模块的做用如下:mod_access 提供基于主机的访问控制命令mod_actions 能够运行基于MIME类型的CGI脚本或HTTP请求方法mod_alias 能执行URL重定向服务mod_asis 使文档能在没有HTTP头标的情况下被发送到客户端mod_auth 支持使用存储在文本文件中的用户名、口令实现认证mod_auth_dbm 支持使用DBM文件存储基本HTTP认证mod_auth_mysql 支持使用MySQL数据库实现基本HTTP认证mod_auth_anon 允许以匿名方式访问需要认证的区域mod_auth_external支持使用第三方认证mod_autoindex 当缺少索引文件时,自动生成动态目录列表mod_cern_meta 提供对元信息的支持mod_cgi 支持CGImod_dir 能够重定向任何对不包括尾部斜杠字符命令的请求mod_env 使你能够将环境变量传递给CGI或SSI脚本mod_expires 让你确定Apache在服务器响应请求时如何处理Expiresmod_headers 能够操作HTTP应答头标mod_imap 提供图形映射支持mod_include 使支持SSImod_info 对服务器配置提供了全面的描述mod_log_agent 允许在单独的日志文件中存储用户代理的信息mod_log_config 支持记录日志mod_log_referer 提供了将请求中的Referer头标写入日志的功能mod_mime 用来向客户端提供有关文档的元信息mod_negotiation 提供了对内容协商的支持mod_setenvif 使你能够创建定制环境变量mod_speling 使你能够处理含有拼写错误或大小写错误的URL请求mod_status 允许管理员通过WEB管理Apachemod_unique_id 为每个请求提供在非常特殊的条件下保证是唯一的标识
常用模块
LoadModule dir_module modules/mod_dir.soLoadModule mime_module modules/mod_mime.soLoadModule expires_module modules/mod_expires.soLoadModule config_log_module modules/mod_log_config.soLoadModule alias_module modules/mod_alias.soLoadModule rewrite_module modules/mod_rewrite.soLoadModule access_module modules/mod_access.soLoadModule auth_module modules/mod_auth.so
3.2.1. Output a list of modules compiled into the server.
This will not list dynamically loaded modules included using the LoadModule directive.
[root@development bin]# httpd -lCompiled in modules: core.c worker.c http_core.c mod_so.c
绑定多个IP
#Listen 80Listen 192.168.3.40:80Listen 192.168.4.40:80Listen 192.168.5.40:80
3.2.2.2. Filesystem and Webspace
ref: http://httpd.apache.org/docs/2.2/en/sections.html
Filesystem Containers
Options +Indexes Order allow,deny Deny from all Order allow,deny Deny from all
Webspace Containers
Order Allow,Deny Deny from all
Wildcards and Regular Expressions
A non-regex wildcard section that changes the configuration of all user directories could look as follows: Options Indexes Using regex sections, we can deny access to many types of image files at once: Order allow,denyDeny from all
Options FollowSymLinks MultiViews Indexes DirectoryIndex index.html AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Logs Access" AuthType Basic AuthUserFile /etc/nagios3/htpasswd.users require valid-user
-
None是禁止所有
-
Indexes 当没有index.html 的时候列出目录
-
FollowSymLinks 允许符号连接,可以通过符号连接跨越DocumentRoot
-
AllowOverride 定义是否允许各个目录用目录中的.htaccess覆盖这里设定的Options
-
FileETag INode MTime Size
ServerTokens ProductOnlyServerSignature Off
ThreadLimit 需要自行添加
ServerLimit 需要自行添加
ThreadLimit 256 ServerLimit 4096 StartServers 4 MinSpareThreads 75 MaxSpareThreads 250 ThreadsPerChild 128 MaxRequestWorkers 4096 MaxConnectionsPerChild 0
worker
# Server-pool management (MPM specific)Include conf/extra/httpd-mpm.conf
conf/extra/httpd-mpm.conf
mpm_worker_module
ServerLimit 16 ThreadLimit 128 StartServers 8 MaxClients 2048 MinSpareThreads 64 MaxSpareThreads 128 ThreadsPerChild 128 MaxRequestsPerChild 10000 ServerLimit 24 ThreadLimit 128 StartServers 8 MaxClients 3072 MinSpareThreads 64 MaxSpareThreads 128 ThreadsPerChild 128 MaxRequestsPerChild 10000 ServerLimit 16 ThreadLimit 256 StartServers 8 MaxClients 4096 MinSpareThreads 64 MaxSpareThreads 256 ThreadsPerChild 256 MaxRequestsPerChild 10000
ServerLimit 默认是16,它决定系统最多启动几个httpd进程。ThreadLimit 默认是64,ThreadsPerChild* ServerLimit=系统支持的最大并发。MaxClients = ThreadsPerChild MaxClients <= ServerLimit * ThreadsPerChild 必须是ThreadsPerChild的倍数 MaxSpareThreads >= MinSpareThreads+ThreadsPerChild
