Apache user authentication, domain name redirection, access log format

11.18 Apache User Authentication

Note:  The premise of using a browser for detection in this chapter is to add the virtual machine IP and virtual host domain name to the physical machine hosts file.

Configure User Authentication

• Edit the virtual host configuration file "httpd-vhosts.conf".

[root@1 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
……
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <Directory /data/wwwroot/111.com>
    #指定认证的目录
        Allowoverride AuthConfig
        #该行相当于打开用户认证的开关
        AuthName "111.com user auth"
        #自定义认证的名字，作用不大
        AuthType Basic
        #认证类型，一般为basic
        AuthUserFile /data/.htpasswd
        #指定密码文件所在位置（需要手动添加）
        require valid-user
        #设定需要认证的用户为“AuthUserFile”中定义的所有可用用户
     </Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• Create the password file specified in "httpd-vhosts.conf"

[root@1 ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd adai 
New password: 
Re-type new password: 
Adding password for user zx

[root@1 ~]# cat /data/.htpasswd
zx:$apr1$F7lSqIT0$hEgMT0Nhuxh6.BpmLvi57/

That is, create a password file encrypted with the MD5 algorithm for the user adai (automatically created) in "/data/.htpasswd".
Note:  Only add the -c option when creating the file for the first time.

• Reload after configuration is complete

[root@1 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@1 ~]# /usr/local/apache2.4/bin/apachectl graceful

• test

[root@1 ~]# curl -x192.168.8.131:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Mon, 31 Jul 2017 01:42:50 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

At this time, the prompt status code is "401", indicating that the currently accessed content requires user authentication.

Access with User & Password:

[root@1 ~]# curl -x192.168.8.131:80 -uadai:123456 111.com -I
HTTP/1.1 200 OK
Date: Mon, 31 Jul 2017 02:18:21 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
X-Powered-By: PHP/5.6.30
Content-Type: text/html; charset=UTF-8

The status code is "200", that is, the access is successful.

Test with browser:

After entering the username "zx" and password, you can access:

htpasswd command

The htpasswd command is an Apache web server built-in tool for creating and updating password files that store usernames, domains, and user basic authentication.

Syntax:  htpasswd [option] [parameter]
Options:
-c:=create, create an encrypted file
-n: do not update the encrypted file, only display the updated username and password on the screen
-m: use the MD5 algorithm to perform a password analysis encryption (default)
-d: encrypt password using CRYPT algorithm
-p: do not encrypt password, i.e. plaintext password
-s: encrypt password using SHA algorithm
-b: enter username and password together on the command line instead of Enter the password as prompted
-D: delete the specified user

application

Set up user authentication for specified files in the website!

• Virtual host configuration

[root@1 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    #<Directory /data/wwwroot/111.com>
    <FilesMatch 123.php>
        Allowoverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
     </FilesMatch>
     #</Directory>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

Description:  Comment out < Directory >, cancel the user authentication for the directory setting, and change it to < FilesMatch>, that is, set the user authentication for the file.

• detect

[root@1 ~]# curl -x192.168.8.131:80  111.com 
welcome to 111.com  

[root@1 ~]# curl -x192.168.8.131:80  111.com/123.php -I
HTTP/1.1 401 Unauthorized
Date: Mon, 31 Jul 2017 03:04:31 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1

Note:  At this time, you can freely access the directory specified by "111.com", but when accessing the "123.php" file in the directory, an error will be reported: 401, that is, user authentication is required.

Access with specified username & password:

[root@1 ~]# curl -x192.168.8.131:80  -uzx:123456 111.com/123.php 
welcom to 123file    
成功！

Use browser detection:

Visit "111.com":

Visit "111.com/123.php":

Enter the specified user "zx" and password to access:

11.19-11.20 Domain name redirection

Domain name jump classification and difference

type:

301 represents a permanent jump; 302 represents a temporary jump.

the difference:

• Different effects
  • 302 redirects are temporary redirects, search engines will crawl new content and keep old URLs. Because the server returns a 302 code, the search engine considers the new URL to be temporary.
  • A 301 redirect is a permanent redirect where search engines crawl new content and replace the old URL with the redirected URL.
• Different ways of using SEO
  In search engine optimization, 302 jumps are pursued by many black hat SEO optimization personnel, and malicious 302 jumps to websites are made to non-user target access websites. Therefore, search engines are usually unfriendly to website 302 jumps. So use 302 jump with caution!

