectors---->选择Headers
浏览器访问http://192.168.238.20,双击200消息查看Expires项
Fourth, configure Apache to hide version information
The version information of Apache reveals certain vulnerability information, which brings security risks to the website. In the
production environment, configure the hidden version information of Apache.
4.1 Hide version information
vim /usr/local/httpd/conf/httpd.conf
--491行--取消注释
Include conf/extra/httpd-default.conf
vim /usr/local/httpd/conf/extra/httpd-default.conf
---55行--修改
ServerTokens Prod 将原本的Full改为Prod,只显示名称,没有版本
#ServerTokens表示 Server 回送给客户端的响应头域是否包含关于服务器 OS 类型和编译过的模块描述信息
systemctl start httpd.service
浏览器访问
http://192.168.80.10,双击200消息查看Server项
Five, configure Apache to realize anti-leech
防盗链是防止别人的网站代码里面盗用我们自己服务器上的图片、文件、视频等相关资源
如果别人盗用网站的这些静态资源,明显的是会增大服务器的带宽压力
作为网站的维护人员,要杜绝服务器的静态资源被其他网站盗用
5.1 Apache anti-leech
5.1.1 Check whether the mod rewrite module is installed
apachectl -t -D DUMP_MODULES | grep "rewrite"
5.1.2 If the mod_rewrite module is not installed, recompile and install Apache to add the mod_rewrite module
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite\ #加入mod_rewrite模块
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
make && make install
5.1.3 Configure mod_rewrite module enable
vim /usr/local/httpd/conf/httpd.conf
--157行--取消注释
LoadModule rewrite_module modules/mod_rewrite.so
--224行--
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
RewriteEngine On 打开rewrite功能,加入mode_rewrite模块内容
RewriteCond %{
HTTP_REFERER} !^http://xyw.com/.*$ [NC] 设置匹配规则
RewriteCond %{
HTTP_REFERER} !^http://xyw.com$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.xyw.com/.*$ [NC]
RewriteCond %{
HTTP_REFERER} !^http://www.xyw.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.xyw.com/error.png 设置跳转动作
</Directory>
Rewritecond %{
HTTP_REFERER} !^http://www.kgc.com/.*$ [NC] 的字段含义:
"% {HTTP REFERER}":存放一个链接的URL,表示从哪个链接访问所需的网页。
"!^":表示不以后面的字符串开头。
"http://www.kgc.com":是本网站的路径,按整个字符串匹配。
".*$":表示以任意字符结尾。
"[NC]":表示不区分大小写字母。
RewriteRule .*\.{
gif|jpg|swf} $ http://www.kgc.com/error.png 的字段含义:
".":表示匹配一个字符。
"*":表示匹配0到多个字符,与"."合起来的意思是匹配0到多次前面的任意字符,如果是1到多次匹配可以用“+"表示。
"\.":在这里的"\"是转义符,"\."就代表符号"."的意思。因为"."在指令中是属于规则字符,有相应的含义,
如果需要匹配,需要在前面加个转义符"\",其它规则字符如果需要匹配,也做同样处理。
"(gif|jpg|swf) ":表示匹配"gif"、"jpg"、"swf"任意一个, "$"表示结束。最后的规则是以".gif"、".jpg"、".swf"结尾,前面是1到多个字符的字符串,也就是匹配图片类型的文件。
"http://www.kgc.com/error.png":表示转发到这个路径。
整个配置的含义是 使用本网站以外的网站域名 访问本站的图片文件时,显示error.png这个图片。
5.1.4 Web page preparation (you can configure the hotlink host first to check whether the hotlink is successful)
Web源主机配置
cd /usr/local/httpd/htdocs
将gou.jpg、error.png文件传到/usr/local/httpd/htdocs目录下
vim index.html
<html><body><h1>this is xyw.com!</h1>
<img src="gou.jpg"/>
</body></html>
echo "192.168.238.20 www.xyw.com" >> /etc/hosts
盗链主机
yum install -y httpd
vim /var/www/html/index.html yum安装的httpd服务的默认路径为/var/www/html/
<html><body><h1>IT WORKS!</h1>
<img src="http://192.168.200.50/gou.jpg"/>
</body></html>
echo "192.168.238.20 www.xyw.com" >> /etc/hosts
echo "192.168.238.10 www.benet.com" >> /etc/hosts
systemctl restart httpd
5.1.5 Perform browser verification on the host of the stolen image website
http://www.benet.com