日志级别
语法:LogLevel level
可以选择下列level,依照重要性降序排列:emerg 紧急(系统无法使用)alert 必须立即采取措施crit 致命情况error 错误情况warn 警告情况notice 一般重要情况info 普通信息debug 调试信息
LogLevel crit
分割log日志文件
# # The following directives define some format nicknames for use with # a CustomLog directive (see below). # #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{email}C %{nickname}C" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio # # The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a # container, they will be logged here. Contrariwise, if you *do* # define per- access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # CustomLog logs/access_log combined #CookieLog logs/cookie_log
# compressed logs$ CustomLog "|/usr/bin/gzip -c >> /var/log/access_log.gz" common
3.2.4.4. rotatelogs - Piped logging program to rotate Apache logs
rotatelogs是一个配合Apache管道日志功能使用的简单程序。举例:
rotatelogs logfile [ rotationtime [ offset ]] | [ filesizeM ]选项logfile它加上基准名就是日志文件名。如果logfile中包含’%',则它会被视为用于的strftime(3)的格式字串;否则,它会被自动加上以秒为单位的.nnnnnnnnnn后缀。这两种格式都表示新的日志开始使用的时间。rotationtime日志文件回卷的以秒为单位的间隔时间offset相对于UTC的时差的分钟数。如果省略,则假定为0,并使用UTC时间。比如,要指定UTC时差为-5小时的地区的当地时间,则此参数应为-300。filesizeM指定回卷时以兆字节为单位的后缀字母M的文件大小,而不是指定回卷时间或时差。下列日志文件格式字串可以为所有的strftime(3)实现所支持,见各种扩展库对应的strftime(3)的手册。%A 星期名全称(本地的)%a 3个字符的星期名(本地的)%B 月份名的全称(本地的)%b 3个字符的月份名(本地的)%c 日期和时间(本地的)%d 2位数的一个月中的日期数%H 2位数的小时数(24小时制)%I 2位数的小时数(12小时制)%j 3位数的一年中的日期数%M 2位数的分钟数%m 2位数的月份数%p am/pm 12小时制的上下午(本地的)%S 2位数的秒数%U 2位数的一年中的星期数(星期天为一周的第一天)%W 2位数的一年中的星期数(星期一为一周的第一天)%w 1位数的星期几(星期天为一周的第一天)%X 时间 (本地的)%x 日期 (本地的)%Y 4位数的年份CustomLog "|bin/rotatelogs /var/logs/logfile 86400" common此配置会建立文件"/var/logs/logfile.nnnn",其中的nnnn是名义上的日志启动时的系统时间(此时间总是滚动时间的倍数,可以用于cron脚本的同步)。在滚动时间到达时(在此例中是24小时以后),会产生一个新的日志。CustomLog "|bin/rotatelogs /var/logs/logfile 5M" common此配置会在日志文件大小增长到5兆字节时滚动该日志。ErrorLog "|bin/rotatelogs /var/logs/errorlog.%Y-%m-%d-%H_%M_%S 5M"此配置会在错误日志大小增长到5兆字节时滚动该日志,日志文件名后缀会按照如下格式创建:errorlog.YYYY-mm-dd-HH_MM_SSErrorLog "| /usr/local/apache/bin/rotatelogs /www/logs/www.example.com/error_%Y_%m_%d_log 86400 480"CustomLog "| /usr/local/apache/bin/rotatelogs /www/logs/www.example.com/access_%Y_%m_%d_log 86400 480" commonCustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/access.%Y-%m-%d.log 86400 480" combined
86400:表示 24小时 60*60*24
480: 表示时区偏移 8 时区等于 60*8
cronolog
cd /usr/local/src/wget http://cronolog.org/download/cronolog-1.6.2.tar.gztar zxvf cronolog-1.6.2.tar.gzcd cronolog-1.6.2./configure --prefix=/usr/local/cronologmakemake install
CustomLog "|/usr/local/cronolog/sbin/cronolog /opt/apache/logs/access_log.%Y%m%d" combined
合并多个服务器的日志文件(如log1、log2、log3),并输出到log_all中的方法是:
$ sort -m -t " " -k 4 -o log_all log1 log2 log3
30 4 * * * /usr/bin/gzip -f /www/logs/access.`date -d yesterday +%Y-%m-%d`.log
https://www.sit.auckland.ac.nz/Logging_to_syslog_with_Apache
Logging to syslog with ApacheFirst you will need to install syslog-ng. This is the logging server that will send the log data to the syslog box.apt-get update && apt-get install syslog-ngsyslog-ng uses a socket device to accept data from apache or whatever program is creating the logs.Use the configuration here: Syslog-ng default config.The first part indicates what the socket will be called and where it will live. The second part tells syslog-ng where to send the collected data. The restart syslog-ng (/etc/init.d/syslog-ng restart)l.Configure apache's loggingAdd these directives to send apache's logs via a