Apache Web optimization and security
Apache Web Optimization
1. Compression page
2. Web cache
Apache Security Optimization
1. Configure anti-hotlinking
2. Hide the version information
Apache Web Optimization Overview
1. In business, only after the deployment of Apache default configuration parameters, can cause a lot of problems the site, in other words the default configuration is configured for low before the server, previous configuration no longer applicable in today's Internet age
2. In order to meet business needs, we need to consider how to enhance the performance and stability of the Apache, which is optimized for the Apache
3. Optimizing Content
Configuration page compression
operating mode selection and parameter optimization
configuration security chain
configuration hide the version number
gzip Introduction
Configuring Apache Web compression, using gzip compression algorithm to compress and then transmit the content of pages to the client browser
effect:
1. Reduce the number of bytes transmitted over the network, speed up page load
2. save traffic, improve the user's browsing experience
3.gzip search bow | engine crawlers have a better relationship
Apache compression modules
Apache web page compression to achieve functional modules include:
1.mod_gzip module
2.mod_deflate module
Apache 1.x .
1. There is no built-in web compression technology, but can use third-party mod_
Apache 2.x
1. During development, built mod_deflate this module, replace mod_gzip
mod_ gzip module and mod_deflate modules:
1. Both use gzip compression algorithm, the principle of operation is similar to
2.mod_deflate compressed slightly faster, but slightly higher compression ratio mod_gzip
3.mod_gzip occupation of the server CPU to be higher
4. high traffic servers may use mod_deflate loading speed faster than mod_gzip
Configuration page compression
First check whether the installation mod_ deflate module:
1. Run the DUMP -D -t apachectl the MODULES command
2. If the output is not the deflate Module1 (static), when compiled instructions is not installed
mod_ deflate module
If you do not have to re-install to compile and install:
1../configure --enable-deflate...
2.make && make install
In the open configuration httpd.conf configuration gzip functions:
1.AddOutputFilterByType DEFL ATE text/html text/plain text/css
text/xml textjavascript
2.DeflateCompressionL evel
3.SetOutputFilter DEFL .ATE
The first row represents Enable gzip compression for what kind of content
The second line represents the compression level
The third line represents the output of the module is enabled deflate this site are gzip compression
Demo: Compression
[root@localhost ~]# mkdir /aaa
[root@localhost ~]# mount.cifs //192.168.10.12/rpm /aaa
Password for root@//192.168.10.12/rpm:
[root@localhost ~]# cd /aaa
[root@localhost aaa]# ls
LAMP
[root@localhost aaa]# cd LAMP/
[root@localhost LAMP]# ls
apr-1.6.2.tar.gz error.png
apr-util-1.6.0.tar.gz ha.jpg
awstats-7.6.tar.gz httpd-2.4.29.tar.bz2
cronolog-1.6.2-14.el7.x86_64.rpm mysql-5.6.26.tar.gz
Discuz_X2.5_SC_UTF8.zip php-5.6.11.tar.bz2
[root@localhost LAMP]# tar jxvf httpd-2.4.29.tar.bz2 -C /opt
[root@localhost LAMP]# tar zxvf apr-1.6.2.tar.gz -C /opt/
[root@localhost LAMP]# tar zxvf apr-util-1.6.0.tar.gz -C /opt
[root@localhost LAMP]# cd /opt/
[root@localhost opt]# ls
apr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh
[root@localhost opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr
[root@localhost opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util
[root@localhost opt]# yum install gcc gcc-c++ pcre pcre-devel zlib-devel expat-devel -y
[root@localhost opt]# cd httpd-2.4.29/
[root@localhost httpd-2.4.29]# ls
ABOUT_APACHE CMakeLists.txt INSTALL NWGNUmakefile
acinclude.m4 config.layout InstallBin.dsp os
Apache-apr2.dsw configure LAYOUT README
Apache.dsw configure.in libhttpd.dep README.cmake
apache_probes.d docs libhttpd.dsp README.platforms
ap.d emacs-style libhttpd.mak ROADMAP
build httpd.dep LICENSE server
BuildAll.dsp httpd.dsp Makefile.in srclib
BuildBin.dsp httpd.mak Makefile.win support
buildconf httpd.spec modules test
CHANGES include NOTICE VERSIONING
[root@localhost httpd-2.4.29]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-charset-lite --enable-cgi
[root@localhost httpd-2.4.29]# make
[root@localhost httpd-2.4.29]# make install
[root@localhost httpd-2.4.29]# cd /usr/local/httpd/
[root@localhost httpd]# ls
bin cgi-bin error icons lib man modules
build conf htdocs include logs manual
[root@localhost httpd]# cd conf
[root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# vim httpd.conf
[root@localhost conf]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
[root@localhost conf]# vim /etc/httpd.conf
/deflate,搜索这个关键词
LoadModule deflate_module modules/mod_deflate.so //此行去除注释
/headers,搜索这个关键词
LoadModule headers_module modules/mod_headers.so //此行需要去除注释
/filter,搜索这个关键词
LoadModule filter_module modules/mod_filter.so //此行需要去除注释
/Listen,搜索这个关键词
Listen 192.168.18.128:80
#Listen 80
/ServerName,搜索这个关键词
ServerName www.kgc.com:80
按大写字母G到末行,按o转下行插入
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/ipg text/png
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
//修改结束后按Esc退出,输入:wq保存退出
[root@localhost conf]# /usr/local/httpd/bin/apachectl -t
Syntax OK
//验证语法是否正确
[root@localhost conf]# /usr/local/httpd/bin/apachectl start
[root@localhost conf]# netstat -ntap | grep 80
tcp 0 0 192.168.18.128:80 0.0.0.0:* LISTEN 82881/httpd [root@localhost conf]# ls
extra httpd.conf magic mime.types original
[root@localhost conf]# cd ..
[root@localhost httpd]# ls
bin cgi-bin error icons lib man modules
build conf htdocs include logs manual
[root@localhost httpd]# cd htdocs/
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# cat index.html
<html><body><h1>It works!</h1></body></html>
[root@localhost htdocs]# cd /usr/local/httpd/bin/
[root@localhost bin]# ./apachectl -t -D DUMP_MODULES | grep "deflate"
deflate_module (shared)
verification:
Browser and enter the IP address of the other party in win10 using: 192.168.18.128
At this point you can display the home page: It works!
We can see the use of packet capture software to crawl the pages can support compression, if we want to see at this time compression, it is necessary to add images to a page, the picture will appear compressed information when such access again
Add a picture to the page:
[root@localhost bin]# cd /aaa/LAMP
[root@localhost LAMP]# ls
apr-1.6.2.tar.gz ha.jpg
apr-util-1.6.0.tar.gz httpd-2.4.29.tar.bz2
awstats-7.6.tar.gz lf.jpg
cronolog-1.6.2-14.el7.x86_64.rpm mysql-5.6.26.tar.gz
Discuz_X2.5_SC_UTF8.zip php-5.6.11.tar.bz2
error.png
[root@localhost LAMP]# cp lf.jpg /usr/local/httpd/htdocs/ //把图片复制到对应的文件夹
[root@localhost LAMP]# cd /usr/local/httpd/
[root@localhost httpd]# cd htdocs/
[root@localhost htdocs]# ls
index.html lf.jpg
[root@localhost htdocs]# vim index.html
<html><body><h1>It works!</h1>
<img src="lf.jpg"/>
</body></html>
//格式做以上更改,在当中插入图片,按Esc退出,输入:wq保存退出
Go back to the page validate:
You can see the picture added after enter the IP address, we can see through packet capture software to crawl Offers picture has carried gzip compression process information at a port
FIG using the following procedure: