CentOS7 Operation and Maintenance-Apache Service Optimization | Web Compression | Web Cache | Leak Prevention | Anti-theft Link

---

I. Overview

ApacheThe default configuration will cause many problems, which does not meet the current high-end server configuration, so in order to adapt to the needs of the enterprise, improve the Apacheconfiguration, thereby improving performance and stability

---

Second, the optimization plan

① Web page compression

Compressing the size of web pages can reduce overhead and improve efficiency
► Use instructions to check whether the module is installed

httpd -M | grep "deflate"

►How to find the module
Use the command Find to find

find ./ -name "mod_deflate.c"

►Install modules
Use apxs to add new modules

#安装apxs前置
yum install zlib-devel
sed -i '38c LDFLAGS="-lz"' /usr/local/httpd/bin/apr-1-config
#源码解压目录
cd /opt/httpd/modules/filters
apxs -ica mod_deflate.c 

►Add at the end of the httpd main configuration file.
Compression types include general text, CSS/JS, pictures, etc.
DeflateCompressionLevelRepresents the compression level [1-9]
SetOutputFilter DEFLATErepresents use gzipfor compression

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain   text/css text/xml text/javascript text/jpg text/png
  DeflateCompressionLevel 9
  SetOutputFilter DEFLATE	
</IfModule>

►Restart service

systemctl restart httpd

►Test
Use the browser's built-in network function to view, the picture has been gzipcompressed

② Web page cache

►Use instructions to check whether the module is installed

httpd -M | grep "expires"

►Install modules
Use apxs to add new modules

cd /opt/httpd/models/metadata
apxs -c -i -a mod_expires.c

►Add at the end of the httpd main configuration file to
ExpiresActive Onopen the web cache function and
ExpiresDefault ""set the cache time [unit: second]

<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 60 seconds"
</IfModule>

►Restart service

systemctl restart httpd

►Test

③ Anti-leakage

Used to pretend to hide the software version, which can prevent idlers from looking for loopholes to destroy

►Enter the main configuration file to delete the comment

vim /usr/local/httpd/conf/httpd.conf

Include conf/extra/httpd-default.conf

►Enter the default profile

vim /usr/local/httpd/conf/extra/httpd-default.conf

Modify the 55content ServerTokensof the first line to Prod

► restart the service

systemctl restart httpd

►Before modification versus after modification

④ Anti-theft chain

It can be combined with web page caching to effectively prevent images from being stolen and used. If maliciously stolen, it will result in a situation where the click rate of the website is not high but the traffic is very large.

►Open the module and
enter the httpdmain configuration file

LoadModule rewrite_module modules/mod_rewrite.so

Search in the main configuration file 224lines DocumentRootto add items

RewriteEngine On
RewriteCond %{
    
    HTTP_REFERER} !^http://benet.com/.*$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://benet.com$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://www.benet.com/.*$ [NC]
RewriteCond %{
    
    HTTP_REFERER} !^http://www.benet.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.benet.com/error.png

►Test the

source code of pirated websites