socket to syslogCustomLog "|/usr/bin/logger -s -t 'monitor.cs.auckland.ac.nz' -p info -u /var/log/apache_log.socket" CombinedErrorLog "|/usr/bin/logger -s -t 'monitor.cs.auckland.ac.nz' -p err -u /var/log/apache_log.socket"Apache will then use the logger program to send data to syslog. /var/log/apache_log.socket refers to the device that syslog-ng has created. Data sent to this device is sent over the network to the main syslog box.TroubleshootingIt seems that apache 2.0.54-5 does not like logging to a file and to a process at the same time. In this case log entries will become re-ordered or missed out. You can use the test scripts below to check if this is happening.TestingHere are some useful scripts that can help with testing to make sure the logging is working as expected.You can simulate http accesses using lynx with this command:watch lynx -source http://monitor.cs.auckland.ac.nz/Which will make a http request every two seconds. Or, for a better test:for i in `seq 1 100`; do lynx -source http://monitor.cs.auckland.ac.nz/$i;sleep 3;doneThe result of this test is a sequence of log entires from 1 to 100. If entries are missing or in the wrong order, you know there is a problem.
CustomLog "|/usr/bin/your_script" CombinedErrorLog "|/usr/bin/your_script"
Order Allow,Deny Order Deny,Allow Deny from all Allow from apache.org Order Allow,Deny Allow from apache.org Deny from foo.apache.org
A (partial) domain-nameExample: Allow from apache.orgA full IP addressExample: Allow from 10.1.2.3A partial IP addressExample: Allow from 10.1A network/netmask pairExample: Allow from 10.1.0.0/255.255.0.0A network/nnn CIDR specificationExample: Allow from 10.1.0.0/16
Options FollowSymLinks DirectoryIndex index.html AllowOverride AuthConfig Order Allow,Deny Allow From All AuthName "Nagios Access" AuthType Basic AuthUserFile /etc/nagios3/htpasswd.users # nagios 1.x: #AuthUserFile /etc/nagios/htpasswd.users require valid-user
Apache httpd 2.4.x
Options Indexes FollowSymLinks AllowOverride None Require all granted
conf/extra/httpd-vhosts.conf
or
/etc/httpd/conf.d/vhost.conf
NameVirtualHost *:80 ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/usr/local/httpd-2.2.14/docs/dummy-host.example.com" ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog "logs/dummy-host.example.com-error_log" CustomLog "logs/dummy-host.example.com-access_log" common
3.2.6.1. ServerName/ServerAlias
ServerName dummy-host.example.comServerAlias www.dummy-host.example.com
CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/access.%Y-%m-%d.log 86400 480" combinedErrorLog "|/usr/local/httpd/bin/rotatelogs /www/logs/www.example.com/error.%Y-%m-%d.log 86400 480"
3.2.7. Alias / AliasMatch
Alias /image /ftp/pub/imageAliasMatch ^/icons(.*) /usr/local/apache/icons$1
cat /etc/httpd/conf.d/logs.confAlias /logs "/www/logs" Options FollowSymLinks MultiViews Indexes AllowOverride None Order allow,deny Allow from all# Order deny,allow# Deny from all# Allow from 127.0.0.1# AuthName "Logs Access"# AuthType Basic# AuthUserFile /etc/httpd/htpasswd.users# Require valid-user
3.2.8. Redirect / RedirectMatch
Redirect
Redirect /service http://foo2.example.com/serviceRedirect permanent /one http://example.com/twoRedirect 303 /three http://example.com/other
RedirectMatch
RedirectMatch (.*)\.gif$ http://www.domain.com$1.jpg
ServerName www.old.com DocumentRoot /path/to/htdocs ...... RedirectMatch ^/(.*)$ http://www.new.com/$1
