本文共 8183 字,大约阅读时间需要 27 分钟。
针对目录做认证:
# vim /etc/httpd24/extra/httpd-vhosts.conf //编辑虚拟主机配置ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111.com ServerAlias www.123.cn AllowOverride AuthConfig AuthName "账号密码访问" AuthType Basic AuthUserFile /data/.htpasswd require valid-user ErrorLog "logs/111.com-error_log"
htpasswd命令
这里创建账号密码使用的就是htpasswd命令#htpasswd -hhtpasswd [-cmdpsD] passwordfile usernamehtpasswd -b[cmdpsD] passwordfile username passwordhtpasswd -n[mdps] usernamehtpasswd -nb[mdps] username passwordhtpasswd命令选项参数说明:-c创建一个加密文件。-n不更新加密文件,只将htpasswd命令加密后的用户名和密码显示在屏幕上。-m默认htpassswd命令采用MD5算法对密码进行加密,该参数默认情况下可以不加。-d表示htpassswd命令采用CRYPT算法对密码进行加密。-s表示htpassswd命令采用SHA算法对密码进行加密。-p表示htpassswd命令不对密码进行进行加密,即明文密码。-b表示在htpassswd命令行中一并输入用户名和密码而不是根据提示输入密码。-D表示删除指定的用户。
# htpasswd -c -m /data/.htpasswd aiker //创建密码文件,新增账号密码,-m使用MD5加密,-c为创建加密文件New password: Re-type new password: Adding password for user aiker# cat /data/.htpasswd //查看生成的账号密码,密码是加密过的,aiker:$apr1$7t9qXYLd$hGI0tZXjCnEydaaqLER3b0# apachectl-t //检查配置# apachectl graceful //重新加载配置
htpasswd -n aiker也是一样的效果,-n后面一定要跟存在的账号,不更新密码文件,只显示加密后的用户名和密码
htpasswd -nb /data/.htpasswd aiker 123456
利用htpasswd命令删除用户名和密码
htpasswd -D /data/.htpasswd aiker
利用htpasswd命令修改密码
htpasswd -D /data/.htpasswd aikerhtpasswd -b /data/.htpasswd aiker 123456
先使用htpasswd删除命令删除指定用户,再利用htpasswd添加用户命令创建用户即可实现修改密码的功能。
# curl -I -xlocalhost:80 111.comHTTP/1.1 401 UnauthorizedDate: Wed, 07 Mar 2018 17:40:17 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1WWW-Authenticate: Basic realm="账号密码访问" //如果设置了验证没有认证就会报错Content-Type: text/html; charset=iso-8859-1
[root@localhost src]# htpasswd -c -m /data/.htpasswd aiker //重新创建账号密码,会覆盖之前的设置New password: Re-type new password: Adding password for user aiker[root@localhost src]# curl -I -xlocalhost:80 111.com -uaiker:ederewHTTP/1.1 200 OKDate: Wed, 07 Mar 2018 17:44:31 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1X-Powered-By: PHP/7.2.1Content-Type: text/html; charset=UTF-8
利用htpasswd命令添加用户
# htpasswd -bc /data/.htpasswd aiker phpss //密码:phpss,默认采用MD5加密方式。
在原有密码文件中增加下一个用户
[root@localhost src]# htpasswd -b -m /data/.htpasswd gavin //在原来密码文件中新增一个账号,去掉-c选项,即可在第一个用户之后添加第二个用户,依此类推。New password: Re-type new password: Adding password for user gavin
[root@localhost src]# curl -I -xlocalhost:80 111.com -ugavinEnter host password for user 'gavin':HTTP/1.1 200 OKDate: Wed, 07 Mar 2018 17:43:51 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1X-Powered-By: PHP/7.2.1Content-Type: text/html; charset=UTF-8
单个文件认证:
ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111.com ServerAlias www.123.cn# #目录认证 ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common#匹配文件认证 AllowOverride AuthConfig AuthName "账号密码访问" AuthType Basic AuthUserFile /data/.htpasswd require valid-user #
[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.phpHTTP/1.1 401 UnauthorizedDate: Wed, 07 Mar 2018 17:53:42 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1WWW-Authenticate: Basic realm="账号密码访问"Content-Type: text/html; charset=iso-8859-1
[root@localhost 111.com]# curl -I -xlocalhost:80 111.com/yhtz.php -uaikerEnter host password for user 'aiker':HTTP/1.1 200 OKDate: Wed, 07 Mar 2018 17:53:55 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1X-Powered-By: PHP/7.2.1
111.com做为主域名,把www.123.cn域名跳转到111.com
