Chapter IV Apache Web optimization and security
A, Apache page optimization
1, page compression
speed of site visits factors: application response network transmission speed between speed, network bandwidth, server performance, and clients. The most important factor is that a = Apache itself, and therefore enhance the Apache execution speed (using web compression) is the most cost-effective choice.
(1) gzip introduced
a popular file compression algorithm, you can fry about 70% of the file size. Gzip using the Apache module may use the Web content compression algorithm and then transmitted to the client browser, thus speeding up the page load
(2) HTTP compression process
① After the server receives the HTTP request, to check whether the browser supports compression ( Accept-Encoding information)
② If so, the server checks the requested file suffix, such as HTML, CSS and other static files, the server will look for the existence in the compression cache directory latest compressed file
③ If there is no new compressed file, the server will return uncompressed request file, and store the compressed file the request in the cache directory
④ If the new compressed file exists, then returned directly compressed file requests
⑤ If the request is a dynamic file, the server dynamically compress content and returns to the browser, but content is not stored in the cache directory
(3) Apache compression modules
① the Apache 1.x series is not Neijiang page compression technology, the use of third-party compression module mod_gzip
② 2.x series built mod_deflate module to replace mod_gzip
③ mod_gzip server cpu usage higher, but higher compression efficiency
(4) mod_deflate module installation configuration
① check whether the installed modules: apachectl -t -D DUMP_MODULES | grep the deflate
② installed modules:
1) Stop the httpd service
2) increase recompile option to install: --enable-the deflate
③ enabled module: in httpd.conf file, add:
. 1) AddOutputFilterByType the DEFLATE text / HTML text / Plain text / CSS text / XML text / JavaScript
2) DeflateCompressionLevel. 9
. 3) SetOutputFilter the DEFLATE
④ detection conf syntax: apachectl -t
⑤ detection module is installed (with 1)
⑥ restart the httpd service
⑦ use packet capture software to test whether the entry into force
2, page cache
page cache is often part does not change or changes very little page cache, browser access again next time, you do not need to go to download these pages, thereby increasing the speed of user access
(1) Check the module installation: -t -D DUMP_DODULES apachectl | grep the Expires
(2) install the module
① stop the httpd service
② recompile and install options added: --enable-the Expires
(3) enable module configuration: modify the httpd.conf
① <IfModule mod_expires.c>
② the On ExpiresActive
③ the ExpiresDefault "Access PLUS 600 seconds The"
④ </ IfModule>
(. 4) detects conf syntax: apachectl -t
(. 5) checking module is installed (with 1)
(6) httpd service opening
(7) through capture software testing is in effect
二、Apache安全优化
1、防盗链
HTTP协议的Referer字段记录可追溯上一个入站地址,防盗链方法都是基于这个字段实现
(1)防盗链配置
①检查是否安装mod_rewirte模块:apachectl -t -D DUMP_MODULES | grep rewrite
②安装模块:--enable-rewrite
③启用模块:编辑httpd.conf文件
<Directory "/var/www/html/abc">
Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://abc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.abc.com/error.png
</Directory>
④conf语法检测:apache -t
⑤检查模块是否安装(同1)
(2)匹配规则表
①%{HTTP_REFERER}:浏览header中的连接字段
②!^:不以后面的字符串开头
③.*?:不以任意字符结尾
④NC:不区分大小写
⑤R:强制跳转
⑥?:匹配0-1个字符
⑦*:匹配0到多个字符
⑧+:匹配1到多个字符
⑨^:字符串开始标志
⑩$:字符串结束标志
⑪.:匹配任意单字符
2、隐藏版本
(1)修改httpd.conf配置文件
①Include conf/extra/httpd-default.conf
(2)修改httpd-default.conf文件
①ServerTokens Prod
②ServerSignature Off
(3)ServerTokens输出格式
①Prod:Server Apache
②Major:Server Apache/2
③Minor:Server Apache/2.0
④OS:Server Apache/2.0.41(Unix)
⑤Full:Server Apache/2.0.41(Unix)PHP/4.2.2MyMod/1.2
