本文主要是介绍Apache网页与优化(压缩、缓存、版本信息隐藏、防盗链设置),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
网页与安全优化
- 网页压缩
- 1.检查mod_deflate模块是否安装,如未安装则进行重新编译添加模块
- 2.配置mod_deflate模块启用
- 3.检查安装情况并启动服务
- 4.测试mod_deflate压缩是否生效(共两种方式)
- 网页缓存
- 1.检查mod_expires模块是否安装,如未安装则进行重新编译添加模块
- 2.配置mod_expires模块启用
- 3.检查安装情况,启动服务
- 4.测试缓存是否生效(共两种)
- 隐藏版本信息
- Apache防盗链
- 1.检查mod_rewrite模块是否安装,如未安装则进行重新编译添加模块
- 2.配置mod_rewrite模块并用
- mode_rewrite模块内容字段含义
- 3.网页准备
- Web源主机配置
- 盗链网站主机配置
网页压缩
- 在企业中,部署Apache后只采用默认的配置参数,会引发网站很多问题,也就相当于是默认配置只是针对以前较低的服务器配置的,以前的配置现在已经不适用于当今互联网时代
- 为了适应企业需求,所以就需要考虑如何提升Apache的性能与稳定性,因此就有了Apache的优化
1.检查mod_deflate模块是否安装,如未安装则进行重新编译添加模块
[root@localhost conf]# apachectl -t -D DUMP_MODULES | grep "deflate"
[root@localhost /]# systemctl stop httpd.service
[root@localhost /]# cd /usr/local/httpd/conf/
[root@localhost conf]# ls
extra httpd.conf httpd.conf.bak magic mime.types original
[root@localhost conf]# mv httpd.conf httpd.conf.bakbak
【需将原来的httpd.conf文件移动重命名新文件,否则将无法成功编译安装】
[root@localhost conf]# ls
extra httpd.conf.bak httpd.conf.bakbak magic mime.types original
[root@localhost conf]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
...过程略...
[root@localhost httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi \
> --enable-deflate 【加入mod_deflate模块】
...过程略...
[root@localhost httpd-2.4.29]# make -j4 && make install
...编译过程略...
2.配置mod_deflate模块启用
[root@localhost /]# vim /usr/local/httpd/conf/httpd.conf52 Listen 192.168.131.13:80 【修改为本机ip地址】
105 LoadModule mime_module modules/mod_mime.so 【开启mod_deflate模块】
198 ServerName www.qz.com:80 【取消注释并修改】
511 <IfModule mod_deflate.c> 【末行添加】
512 AddOutputFilterByType DEFLATE ceshi/html ceshi/plain ceshi/css ceshi/xml ceshi/javascript ceshi/jpg ceshi/png
【表示对什么样的内容启用gzip压缩】
513 DeflateCompressionLevel 6
【压缩级别,范围为1-9】
514 SetOutputFilter DEFLATE
【启用deflate模块对本站点的输出进行gzip压缩】
515 </IfModule>
3.检查安装情况并启动服务
[root@localhost conf]# apachectl -t 【验证配置文件的配置是否正确】
Syntax OK
[root@localhost conf]# apachectl -t -D DUMP_MODULES | grep "deflate" 【检查DUMP_MODULES模块是否安装】deflate_module (shared) 【若已安装则显示这样的正确结果】
[root@localhost /]# systemctl start httpd.service
4.测试mod_deflate压缩是否生效(共两种方式)
[root@localhost /]# cd /usr/local/httpd/htdocs/
【将tea文件传到/usr/local/httpd/htdocs目录下】
[root@localhost htdocs]# ls
bbs index.html index.php tea.jpg
[root@localhost htdocs]# vim index.html<html><body><h1>this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!
this is tea! this is tea!this is tea! this is tea!</h1>
<img src="tea.jpg"/>- 方法一(Linux)
- 在Linux系统中,使用自带的火狐浏览器,右键查看元素
- 选择网络→选择HTML、WS、其他,或者全部
- 访问http://192.168.131.13(或者域名http://www.qz.com) 双击200响应消息查看响应头中包含Content-Encoding:gzip
- 方法二(Windows10)
- 在Windows系统中安装fiddler软件(Windows7则需要先安装Microsoft.NET4再安装fiddler软件)
- 选择inspectors再选择Headers
- 访问http://192.168.131.13(或者域名http://www.qz.com) 双击200响应消息查看Content-Encoding:gzip
网页缓存
1.检查mod_expires模块是否安装,如未安装则进行重新编译添加模块
[root@localhost htdocs]# apachectl -t -D DUMP_MODULES | grep "expires"
[root@localhost htdocs]# systemctl stop httpd.service
[root@localhost htdocs]# cd /usr/local/httpd/conf/
[root@localhost conf]# ls
extra httpd.conf httpd.conf.bak httpd.conf.bakbak magic mime.types original
[root@localhost conf]# mv httpd.conf httpd.conf.bakbakbak
[root@localhost conf]# ls
extra httpd.conf.bak httpd.conf.bakbak httpd.conf.bakbakbak magic mime.types original
[root@localhost conf]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
...过程略...
[root@localhost httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi \
> --enable-deflate \
> --enable-expires 【加入mod_expires模块】
...过程略...
[root@localhost httpd-2.4.29]# make -j4 && make install
...过程略...
[root@localhost httpd-2.4.29]# cd -
/usr/local/httpd/conf
[root@localhost conf]# ls
extra httpd.conf.bak httpd.conf.bakbakbak mime.types
httpd.conf httpd.conf.bakbak magic original
2.配置mod_expires模块启用
[root@localhost conf]# vim /usr/local/httpd/conf/httpd.conf52 Listen 192.168.131.13:80 【修改为本机IP】
111 LoadModule expires_module modules/mod_expires.so 【取消注释,即开启mod_expires模块】
199 ServerName www.qz.com:80 【取消注释并修改域名】
510 <IfModule mod_expires.c> 【末行添加】
511 ExpiresActive On 【打开网页缓存功能】
512 ExpiresDefault "access plus 30 seconds" 【缓存时间为30秒】
513 </IfModule>
3.检查安装情况,启动服务
[root@localhost conf]# apachectl -t 【验证配置文件的配置是否正确】
Syntax OK
[root@localhost conf]# apachectl -t -D DUMP_MODULES | grep "expires" 【检查mod_expires模块是否已安装】expires_module (shared) 【若已安装则显示这样的正确结果】
[root@localhost conf]# systemctl start httpd.service
4.测试缓存是否生效(共两种)
- 方法一(Linux)
- 在Linux系统中,使用自带的火狐浏览器,右键查看元素
- 选择网络→选择HTML、WS、其他,或者全部
- 访问http://192.168.131.13(或者域名http://www.qz.com) 双击200响应消息查看响应头中包含Expires选项
- 方法二(Windows10)
- 在Windows系统中安装fiddler软件(Windows7则需要先安装Microsoft.NET4再安装fiddler软件)
- 选择inspectors再选择Headers
- 访问http://192.168.131.13(或者域名http://www.qz.com)双击200响应消息查看响应头中包含Expires选项
隐藏版本信息
[root@localhost /]# vim /usr/local/httpd/conf/httpd.conf
491 Include conf/extra/httpd-default.conf 【491行取消注释】
[root@localhost /]# vim /usr/local/httpd/conf/extra/httpd-default.conf55 ServerTokens Prod 【55行进行修改】
【将原本的Full改成Prod,即只显示名称,没有版本】
【ServerTokens表示Server回送给客户端的响应头域是否包含关于服务器OS类型和编译过的模块描述信息】
[root@localhost /]# systemctl restart httpd.service
- 浏览器访问http://192.168.131.13 然后双击200消息查看Server选项
Apache防盗链
1.检查mod_rewrite模块是否安装,如未安装则进行重新编译添加模块
[root@localhost /]# apachectl -t -D DUMP_MODULES | grep "rewrite"
[root@localhost /]# systemctl stop httpd.service
[root@localhost /]# cd /usr/local/httpd/conf/
[root@localhost conf]# ls
extra httpd.conf.bak httpd.conf.bakbakbak mime.types
httpd.conf httpd.conf.bakbak magic original
[root@localhost conf]# mv httpd.conf httpd.conf.bakbakbakbak
[root@localhost conf]# ls
extra httpd.conf.bakbak httpd.conf.bakbakbakbak mime.types
httpd.conf.bak httpd.conf.bakbakbak magic original
[root@localhost conf]# yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
...过程略...