# sed -i 38,44s/^/#/g /etc/httpd24/extra/httpd-vhosts.conf 注释认证,让配置看起来更容易注释后的虚拟主机配置 ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111.com ServerAlias www.123.cn# #目录认证# ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" common#匹配文件认证# AllowOverride AuthConfig# AuthName "账号密码访问"# AuthType Basic# AuthUserFile /data/.htpasswd# require valid-user# #
[root@localhost 111.com]# apachectl -M | grep rewrit rewrite_module (shared) //若无该模块,需要编辑配置文件httpd.conf,删除rewrite_module (shared) 前面的#
ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111.com ServerAlias www.123.cn #加载rewrite模块,httpd.conf里rewrite去掉注释启用 RewriteEngine on #启用rewrite引擎 RewriteCond %{HTTP_HOST} !^111.com$ #定义rewrite的条件,主机名(域名)不是111.com满足条件 RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L] #定义rewrite规则,当满足上面的条件时,这条规则才会执行 ##目录认证# ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" combined#匹配文件认证# AllowOverride AuthConfig# AuthName "账号密码访问"# AuthType Basic# AuthUserFile /data/.htpasswd# require valid-user# #
测试:
# curl -I -xlocalhost:80 www.123.cnHTTP/1.1 301 Moved PermanentlyDate: Wed, 07 Mar 2018 18:39:21 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1Location: http://111.com/Content-Type: text/html; charset=iso-8859-1curl -x192.168.0.173:80 www.123.cn/aaa/bbb -IHTTP/1.1 301 Moved PermanentlyDate: Wed, 07 Mar 2018 18:46:09 GMTServer: Apache/2.4.29 (Unix) PHP/7.2.1Location: http://111.com/aaa/bbbContent-Type: text/html; charset=iso-8859-1
# vim /etc/httpd24/httpd.conf //修改apache配置文件默认的日志:# # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined //日志格式,后面的host文件是引用这个格式的名字 LogFormat "%h %l %u %t \"%r\" %>s %b" common # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a# container, they will be logged here. Contrariwise, if you *do* # define per- access logfiles, transactions will be # logged therein and *not* in this file. # CustomLog "logs/access_log" common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # #CustomLog "logs/access_log" combined
ServerAdmin webmaster@111.com DocumentRoot "/home/wwwroot/111.com" ServerName 111.com ServerAlias www.123.cn RewriteEngine on RewriteCond %{HTTP_HOST} !^111.com$ RewriteRule ^/(.*)$ http://111.com/$1 [R=301.L] ##目录认证# ErrorLog "logs/111.com-error_log" CustomLog "logs/111.com-access_log" combined //引用之前定义的日志格式命名#匹配文件认证# AllowOverride AuthConfig# AuthName "账号密码访问"# AuthType Basic# AuthUserFile /data/.htpasswd# require valid-user# #
实时查看日志记录:
[root@localhost ~]# tail -f /usr/local/apache2.4/logs/111.com-access_log ::1 - - [09/Mar/2018:01:01:46 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223192.168.0.190 - aiker [09/Mar/2018:01:02:05 +0800] "GET / HTTP/1.1" 200 8192.168.0.190 - aiker [09/Mar/2018:01:02:16 +0800] "GET / HTTP/1.1" 200 8192.168.0.190 - aiker [09/Mar/2018:01:03:02 +0800] "GET / HTTP/1.1" 200 8192.168.0.190 - aiker [09/Mar/2018:01:03:03 +0800] "GET / HTTP/1.1" 200 8192.168.0.190 - aiker [09/Mar/2018:01:03:04 +0800] "GET / HTTP/1.1" 200 8192.168.0.190 - aiker [09/Mar/2018:01:03:05 +0800] "GET / HTTP/1.1" 200 8::1 - - [09/Mar/2018:01:03:29 +0800] "GET HTTP://www.123.cn/ HTTP/1.1" 301 223 "-" "curl/7.29.0"::1 - - [09/Mar/2018:01:03:33 +0800] "GET HTTP://111.com/ HTTP/1.1" 200 8 "-" "curl/7.29.0"192.168.0.190 - aiker [09/Mar/2018:01:03:42 +0800] "GET / HTTP/1.1" 200 8 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
在对应的 虚拟主机 配置文件中加入
php_admin_flag short_open_tag on 短标签作用
如果不开启短标签,服务器将无法解析如下形式的PHP文件:只能解析下面这种PHP文件:
转载于:https://blog.51cto.com/235571/2120556