Some additional explanations before introducing virtual directories
Apache log file
For large servers such as www, building log files is an essential job. By analyzing the log files, you can not only monitor the operation of Apache, but also analyze the causes of errors and identify security risks.
1. Error log
The error log records errors that occur while Apache is running and starting. The log path is /etc/httpd/logs/error_log, let's open it and take a look
The error log consists of 4 parts, the first part indicates when the error occurred. The second part indicates the level or severity of the error. The third part represents the ip address that caused the error. The last part is the information itself. In this picture of the editor, the server refuses local access because the icon file favicon.ico cannot be found in the setting directory.
2. Access logs
The customlog parameter can set the location of log storage. By analyzing the access log, you can know which clients access which files of the website and when.
The common here is a format, and the most commonly used ones in Apache are combined and common. common is a common log format that can be recognized by many log analysis software. combined is a combined type of log. This format is similar to the general log format, but with the addition of "guide page" and "browser identification".
By default, the log format is combined. Let's look at a combined type of log.
127.0.0.1: request to the server client's ip address (here is local access)
- (the first) rfc1413 identity judged by the client identd process, the output is "-" indicating that the information here is invalid
- The (second) HTTP authentication system gets the Gehu ID for accessing the web page, and the environment variable remote_user will be set to this value and provided to the CGI script. If the status code is 401, it means the client is not authenticated. If the webpage is not password protected, this is "-"
[20/Apr...0800]: The time when the server completes the request processing
GET/favicon.ico HTTP/1.1: In quotes is the request line from the client that contains a lot of useful information. It can be seen that the action of the client is GET, and the protocol used is HTTP/1.1
404 : The status code returned by the server to the client. This information is more valuable, it indicates the result of the request, whether it was successfully responded (starting with 2), redirected (starting with 3), or an error occurred (starting with 4), or a server-side error (starting with 4) was generated. 5 at the beginning). Here, it starts with 4, indicating that the file was not found and an error occurred.
284: The number of bytes returned to the client excluding the response header, if no information is returned, this should be "-"
- (on the next line): Indicates the page from which the request was submitted
Mozilla/5.0: Browser identification information provided by the client
Directory settings
Directory settings are all about setting permissions for a directory on the server. Usually, when visiting a certain website, what is really accessed is only a certain webpage file in a certain directory in the web server, and the entire website is composed of these webpage directories and webpage files. As a web site administrator, you may often need to set up only one directory, rather than the entire site. For example, to deny a host or a host of a network segment to access files in a directory, you can use the <Directory></Directory> container to set it.
root directory settings
Description: option defines the directory usage characteristics, followed by FollowSymlinks to use symbolic links in the directory. Option can set many functions, the following are some of its properties.
{
FollowSymLinks: Allows symlinks to be used in directories
Indexes: Allows directory browsing. If the client does not specify which file under the directory to access, and there is no home page file in the directory, the structure of the directory will be displayed, including the subdirectories and files in the directory.
MultiViews: Allows content to be written on multiple views
ExecCGI: allows CGI scripts to be executed in this directory
Includes: Allow server-side include functionality
IncludesNoexec: Allows server-side include functions, but cannot execute CGI scripts
ALL: Include all features except MutiViews (defaults to ALL if there is no Options field)
}
AllowOverride None: Sets the directive type in the .htaccess file. None means disallow the use of .htaccess
Document directory settings
Description: Order allow, deny sets the default access permissions and the processing order of the Allow and Deny fields. allow sets which clients can access the server. The corresponding deny is used to restrict which clients cannot access the server.
Commonly used access controls come in two forms:
1.Order allow,deny
Indicates that access to all clients is prohibited by default, and the allow field is matched before the deny field. If both the allow field and the deny field are matched, the deny field finally takes effect. That is to say, deny will override allow
2.Order deny,allow
Indicates that access by all clients is allowed by default, and the deny field is matched before the allow field. If both the allow field and the deny field are matched, the allow field finally takes effect. That is to say, allow will override deny
Having said all of the above, it's time to get to the point, which is the virtual directory
virtical list
Under normal circumstances, website resources need to be placed in Apache's document directory before they can be published in web pages. The default path is "/var/www/html". If you want to publish other directories than the document directory, you need to use the virtual directory function.
A virtual directory is actually an alias for the actual directory. Although the contents of this directory are not in Apache's document directory, users can still access the resources of this directory by accessing this alias through a browser. In addition, virtual directories have the following advantages.
1. Convenient and fast. The name and path of the virtual directory are not limited by the name and path of the real directory, so when using the virtual directory, the setting can be made more convenient and quicker, and from the user's point of view, it is completely impossible to access the virtual directory.
2. Strong flexibility. Virtual directories can provide almost unlimited disk space, which is a very practical and flexible function for websites that do video-on-demand and websites that require large disk space.
3. Easy to move. If the directory in the document directory is moved, the corresponding URL path will also change, and as long as the name of the virtual directory remains unchanged, no matter what the actual path changes, it will not affect the user's access.
4. Good security
Syntax: Alias /virtual directoryname/"real directory"
Here Xiaobian added a virtual directory of mez, the real directory is the directory where Apache files are placed
We enter the virtual directory name in the browser
Still the same effect.
At the end, I will add some knowledge about Apache users and groups.
In order to improve security, a dedicated user and group can be established for Apache to provide the use of running Apache subprocesses. If you run Apache as root, it is illegal to exploit the Apache vulnerability to gain root privileges. If you lower the permissions of the Apache user and run Apache as a non-root user and group, the security can be greatly enhanced, because even if a hacker obtains these accounts and passwords, they cannot do too much damage to the server.
The User and Group fields in the configuration file can respectively set the user and group when the Apache subprocess that serves the request is running
This is the system default, of course, we can also create users and groups ourselves.