接上文 ---------------lamp(2)虚拟主机(用户认证,域名跳转)--------------
八、访问日志
1.查看日志
cat abc.com-access_log
九、不访问静态文件
1.配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容:添加
把前面的111.com 换成www.111.com
SetEnvIf Request_URI ".*\.gif$" imgSetEnvIf Request_URI ".*\.jpg$" imgSetEnvIf Request_URI ".*\.png$" imgSetEnvIf Request_URI ".*\.bmp$" imgSetEnvIf Request_URI ".*\.swf$" imgSetEnvIf Request_URI ".*\.js$" imgSetEnvIf Request_URI ".*\.css$" imgCustomLog "logs/111.com-access_log" combined env=!img
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
上传图片
在www.111.com/下创建一个images
cd /usr/local/apache2.4/docs/www.111.com/
mkdir images
上传图片
3.访问网站
curl -xlocalhost:80 www.111.com/images/01.jpeg -I
curl -xlocalhost:80 www.111.com/images/02.jpg -I
查看日志是否记录
!!可以看到只记录 了01.jpeg的日志,配置的文件中没有禁用jpeg格式的img,禁用了的不会记录
十、日志切割
1.配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容:修改
CustomLog "|/usr/local/apache2.4/bin/rotatelogs -l logs/www.111.com-access_%Y%m%d.log 86400" combined env=!img
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
2.访问网站
3.查看日志
tail www.111.com-access_20210608.log
十一、配置静态元素过期时间
1.配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
添加模块: (去掉注释)
<IfModule mod_expires.c>ExpiresActive on //打开该功能的开关ExpiresByType image/gif "access plus 1 days"ExpiresByType image/jpeg "access plus 24 hours"ExpiresByType image/png "access plus 24 hours"ExpiresByType text/css "now plus 2 hour"ExpiresByType application/x-javascript "now plus 2 hours"ExpiresByType application/javascript "now plus 2 hours"ExpiresByType application/x-shockwave-flash "now plus 2 hours"ExpiresDefault "now plus 0 min"
</IfModule>
在主配置文件中吧模块注释去掉
vim /usr/local/apache2.4/conf/httpd.conf
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
2.访问网页
curl -xlocalhost:80 www.111.com/images/02.jpg -I
其中Cache-Control:代表过期时间的年龄
Expires:代表什么时候过期
十二、访问控制
1.白名单配置
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容增加:
<Directory /usr/local/apache2.4/docs/www.111.com/admin/>Order deny,allowDeny from allAllow from 127.0.0.1</Directory>
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
只允许127.0.0.1进入网站
2.针对单个网站拒绝访问
配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容:
<Directory /usr/local/apache2.4/docs/www.111.com><FilesMatch "admin.php(.*)">Order deny,allowDeny from allAllow from 127.0.0.1</FilesMatch>
</Directory>
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
www.111.com下的admin.php开头的不能访问
3.禁止php解析
配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容;
<Directory /usr/local/apache2.4/docs/www.111.com/upload>php_admin_flag engine off</Directory>
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
3.user_agent
配置主机文件
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
内容添加:
<IfModule mod_rewrite.c>RewriteEngine onRewriteCond %{
HTTP_USER_AGENT} .*curl.* [NC,OR]RewriteCond %{
HTTP_USER_AGENT} .*baidu.com.* [NC]RewriteRule .* - [F]</IfModule>
验证并重新加载
/usr/local/apache2.4/bin/apachectl -t
/usr/local/apache2.4/bin/apachectl graceful
可以指定用户