在LAMP环境搭载Discuz!(下)
1.在虚拟主机中实现用户验证
[root@localhostlogs]#vi/usr/local/apache2/conf/extra/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/data/www"
ServerName www.123.com
ServerAlias www.aaa.com
#用户认证
<Directory *>
AllowOverride AuthConfig
AuthName "study"
AuthType Basic
AuthUserFile /data/.htpasswd //存用户名和密码
require valid-user
</Directory>
#ErrorLog "logs/dummy-host.example.com-error_log" //错误日志
#CustomLog "logs/dummy-host.example.com-access_log" common //正常日志
</VirtualHost>
/data/.htpasswd文件的生成:
/usr/local/apache2/bin/htpasswd -c -m(md5)/data/.htpasswd [username] //第一次使用时要添加-c选项,若第二次还是用则会覆盖第一次的所产生的文件。
New password:
Re-typenew password:
[root@localhost mysql]# cat /data/.htpasswd
aming1:$apr1$60e7Z/11$31yiwDyX0iRSVGAuznpwn.
[root@localhost ~]# apache -t
Syntax OK
[root@localhost ~]# apache restart
注:
增加第二个用户的时候,就不要加-c了,因为-c是创建的意思,如果加上会把这个文件重写。
再次用浏览器进入论坛会出现以下窗口:
输入用户名和密码后就会进入论坛了。
2.配置域名跳转
在用户认证后添加以下内容:
#域名跳转
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.123.com$
RewriteRule ^/(.*)$ http://www.aaa.com/$1 [R=301,L]
</IfModule>
如果是多个域名,可以这样设置:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.123.com [OR]
RewriteCond %{HTTP_HOST} ^www.456.com$
RewriteRule ^/(.*)$ http://www.aaa.com/$1 [R=301,L]
</IfModule>
通过输入curl命令则可以验证域名跳转成功,但是如果未指定用户名则不能跳转
[root@localhost logs]# curl -u aming1:123456 -x127.0.0.1:80 www.123.com -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 02 May 2015 22:08:07 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
Location: http://www.aaa.com/
Cache-Control: max-age=0
Expires: Sat, 02 May 2015 22:08:07 GMT
Content-Type: text/html; charset=iso-8859-1
[root@localhost logs]# curl -u aming1:123456 -x127.0.0.1:80 www.aaa.com -I
HTTP/1.1 301 Moved Permanently
Date: Sat, 02 May 2015 22:08:14 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
X-Powered-By: PHP/5.3.28
location: forum.php
Cache-Control: max-age=0
Expires: Sat, 02 May 2015 22:08:14 GMT
Content-Type: text/html
以下为未输入用户名所得的结果:
[root@localhostmysql]#curl-x127.0.0.1:80www.aaa.com-I
HTTP/1.1401AuthorizationRequired
Date:Sat,02May201522:02:56GMT
Server:Apache/2.2.16(Unix)DAV/2PHP/5.3.28
WWW-Authenticate:Basicrealm="study"
Content-Type:text/html;charset=iso-8859-1
[root@localhostmysql]#curl-x127.0.0.1:80www.123.com-I
HTTP/1.1301MovedPermanently
Date:Sat,02May201522:02:58GMT
Server:Apache/2.2.16(Unix)DAV/2PHP/5.3.28
Location:http://www.aaa.com/
Cache-Control:max-age=0
Expires:Sat,02May201522:02:58GMT
Content-Type:text/html;charset=iso-8859-1
注:301与302区别——301暂时,302永久 ,401 Authorization Requied需要认证
配置apache的访问日志
[root@localhostlogs]#vi/usr/local/apache2/conf/extra/httpd-vhosts.conf
添加如下内容
#配置日志
ErrorLog "/usr/local/apache2/logs/dummy-host.example.com-error_log"
SetEnvIf Request_URI ".*\.gif$" p_w_picpath-request
SetEnvIf Request_URI ".*\.jpg$" p_w_picpath-request
SetEnvIf Request_URI ".*\.png$" p_w_picpath-request
SetEnvIf Request_URI ".*\.bmp$" p_w_picpath-request
SetEnvIf Request_URI ".*\.swf$" p_w_picpath-request
SetEnvIf Request_URI ".*\.js$" p_w_picpath-request
SetEnvIf Request_URI ".*\.css$" p_w_picpath-request
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/oem.discuz.qq.com-error_%Y%m%d.log 86400" combined env=!p_w_picpath-request
注:路径最好写绝对路径,同时也要写对,在实验时由于自己未写对路径就出现了错误。
若将生成日志的文件路径写错会出现以下错误。
[root@localhost logs]# curl -u aming1:123456 -x127.0.0.1:80 www.123.com -I
curl: (7) couldn't connect to host
[root@localhost logs]# curl -u aming1:123456 -x127.0.0.1:80 www.aaa.com -I
