Table of contents
1. Compression of Apache web pages
1) Check the compression module
2) Install the mod_deflate module
3) Configure the mod_deflate module to enable
4) Check the installation and start the service
5) Test whether mod_deflate compression is effective
Two, Apache's web page cache processing
1) Check if the cache module is installed
2) New compilation and installation, add cache module
4) Verify the installation of the module and restart the service
5) Modify the test web page and conduct access test
3. Hide Apache version information
1) Modify the main configuration of httpd
Restart the service and test access:
1) The hotlinked host accesses the hotlinked host and steals the picture network path
2) Hotlink hosts set their own website image resources
Demonstration of anti-leech measures
1) Modification of main configuration
Download configuration method:
Modify the main configuration:
2) Prepare a picture that prompts hotlinkers and put it in the root directory of the webpage
Access the hotlinked host web page:
1. Compression of Apache web pages
In an enterprise, only the default configuration parameters are used after deploying Apache, which will cause many problems on the website. In other words, the default configuration is for the previous lower server configuration, and the previous configuration is no longer applicable
. How to improve the performance and stability of Apache, this is the content of Apache optimization
1) Check the compression module
apachectl -t -D DUMP_MODULES | grep "deflate"
2) Install the mod_deflate module
If the mod_deflate module is not installed, recompile and install Apache to add the mod_deflate module
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate
make && make install
3) Configure the mod_deflate module to enable
vim /usr/local/httpd/conf/httpd.conf
--52行--修改
--105行--取消注释
--197行--取消注释,修改
--末行添加--
4) Check the installation and start the service
[root@www htdocs]#apachectl -t
Syntax OK
[root@www htdocs]#apachectl -t -D DUMP_MODULES | grep "deflate"
deflate_module (shared)
[root@www htdocs]#systemctl start httpd
5) Test whether mod_deflate compression is effective
Edit test page:
cd /usr/local/httpd/htdocs
vim index.html
<html><body><h1>It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!</h1>
<img src="game.jpg"/>
</body></html>
test
method one:
In the Linux system, open the Firefox browser, right-click and click View Elements
Select Network ---> Select HTML, WS, Others
to access http://192.168.80.10, double-click the 200 response message to view the response header contains Content-Encoding: gzip
Method Two:
Install Microsoft.NET4 and fiddler software in turn on the Windows system, open the fiddler software,
select inspectors ---> select Headers
browser to visit http://192.168.80.10, double-click the 200 response message to check whether there is Content-Encoding: gzip
Two, Apache's web page cache processing
- Reduce network delay and speed up page opening speed - the cache is closer to the client than the source server, therefore, it takes less time to request content from the cache than from the source server, and the use of cache can significantly speed up the page opening speed to achieve a better experience
- Reduce the pressure on the server - After setting the validity period for network resources, users can reuse the local cache, reduce requests to the source server, and indirectly reduce the pressure on the server. At the same time, the crawler robot of the search engine can also reduce the frequency of crawling according to the expiration mechanism, and can effectively reduce the pressure on the server
- Reduce network bandwidth consumption--Whether for website operators or users, bandwidth represents money. When the Web cache copy is used, only minimal network traffic will be generated, which can effectively reduce operating costs
1) Check if the cache module is installed
apachectl -t -D DUMP_MODULES | grep "expires"
2) New compilation and installation, add cache module
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak1
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
make && make install
3) Configure the cache module
vim /usr/local/httpd/conf/httpd.conf
The monitoring of lines 52 and 199 continues to be uncommented and relevant modifications are made
--111行--取消注释
--末行添加--
<IfModule mod_expires.c>
ExpiresActive On #打开网页缓存功能
ExpiresDefault "access plus 60 seconds" #设置缓存时间为60s
</IfModule>
4) Verify the installation of the module and restart the service
[root@www httpd-2.4.29]#apachectl -t
[root@www httpd-2.4.29]#apachectl -t -D DUMP_MODULES | grep "expires"
[root@www httpd-2.4.29]#systemctl restart httpd
5) Modify the test web page and conduct access test
[root@www httpd-2.4.29]#cd /usr/local/httpd/htdocs
vim index.html
<html>
<body>
<h1>
this is a game
</h1>
<img src="games.jpg"/>
</body>
</html>
Access test:
3. Hide Apache version information
If we enable the Apache service, others can find your Apache version number through F12, so as to exploit some known vulnerabilities or zero-day vulnerabilities to attack, which is very dangerous. So in order to reduce a little - even a little bit of risk, we'd better choose to hide Apache version information
1) Modify the main configuration of httpd
vim /usr/local/httpd/conf/httpd.conf
--line 491--uncomment
vim /usr/local/httpd/conf/extra/httpd-default.conf
--line 55--Modify
Restart the service and test access:
If the page information is not refreshed successfully. You can try to clear all the information in the history first, and then visit
4. Apache anti-leech
In the Internet age, the most concerned issue of the website is the number of user visits. What attracts users is often novel titles, pictures and their content, and carrying these needs to occupy server resources. And some unscrupulous companies will redirect the pictures on their website to your website, read your pictures, occupy your bandwidth and server resources, but the traffic is occupied by it
So it is necessary to set the apache anti-leech
Hotlink experiment display
In this experiment, I have prepared two virtual machines, one is the host that compiles and installs the apche service from the source code, as the host that is hotlinked, and the domain name is set to www.test.com, and the other is the host that installs the apache service for yum, as the stolen host The host of the chain, the domain name is set to www.test1.com
1) The hotlinked host accesses the hotlinked host and steals the picture network path
2) Hotlink hosts set their own website image resources
3) Access test after stealing
Note: This test visits the hotlink host to explore the source of the picture
Demonstration of anti-leech measures
1) Modification of main configuration
Because the relevant modules have been downloaded when the source code of this machine is compiled, the configuration is directly modified. If you have not downloaded the relevant modules, you need to download the configuration
Download configuration method:
systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \ #加入mod_rewrite 模块
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
make && make install
Modify the main configuration:
vim /usr/local/httpd/conf/httpd.conf
--157行--取消注释
--224行--进行配置添加
Field meaning of RewriteCond %{HTTP_REFERER} !^http://www.test.com/.*$ [NC]:
- "%{HTTP_REFERER}": stores a URL of a link, indicating which link is used to access the static resources in the directory
- "!^": Indicates that it does not start with the following string
- "http://www.test.com": is the path of this website, matched by the entire string
- ".*$": means end with any character
- "[NC]": Indicates case-insensitive
Field meaning of RewriteRule .*\.(gif|jpg|swf)$ http://www.test.com/error.png:
- ".": means match a character
- "*": means to match 0 to multiple characters, combined with "." means to match any character in front of 0 to multiple times, if it is 1 to multiple matches, you can use "+" to indicate
- "\.": "\" here is an escape character, and "\." means the symbol ".". Because "." is a rule character in the command and has a corresponding meaning. If you need to match, you need to add an escape character "\" in front of it. If you need to match other rule characters, do the same
- "(gif|jpg|swf)": means match any of "gif", "jpg" and "swf", and "$" means end. The final rule ends with ".gif", ".jpg", and ".swf", preceded by a string of 1 to more characters, that is, a file that matches the image type
- "http://www.test.com/error.png": indicates forwarding to this path