Rewrite 需要 AllowOverride All
# # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # #AllowOverride None AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all
RewriteEngine onRewriteCond %{HTTP_HOST} ^x.x.x.x [NC]RewriteRule ^/(.*)$ http://www.example.com/$1 [L,R=301] 例 3.3. R=301
ServerAdmin webmaster@example.com ServerName www.example.com ServerAlias www.second.com RewriteEngine On RewriteCond %{HTTP_HOST} ^www.example.com [NC] RewriteRule ^/(.*)$ http://www.other.com/$1 [L,R=301] RewriteCond %{HTTP_HOST} ^www.second.com [NC] RewriteRule ^/(.*)$ http://www.other.com/$1 [L,R=301]
3.2.9.2. Rewrite + JkMount
JkMount 与 Rewrite 同时使用时
RewriteRule ^/communtiy/top/(.*)$ /community.do?method=activeContent&id=$1 [PT]
后面用[PT]
3.2.9.3. Apache redirect domain.com to www.domain.com
$ vi .htaccessRewriteEngine onRewriteCond %{HTTP_HOST} ^domain\.comRewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L] ServerAdmin webmaster@example.com DocumentRoot "/www/www.example.com/images" ServerName images.example.com RewriteEngine On RewriteRule ^(.+)(jpg|gif|bmp|jpeg|ico|png|css)$ http://images.other.com/$1$2 [R] ErrorLog "logs/images.example.com-error.log"
ServerAdmin webmaster@example.com ServerName images.example.com RewriteEngine On RewriteCond %{HTTP_HOST} ^images.example.com [NC] RewriteRule ^/(.*) http://images.other.com/$1 [L] CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/images/access.%Y-%m-%d.log 100M" common
ProxyRequests Off Order deny,allow Allow from all ProxyPass / http://your.domain.com:8080/ProxyPassReverse / http://your.domain.com:8080/
/etc/httpd/conf.d/rails.conf
Listen 8080ProxyRequests Off BalancerMember http://127.0.0.1:3001 BalancerMember http://127.0.0.1:3002 BalancerMember http://127.0.0.1:3003 BalancerMember http://127.0.0.1:3004 BalancerMember http://127.0.0.1:3005 ServerName www.example.com:8080 DocumentRoot /var/www/project/public ProxyPass /images ! ProxyPass /stylesheets ! ProxyPass /javascripts ! ProxyPass / balancer://cluster/ ProxyPassReverse / balancer://cluster/ ProxyPreserveHost on
mod_deflate
httpd.conf中中加入下列语句:
SetOutputFilter DEFLATE DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE txt css js SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary DeflateFilterNote Input input_info DeflateFilterNote Output output_info DeflateFilterNote Ratio ratio_info LogFormat '"%r" %{output_info}n/%{input_info}n (%{ratio_info}n%%)' deflate CustomLog logs/deflate_log.log deflate
对目录/usr/local/apache/htdocs有效
AllowOverride None Options None Order allow,deny Allow from all SetOutputFilter DEFLATE DeflateCompressionLevel 9 AddOutputFilterByType DEFLATE text/html text/plain text/xml application/x-httpd-php AddOutputFilter DEFLATE txt css js SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript AddOutputFilterByType DEFLATE application/javascript application/x-javascript application/x-httpd-php AddOutputFilter DEFLATE txt css js SetOutputFilter DEFLATE
Log定义
DeflateFilterNote Input instream # 未压缩前DeflateFilterNote Output outstream # 压缩后DeflateFilterNote Ratio ratio # 百分比LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate # 格式定义CustomLog logs/deflate_log.log deflate # 日志位置CustomLog "|/usr/local/httpd/bin/rotatelogs /www/logs/deflate.%Y-%m-%d.log 86400 480" deflate # 分割日志位置 3.2.11.1. 测试 gzip,deflate 模块
telnet www.bg7nyt.cn 80 GET /index.html HTTP/1.0Host: www.bg7nyt.cnAccept-Encoding: gzip,deflate
你看到的是乱码,而不是HTML.