SEO

SEO (Search Engine Optimization) Search engine optimization, on the basis of understanding the natural ranking mechanism of search engines, adjusts and optimizes the website internally and externally, improves the natural ranking of keywords in the search engine, and obtains more traffic, so as to achieve Expected goals for website sales and brand building.

Domain Jump Configuration

• Configure the virtual host configuration file: httpd-vhosts.conf.

[root@1 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
……
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
    #需要mod_rewrite的支持
        RewriteEngine on
        #开启rewrite功能
        RewriteCond %{HTTP_HOST} !^111.com$
        #Cond=condition，定义rewrite条件：所有非111.com的主机名（域名）
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
        #定义rewrite规则：当满足上面条件时才执行当前规则，即跳转到111.com。
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common
</VirtualHost>

• Check system configuration:

[root@1 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@1 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@1 ~]# /usr/local/apache2.4/bin/apachectl -M

Check here whether Apache has loaded the rewrite module called in the virtual host configuration, if not, you need to edit the Apache configuration file "httpd.conf":

[root@1 ~]# vim /usr/local/apache2.4/conf/httpd.conf   
……
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module        modules/libphp5.so
#LoadModule php7_module        modules/libphp7.so

That is, remove the comment symbol "#" and load the rewrite module.

• detect

[root@1 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@1 ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@1 ~]# /usr/local/apache2.4/bin/apachectl -M |grep rewrite
rewrite_module (shared)

Use curl to detect:

[root@adailinux ~]# curl -x192.168.8.131:80 www.example.com -I
HTTP/1.1 301 Moved Permanently
Date: Mon, 31 Jul 2017 07:17:37 GMT
Server: Apache/2.4.27 (Unix) PHP/5.6.30
Location: http://111.com/
Content-Type: text/html; charset=iso-8859-1

At this point, the status code is 301, which means that the domain name is permanently redirected!

When the browser detects, visiting "www.example.com" will directly jump to "111.com".

11.21 Apache Access Log

Log file location:

[root@1 ~]# ls /usr/local/apache2.4/logs
111.com-access_log  abc.com-access_log  access_log  httpd.pid
111.com-error_log   abc.com-error_log   error_log

Custom log format

The system comes with log format:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
#h表示host来源IP，l表示login用户，u表示user用户密码，t表示time时间，r表示request（行为），s表示status状态码，b表示byte大小
#user-agent：用户代理
#referer：跳转到当前位置的上一个网址（即：提供当前IP的网站）

That is: there are two formats, combine and common, and the common mode is used by default.

Configure log format

Edit the virtual host configuration file "httpd-vhosts.conf":

[root@1 ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    <IfModule mod_rewrite.c>
        RewriteEngine on
        RewriteCond %{HTTP_HOST} !^111.com$
        RewriteRule ^/(.*)$ http://111.com/$1 [R=301,L]
    </IfModule>
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" combined
</VirtualHost>

Description:  Change the original common at the back of the log file to combined.

Reload:

[root@1 ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@1 ~]# /usr/local/apache2.4/bin/apachectl graceful

style:

[root@1 ~]# cat /usr/local/apache2.4/logs/111.com-access_log

Apache virtual host enables PHP short tags

Add the following to the virtual host configuration file:

php_admin_flag short_open_tag on

short tag effect

If short tags are not enabled, the server will not be able to parse PHP files of the form:

<?
phpinfo()
?>

And can only parse:

<?php
phpinfo()
?>

This form of PHP file.