[root@localhost httpd-2.4.29]# cd /opt/httpd-2.4.29/
[root@localhost httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-rewrite \ 【将mod_rewrite模块加入】
> --enable-charset-lite \
> --enable-cgi \
> --enable-deflate \
> --enable-expires
...过程略...
[root@localhost httpd-2.4.29]# make -j4 && make install
...过程略...
[root@localhost httpd-2.4.29]# cd -
/usr/local/httpd/conf
[root@localhost conf]# ls
extra httpd.conf.bak httpd.conf.bakbakbak magic original
httpd.conf httpd.conf.bakbak httpd.conf.bakbakbakbak mime.types
2.配置mod_rewrite模块并用
157 LoadModule rewrite_module modules/mod_rewrite.so 【取消注释】
224 <Directory "/usr/local/httpd/htdocs">
...略...
237 Options Indexes FollowSymLinks
...略...
244 AllowOverride None
...略...
249 Require all granted
250 RewriteEngine On 【打开rewrite功能并加入mode_rewrite模块内容】
251 RewriteCond %{HTTP_REFERER} !^http://qz.com/.*$ [NC]
252 RewriteCond %{HTTP_REFERER} !^http://qz.com$ [NC]
253 RewriteCond %{HTTP_REFERER} !^http://www.qz.com/.*$ [NC]
254 RewriteCond %{HTTP_REFERER} !^http://www.qz.com/$ [NC]
255 RewriteRule .*\.(gif|jpg|swf)$ http://www.qz.com/fuck.png 【设置跳转动作】
mode_rewrite模块内容字段含义
- RewriteCond %{HTTP_REFERER} !^http://www.qz.com/.*$ [NC]
- %{HTTP_REFERER}
存放一个链接的URL,表示从某个链接访问所需的网页 - !^
表示不以后面的字符串开头 - http://www.qz.com/
本网站的路径,按整个字符串匹配 - .*$
表示以任意字符结尾 - [NC]
表示不区分大小写
- %{HTTP_REFERER}
- RewriteRule .*\.(gif|jpg|swf)$ http://www.qz.com/fuck.png
- .
表示匹配一个字符 - *
表示匹配0到多个字符,与.合起来的意思则为匹配0到多次前面的任意字符,如果是1到多次匹配则可用+表示 - .
这里的\是转义符,.就代表符号.的意思。
因为.在指令中是属于规则字符,有相应的含义,所以如果需要匹配,则需要在前面加个转义符\,,其他规则字符需要匹配,也许做同样的处理 - (gif|jpg|swf)$
表示匹配gif、jpg、swf任意一个,$表示结束。最后的规则是以.gif、.jpg、.swf结尾,前面1到多个字符的字符串,也就是匹配图片类型的文件 - http://www.qz.com/fuck.png
表示转发到这个路径
- .
- 整个配置的含义
使用本网站以外的网站域名访问本站的图片文件时,显示fuck.png这个图片
3.网页准备
Web源主机配置
[root@localhost /]# cd /usr/local/httpd/htdocs/
[root@localhost htdocs]# ls
bbs fuck.png index.html index.php tea.jpg
[root@localhost htdocs]# vim index.html <html><body><h1>this is tea!</h1>
<img src="tea.jpg"/>
</body></html>[root@localhost htdocs]# echo "192.168.131.13 www.qz.com" >> /etc/hosts
[root@localhost htdocs]# echo "192.168.131.9 www.qzqz.com" >> /etc/hosts
盗链网站主机配置
[root@localhost /]# yum -y install httpd
[root@localhost /]# cd /var/www/html/
【yum安装的httpd服务的默认路径为/var/www/html/】
【编译安装的httpd服务的默认路径为cd /usr/local/httpd/htdocs/】[root@localhost html]# ls
index.html
[root@localhost html]# vim index.html <html><body>this is dao!
<img src="http://www.qz.com/tea.jpg"/>
</body></html>
[root@localhost html]# echo "192.168.131.13 www.qz.com" >> /etc/hosts
[root@localhost html]# echo "192.168.131.9 www.qzqz.com" >> /etc/hosts
- 在盗图网站主机上进行浏览器验证
- hhtp://www.qzqz.com
这篇关于Apache网页与优化(压缩、缓存、版本信息隐藏、防盗链设置)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