curl -H Accept-Encoding:gzip,defalte http://www.example.com/index.html | gunzip
gunzip 可以解压压缩内容
ExpiresActive OnExpiresByType image/gif "access plus 1 month"ExpiresByType image/jpeg "access plus 1 month"ExpiresByType image/x-icon "access plus 1 month"ExpiresByType image/png "access plus 1 month"ExpiresByType text/html "access plus 30 minutes"ExpiresByType text/css "access plus 30 minutes"ExpiresByType text/js "access plus 30 minutes"ExpiresByType application/x-javascript "access plus 30 minutes"ExpiresByType application/x-shockwave-flash "access plus 30 minutes"
ExpiresActive on ExpiresDefault “access plus 2 hours”
Header set Cache-Control “max-age=1800, public” Header set Cache-Control "s-maxage=600"
max-age 针对浏览器推送缓存时间
s-maxage 针对代理服务器推送缓存时间
FileETag none FileETag MTime
禁用ETag, FileETag none
INode 使用文件i-node 做为 etag
MTime 使用修改时间做为etag
Size 使用文件尺寸做为etag
All 相当于 FileETag INode MTime Size
htcacheclean -- program for cleaning the disk cache.
CacheDefaultExpire 86400 CacheEnable disk / CacheRoot /tmp/apacheCache CacheDirLevels 5 CacheDirLength 5 CacheMaxFileSize 1048576 CacheMinFileSize 10
CacheEnable mem / MCacheMaxObjectCount 20000 MCacheMaxObjectSize 1048576 MCacheMaxStreamingBuffer 65536 MCacheMinObjectSize 10 MCacheRemovalAlgorithm GDSF MCacheSize 131072
跟踪用户信息
跟踪用户的cookie,使用log日志文件记录用户的cookie
LoadModule usertrack_module modules/mod_usertrack.soCookieTracking onCookieDomain .example.comCookieExpires "10 years"CookieStyle CookieLogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{cookie}n" combined Default charset
AddCharset UTF-8 .htmlAddType 'text/html; charset=UTF-8' htmlAddDefaultCharset UTF-8
Files match
ForceType 'text/html; charset=UTF-8' AddDefaultCharset UTF-8
Changing the occasional file
AddCharset UTF-8 .html ForceType 'text/html; charset=UTF-8'
DirectoryIndex index.html index.php
Options Indexes FollowSymLinks +Includes
AddType text/html .shtml AddOutputFilter INCLUDES .shtml
开启Apache的status模块,需要修改httpd.conf,增加以下配置段:
ExtendedStatus On SetHandler server-status Order deny,allow Deny from all Allow from 125.76.229.113
http://www.domain.com/server-status
Automatic Updates
http://your.server.name/server-status?refresh=N
http://localhost/server-status?auto
扩展状态,提供更详细的信息
ExtendedStatus On
ref: http://search.cpan.org/~agrundma/Catalyst-Engine-Apache-1.07/lib/Catalyst/Engine/Apache2/MP20.pm
$ sudo apt-get install libapache2-mod-perl2 $ sudo apt-get install libcatalyst-engine-apache-perl $ sudo vi /etc/apache2/sites-available/catalyst.conf
例 3.4. mod_perl.conf
PerlSwitches -I/var/www/MyApp/lib# Preload your entire applicationPerlModule MyApp ServerName 192.168.245.129 DocumentRoot /var/www/MyApp/root Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all # If the server is started as: # httpd -X -D PERLDB # then debugging will be turned on# # PerlRequire conf/db.pl# # PerlFixupHandler Apache::DB# # SetHandler modperl PerlResponseHandler MyApp Alias /static /var/www/MyApp/root/static SetHandler default-handler
db.pl
use APR::Pool ();use Apache::DB ();Apache::DB->init();
enable site
$ sudo a2ensite mod_perl.conf$ sudo /etc/init.d/apache2 restart
https://developers.google.com/speed/pagespeed/mod
[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 358 of /etc/httpd/conf/httpd.conf:Invalid command 'Order', perhaps mis-spelled or defined by a module not includedin the server configuration[FAILED]LoadModule access_module /etc/httpd/modules/mod_access.soLoadModule auth_module /etc/httpd/modules/mod_auth.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 368 of /etc/httpd/conf/httpd.conf:Invalid command 'UserDir', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule userdir_module /etc/httpd/modules/mod_userdir.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 396 of /etc/httpd/conf/httpd.conf:Invalid command 'DirectoryIndex', perhaps mis-spelled or defined by a module notincluded in the server configuration[FAILED]LoadModule dir_module /etc/httpd/modules/mod_dir.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 419 of /etc/httpd/conf/httpd.conf:Invalid command 'TypesConfig', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule mime_module /etc/httpd/modules/mod_mime.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 491 of /etc/httpd/conf/httpd.conf:Invalid command 'LogFormat', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule log_config_module /etc/httpd/modules/mod_log_config.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 555 of /etc/httpd/conf/httpd.conf:Invalid command 'Alias', perhaps mis-spelled or defined by a module not includedin the server configuration[FAILED]LoadModule alias_module /etc/httpd/modules/mod_alias.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 582 of /etc/httpd/conf/httpd.conf:Invalid command 'SetEnvIf', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule setenvif_module /etc/httpd/modules/mod_setenvif.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 636 of /etc/httpd/conf/httpd.conf:Invalid command 'IndexOptions', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule autoindex_module /etc/httpd/modules/mod_autoindex.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: Syntax error on line 784 of /etc/httpd/conf/httpd.conf:Invalid command 'LanguagePriority', perhaps mis-spelled or defined by a module not included in the server configuration[FAILED]LoadModule negotiation_module /etc/httpd/modules/mod_negotiation.so[root@srv-2 modules]# /etc/init.d/httpd startStarting httpd: [ OK ][root@srv-2 modules]#
屏蔽爬虫
Order allow,deny Allow from all BrowserMatchNoCase "iaskspider" badguy BrowserMatchNoCase "QihooBot" badguy BrowserMatchNoCase "larbin" badguy BrowserMatchNoCase "iearthworm" badguy BrowserMatchNoCase "Outfoxbot" badguy BrowserMatchNoCase "lanshanbot" badguy BrowserMatchNoCase "Arthur" badguy BrowserMatchNoCase "InfoPath" badguy BrowserMatchNoCase "DigExt" badguy BrowserMatchNoCase "Embedded" badguy BrowserMatchNoCase "EmbeddedWB" badguy BrowserMatchNoCase "Wget" badguy BrowserMatchNoCase "CNCDialer" badguy BrowserMatchNoCase "LWP::Simple" badguy BrowserMatchNoCase "WPS" badguy deny from env=badguy
屏蔽下载
BrowserMatch "NetAnt" badguyBrowserMatch "GetRight" badguyBrowserMatch "JetCar" badguyBrowserMatch "Mass Downloader" badguyBrowserMatch "ReGet" badguyBrowserMatch "DLExpert" badguyBrowserMatch "FlashGet" badguyBrowserMatch "Offline Explorer" badguyBrowserMatch "Teleport" badguy...........order deny,allowdeny from env=badguyallow from all
3.2.23. PHP 程序安全问题 php_admin_value
php 安全
php_admin_value open_basedir /var/www/htdocs/
php_value include_path ".:/usr/local/lib/php" php_admin_flag engine on php_value include_path ".:/usr/local/lib/php" php_admin_flag engine on
mod_spdy 是用于 Apache HTTP 服务器的 Google SPDY 协议实现模块,
SPDY并不是一种用于替代HTTP的协议,而是对HTTP协议的增强。新协议的功能包括数据流的多路复用、请求优先级,以及HTTP包头压缩。谷歌已经开发一个网络服务器原型机,以及支持SPDY协议的Chrome浏览器版本。
https://code.google.com/p/mod-spdy/
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。