溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

詳述CentOS 7中Apache配置與應(yīng)用(一)

發(fā)布時(shí)間:2020-09-22 05:59:19 來源:網(wǎng)絡(luò) 閱讀:2755 作者:SiceLc 欄目:系統(tǒng)運(yùn)維

Apache連接保持

Apache連接保持相關(guān)參數(shù)

  • KeepAlive

    • 是否打開連接保持,OFF關(guān)閉,ON打開

  • KeepAlive' Timeout

    • 一次連接多次請(qǐng)求之間的最大間隔時(shí)間,兩次請(qǐng)求超過該時(shí)間連接斷開
  • MaxKeepAliveRequests
    • 一次連接能夠 傳輸?shù)淖畲笳?qǐng)求數(shù)量

Apache訪問控制

  • 作用

    • 控制對(duì)網(wǎng)站資源的訪問
    • 為特定的網(wǎng)站目錄添加訪問授權(quán)
  • 常用訪問控制方式
    • 客戶機(jī)地址限制
    • 用戶授權(quán)限制

基于客戶端地址的訪問控制

  • 使用Require配置項(xiàng)實(shí)現(xiàn)訪問控制,按先后順序限制

  • 可用于<Location>、<Directory>、<Files>、 <Limit>配置段中

  • Require配置項(xiàng)的常見語法
Require all granted
Require all denied
Require local
Require [not] host <主機(jī)名或域名列表>
//使用not禁止訪問時(shí)要將其置于<RequireAll> </RequireAll>容器中并在容器中指定相應(yīng)的限制策略
Require [not] ip <IP地址或網(wǎng)段列表>

配置實(shí)例

Linux系統(tǒng)中安裝DNS、HTTP服務(wù),并設(shè)置DNS服務(wù)。

[root@localhost ~]# yum install bind httpd -y   //安裝服務(wù)
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
...//省略部分內(nèi)容...
已安裝:
  bind.x86_64 32:9.11.4-9.P2.el7                    httpd.x86_64 0:2.4.6-90.el7.centos 
...//省略部分內(nèi)容...  
完畢!
[root@localhost conf]# vim /etc/named.conf    //編輯DNS配置文件
...//省略部分內(nèi)容...
options {
        listen-on port 53 { any; };            //更改IP地址為any
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };             //更改監(jiān)聽主機(jī)為any
...//省略部分內(nèi)容... 
:wq
[root@localhost conf]# vim /etc/named.rfc1912.zones     //編輯區(qū)域配置文件
...//省略部分內(nèi)容...
zone "kgc.com" IN {                      //更改域名
        type master;
        file "kgc.com.zone";         //更改區(qū)域數(shù)據(jù)文件名
        allow-update { none; };
};
...//省略部分內(nèi)容...
:wq
[root@localhost conf]# cd /var/named/           //進(jìn)入?yún)^(qū)域數(shù)據(jù)文件目錄
[root@localhost named]# ls                     //查看目錄
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp -p named.localhost kgc.com.zone     //復(fù)制區(qū)域數(shù)據(jù)文件
[root@localhost named]# vim kgc.com.zone               //進(jìn)入編輯文件
$TTL 1D 
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.144.133                   //設(shè)置域名解析
:wq                                        //保存退出

開啟兩臺(tái)win 10客戶機(jī),并查看客戶機(jī)IP地址

詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)

在Linux系統(tǒng)中進(jìn)入http服務(wù)站點(diǎn)目錄,編輯主頁內(nèi)容,并開啟DNS、HTTP服務(wù),關(guān)閉防火墻及增強(qiáng)性安全功能

[root@localhost named]# cd /var/www/html/    //進(jìn)入http服務(wù)站點(diǎn)目錄
[root@localhost html]# vim index.html             //編輯默認(rèn)主頁
<h2>this is kgc web</h2>             //編輯內(nèi)容
:wq
[root@localhost html]# ls           //查看
index.html              
[root@localhost html]# cat index.html    //查看網(wǎng)頁內(nèi)容
<h2>this is kgc web</h2>
[root@localhost html]# systemctl start httpd.service         //啟動(dòng)http服務(wù)
[root@localhost html]# systemctl start named                   //啟動(dòng)DNS服務(wù)
[root@localhost html]# systemctl stop firewalld.service         //關(guān)閉防火墻
[root@localhost html]# setenforce 0                            //關(guān)閉增強(qiáng)性安全功能

使用兩臺(tái)win 10客戶機(jī)分別訪問往網(wǎng)站信息,看服務(wù)是否正常提供

詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)

在Linux系統(tǒng)中配置HTTP服務(wù)配置文件,設(shè)置客戶機(jī)訪問權(quán)限

[root@localhost html]# vim /etc/httpd/conf/httpd.conf  
//編輯主配置文件內(nèi)容(現(xiàn)網(wǎng)中不建議直接修改主配置文件內(nèi)容,可以重新添加子配置文件進(jìn)行限制)
...//省略部分內(nèi)容...
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
     <RequireALL>                          //在此容器下添加子容器
       Require not ip 192.168.144.128             
       //添加限制訪問主機(jī)的IP地址(如若限制網(wǎng)段直接添加192.168.144.0/24即可,注意限制網(wǎng)段需填寫子網(wǎng)掩碼)
       Require all granted
    </RequireALL>
</Directory>
...//省略部分內(nèi)容...
:wq
[root@localhost html]# systemctl restart httpd.service

查看限制的第一臺(tái)win 10客戶端是否還可以訪問網(wǎng)站

詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)

用戶授權(quán)限制

配置實(shí)例

創(chuàng)建用戶認(rèn)證數(shù)據(jù)庫

[root@localhost html]# htpasswd -c /etc/httpd/conf/pwd test01  
//創(chuàng)建用戶認(rèn)證數(shù)據(jù)庫(-c為創(chuàng)建,如果已經(jīng)存在數(shù)據(jù)認(rèn)證文件可以不用-c,直接就可以使用命令添加進(jìn)認(rèn)證文件中)
New password:               //輸入設(shè)置的密碼
Re-type new password:         //再次輸入密碼
Adding password for user test01  //成功創(chuàng)建
[root@localhost html]# cd /etc/httpd/conf        //進(jìn)入目錄
[root@localhost conf]# ls        //查看
httpd.conf  magic  pwd            //成功創(chuàng)建文件
[root@localhost conf]# cat pwd     //查看文件內(nèi)容
test01:$apr1$zDZ/54yz$rUCXaWixaltHE6ZBvjv0h/    //創(chuàng)建的用戶及密碼

添加用戶授權(quán)配置

[root@localhost conf]# vim httpd.conf
...//省略部分內(nèi)容...
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
   AuthName "DocumentRoot"                      //更改上面的訪問控制條目,此條目聲明驗(yàn)證信息
   AuthType Basic                               //驗(yàn)證類型為基本驗(yàn)證
   AuthUserFile /etc/httpd/conf/pwd             //驗(yàn)證文件路徑
   Require valid-user                           //設(shè)置為授權(quán)用戶驗(yàn)證
</Directory>
...//省略部分內(nèi)容...
:wq                                          //保存退出
[root@localhost conf]# systemctl restart httpd.service  //重新啟動(dòng)服務(wù)

在客戶機(jī)中驗(yàn)證配置

詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)詳述CentOS 7中Apache配置與應(yīng)用(一)

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請(qǐng)聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI