Apache connections remain
Apache holding connection parameters
-
KeepAlive
- Whether the connection remains open, OFF closed, ON open
-
KeepAlive' Timeout
- The maximum time interval between connecting multiple requests, the request this time is exceeded twice disconnected
- MaxKeepAliveRequests
- The maximum number of requests that can be transmitted once the connection
Apache access control
-
effect
- Control access to the site resources
- Add access authorization for a particular Web site directories
- Common access control
- Client address restriction
- User authorization restrictions
Client-based access control address
-
Use
Require
configuration item access control, according to the order restrictions -
It can be used in
<Location>、<Directory>、<Files>、 <Limit>
the configuration section Require
Common syntax of configuration items
Require all granted
Require all denied
Require local
Require [not] host <主机名或域名列表>
//使用not禁止访问时要将其置于<RequireAll> </RequireAll>容器中并在容器中指定相应的限制策略
Require [not] ip <IP地址或网段列表>
Configuration Example
In the Linux
installation of the system in DNS、HTTP
service, and set up DNS
the service.
[root@localhost ~]# yum install bind httpd -y //安装服务
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
...//省略部分内容...
已安装:
bind.x86_64 32:9.11.4-9.P2.el7 httpd.x86_64 0:2.4.6-90.el7.centos
...//省略部分内容...
完毕!
[root@localhost conf]# vim /etc/named.conf //编辑DNS配置文件
...//省略部分内容...
options {
listen-on port 53 { any; }; //更改IP地址为any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //更改监听主机为any
...//省略部分内容...
:wq
[root@localhost conf]# vim /etc/named.rfc1912.zones //编辑区域配置文件
...//省略部分内容...
zone "kgc.com" IN { //更改域名
type master;
file "kgc.com.zone"; //更改区域数据文件名
allow-update { none; };
};
...//省略部分内容...
:wq
[root@localhost conf]# cd /var/named/ //进入区域数据文件目录
[root@localhost named]# ls //查看目录
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost kgc.com.zone //复制区域数据文件
[root@localhost named]# vim kgc.com.zone //进入编辑文件
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.144.133 //设置域名解析
:wq //保存退出
Turn both win 10 clients, and view the client IP address
In the Linux system to enter service site http directory, edit the contents of the home page, and open DNS, HTTP service, turn off the firewall and enhanced security features
[root@localhost named]# cd /var/www/html/ //进入http服务站点目录
[root@localhost html]# vim index.html //编辑默认主页
<h1>this is kgc web</h1> //编辑内容
:wq
[root@localhost html]# ls //查看
index.html
[root@localhost html]# cat index.html //查看网页内容
<h1>this is kgc web</h1>
[root@localhost html]# systemctl start httpd.service //启动http服务
[root@localhost html]# systemctl start named //启动DNS服务
[root@localhost html]# systemctl stop firewalld.service //关闭防火墙
[root@localhost html]# setenforce 0 //关闭增强性安全功能
Using two win 10, respectively client access to site information, to see whether the service is normally provided
Configuring the HTTP service profile in the Linux system, set up client access
[root@localhost html]# vim /etc/httpd/conf/httpd.conf
//编辑主配置文件内容(现网中不建议直接修改主配置文件内容,可以重新添加子配置文件进行限制)
...//省略部分内容...
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
<RequireALL> //在此容器下添加子容器
Require not ip 192.168.144.128
//添加限制访问主机的IP地址(如若限制网段直接添加192.168.144.0/24即可,注意限制网段需填写子网掩码)
Require all granted
</RequireALL>
</Directory>
...//省略部分内容...
:wq
[root@localhost html]# systemctl restart httpd.service
View limited first win 10 whether the client can also visit the website
User authorization restrictions
Configuration Example
Create a user authentication database
[root@localhost html]# htpasswd -c /etc/httpd/conf/pwd test01
//创建用户认证数据库(-c为创建,如果已经存在数据认证文件可以不用-c,直接就可以使用命令添加进认证文件中)
New password: //输入设置的密码
Re-type new password: //再次输入密码
Adding password for user test01 //成功创建
[root@localhost html]# cd /etc/httpd/conf //进入目录
[root@localhost conf]# ls //查看
httpd.conf magic pwd //成功创建文件
[root@localhost conf]# cat pwd //查看文件内容
test01:$apr1$zDZ/54yz$rUCXaWixaltHE6ZBvjv0h/ //创建的用户及密码
Add User Authorization Configuration
[root@localhost conf]# vim httpd.conf
...//省略部分内容...
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
AuthName "DocumentRoot" //更改上面的访问控制条目,此条目声明验证信息
AuthType Basic //验证类型为基本验证
AuthUserFile /etc/httpd/conf/pwd //验证文件路径
Require valid-user //设置为授权用户验证
</Directory>
...//省略部分内容...
:wq //保存退出
[root@localhost conf]# systemctl restart httpd.service //重新启动服务
Verify the configuration in the client