curl: (7) couldn't connect to host
配置静态文件缓存
[root@localhostlogs]#vi/usr/local/apache2/conf/extra/httpd-vhosts.conf
添加如下内容
#配置静态文件缓存
<IfModule mod_expires.c>
ExpiresActive on
ExpiresByType p_w_picpath/gif "access plus 1 days"
ExpiresByType p_w_picpath/jpeg "access plus 24 hours"
ExpiresByType p_w_picpath/png "access plus 24 hours"
ExpiresByType text/css "now plus 2 hour"
ExpiresByType application/javascript "now plus 2 hours"
ExpiresByType application/x-shockwave-flash "now plus 2 hours"
ExpiresDefault "now plus 0 min"
</IfModule>
注:我们在设置js文件时格式为x-javascript,curl后不能达到我们要的效果,我们将其该为javascript就可以了。
[root@localhostwww]#curl-uaming1:123456-x127.0.0.1:80www.aaa.com/2.js-I
HTTP/1.1200OK
Date:Sat,02May201522:43:13GMT
Server:Apache/2.2.16(Unix)DAV/2PHP/5.3.28
Last-Modified:Sat,02May201522:41:14GMT
ETag:"23277-0-5152106b3c108"
Accept-Ranges:bytes
Cache-Control:max-age=0
Expires:Sat,02May201522:43:13GMT
Content-Type:application/javascript
[root@localhostwww]#curl-uaming1:123456-x127.0.0.1:80www.aaa.com/2.js-I
HTTP/1.1200OK
Date:Sat,02May201522:44:14GMT
Server:Apache/2.2.16(Unix)DAV/2PHP/5.3.28
Last-Modified:Sat,02May201522:41:14GMT
ETag:"23277-0-5152106b3c108"
Accept-Ranges:bytes
Cache-Control:max-age=7200
Expires:Sun,03May201500:44:14GMT
Content-Type:application/javascript
这里补充说明一点,最后一行已经告诉了我们文件类型,比如这里是 Content-Type: application/javascript,如果对于 css 文件,则为 Content-Type: text/css ,对于 jpg/jpeg 文件,则为 Content-Type: p_w_picpath/jpeg ,只需要将该类型配置到 ExpiresByType 中就可以对相应文件进行缓存了。
配置防盗链
添加如下内容:
#配置防盗链
SetEnvIfNoCase Referer "^http://www.123.com" local_ref
SetEnvIfNoCase Referer ".*www.aaa.com" local_ref
SetEnvIfNoCase Referer "^$" local_ref
<filesmatch "\.(txt|doc|mp3|zip|rar|jpg|gif)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
实验结果:
[root@localhost www]# curl -u aming1:123456 -e"www.aaa.com/safsaf" -x127.0.0.1:80 www.aaa.com/1.txt -I
HTTP/1.1 200 OK
Date: Sat, 02 May 2015 22:59:35 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
Last-Modified: Sat, 02 May 2015 15:22:31 GMT
ETag: "2325b-a-5151ae5c57002"
Accept-Ranges: bytes
Content-Length: 10
Cache-Control: max-age=0
Expires: Sat, 02 May 2015 22:59:35 GMT
Content-Type: text/plain
[root@localhost www]# curl -u aming1:123456 -e"http://www.123.com/safsaf" -x127.0.0.1:80 www.aaa.com/1.txt -I
HTTP/1.1 200 OK
Date: Sat, 02 May 2015 23:00:34 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
Last-Modified: Sat, 02 May 2015 15:22:31 GMT
ETag: "2325b-a-5151ae5c57002"
Accept-Ranges: bytes
Content-Length: 10
Cache-Control: max-age=0
Expires: Sat, 02 May 2015 23:00:34 GMT
Content-Type: text/plain
[root@localhost www]# curl -e "www.baidu.com" -u aming1:123456 -x127.0.0.1:80 www.aaa.com/1.txt -I
HTTP/1.1 403 Forbidden
Date: Sat, 02 May 2015 22:57:23 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
Content-Type: text/html; charset=iso-8859-1
[root@localhost www]# curl -e "www.qq.com" -u aming1:123456 -x127.0.0.1:80 www.aaa.com/1.txt -I
HTTP/1.1 403 Forbidden
Date: Sat, 02 May 2015 22:57:44 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.3.28
Content-Type: text/html; charset=iso-8859-1
访问控制
<Directory /data/www/>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
针对请求的uri去限制
<filesmatch "(.*)admin(.*)">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</filesmatch>
某个某陆下禁止解析php
<Directory /data/www/path>
php_admin_flag engine off
<filesmatch "(.*)php">
Order deny,allow
Deny from all
</filesmatch>
</Directory>
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
