1、配置用户认证
<Directory /data/discuz/passwd> AllowOverride AuthConfig AuthName "自定义的" AuthType Basic AuthUserFile /data/.htpasswd require valid-user </Directory>
1) AuthName命令:指定认证区域名称。区域名称是在提示要求认证的对话框中显示给用户的。
2) AuthType命令:指定认证类型。在HTTP1.0中,只有一种认证类型:basic。在HTTP1.1中有几种认证类型,如:MD5。
3) AuthUserFile命令:指定一个包含用户名和密码的文本文件,每行一对。
4) AuthGroupFile命令:指定包含用户组清单和这些组的成员清单的文本文件。组的成员之间用空格分开,如:
managers:user1 user2
5) require命令:指定哪些用户或组才能被授权访问。如:
require user user1 user2(只有用户user1和user2可以访问)
requires groups managers (只有组managers中成员可以访问)
require valid-user (在AuthUserFile指定的文件中任何用户都可以访问)
cd /data/discuz/passwd
htpasswd -c /data/.htpasswd user1
htpasswd /data/.htpasswd user2
apachectl graceful
2、默认虚拟主机
如果在现有的web服务器上增加虚拟主机,必须也为现存的主机建造一个<VirtualHost>定义块。其中ServerName和DocumentRoot所包含的内容应该与全局的保持一致,且要放在配置文件的最前面,扮演默认主机的角色。
<VirtualHost *:80> DocumentRoot "/data/default" ServerName www.default.com </VirtualHost>
3.域名301跳转
Rewirte主要的功能就是实现URL的跳转,它的正则表达式是基于Perl语言。可基 于服务器级的(httpd.conf)和目录级的 (.htaccess)两种方式。如果要想用到rewrite模块,必须先安装或加载rewrite模块。方法有两种一种是编译apache的时候就直接 安装rewrite模块,别一种是编译apache时以DSO模式安装apache,然后再利用源码和apxs来安装rewrite模块
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_HOST} ^www.nyan.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain2.com$
RewriteRule ^(/.*)$ http://www.test.com/$1 [R=301,L] </IfModule>
4.日志切割
at /usr/local/apache/conf/httpd.conf
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
==>
ErrorLog "logs/test.com-error_log"
CustomLog "| /usr/local/apache/bin/rotatelogs /usr/local/apache/logs/test.com-access_log_%Y_%m_%d 86400" combined
5.不记录指定文件
ErrorLog "logs/test.com-error_log" SetEnvIf Request_URI ".*.gif$" image-request SetEnvIf Request_URI ".*.jpg$" image-request SetEnvIf Request_URI ".*.png$" image-request SetEnvIf Request_URI ".*.bmp$" image-request SetEnvIf Request_URI ".*.swf$" image-request SetEnvIf Request_URI ".*.js$" image-request SetEnvIf Request_URI ".*.css$" image-request CustomLog "|/usr/local/apache2/bin/rotatelogs -l /usr/local/apache2/logs/test.com-access_%Y%m%d_log 86400" combined env=!image-request
6.配置静态缓存
默认缓存时间是10天,css缓存时间是14天
<IfModule mod_expires.c>
# mod_expires
ExpiresActive on
ExpiresDefault A864000
ExpiresBytype text/css “access plus 14 days
ExpiresByType text/javascript “access plus 14 days ”
ExpiresByType application/x-javascript “access plus 14 days ”
ExpiresByType application/x-shockwave-flash “access plus 14 days ”
ExpiresByType image/* “access plus 14 days ”
ExpiresByType text/html “access plus 14 days ”
<FilesMatch “.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|jpg|gif)$”>
ExpiresDefault A864000
</FilesMatch>
</IfModule>
7.配置防盗链
SetEnvIfNoCase Referer "^http://.*.test.com" local_ref
SetEnvIfNoCase Referer ".*.nyan.com" local_ref
<filesmatch ".(txt|doc|png|jpeg|js|css|zip|gif|rar|mp3)">
Order Allow,Deny
Allow from env=local_ref
</filesmatch>
SetEnvIfNoCase Referer "^http://.*.test.com" local_ref SetEnvIfNoCase Referer ".*.nyan.com" local_ref <filesmatch ".(txt|doc|png|jpeg|js|css|zip|gif|rar|mp3)"> Order Allow,Deny Allow from env=local_ref </filesmatch>
8.访问控制
curl -x192.168.1.106:80 -I http://www.test.com/forum.php
curl -x192.168.178.128:80 -I http://www.test.com/forum.php
curl -x127.0.0.1:80 -I http://www.test.com/forum.php
AllowOverride None //禁止读取.htaccess配置文件的内容
<Directory "/data/discuz"> AllowOverride None Options None Order Allow,Deny
Allow from all Deny from 127.0.0.1 192.168.178.128 </Directory>
9.禁止解析PHP
<Directory "/data/discuz/data"> php_admin_flag engine off <filesmatch "(.*)php"> Order Deny,Allow Deny from all ALlow from 127.0.0.1 </filesmatch> </Directory>
10.禁止指定user_agent
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP_HOST} ^www.nyan.com$ RewriteRule ^(/.*)$ http://www.test.com/$1 [R=301,L] RewriteCond %{HTTP_USER_AGENT} ".*curl.*" [NC,OR] RewriteCond %{HTTP_USER_AGENT} ".*chrom*" [NC] RewriteRule .* - [F] </IfModule>
[NC,OR]不区分大小写