11.18 Apache用户认证

ezeke

- 11.18 Apache用户认证
- 11.19/11.20 域名跳转
- 11.21 Apache访问日志
- 扩展
- apache虚拟主机开启php的短标签 http://ask.apelearn.com/question/5370

# 11.18 apache用户认证
### httpd的用户认证
- vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf //把123.com那个虚拟主机编辑成如下内容
```

    DocumentRoot "/data/wwwroot/www.123.com"
    ServerName www.123.com
     //指定认证的目录
        AllowOverride AuthConfig //这个相当于打开认证的开关
        AuthName "123.com user auth" //自定义认证的名字，作用不大
        AuthType Basic //认证的类型，一般为Basic，其他类型阿铭没用过
        AuthUserFile /data/.htpasswd  //指定密码文件所在位置
        require valid-user //指定需要认证的用户为全部可用用户
   

/usr/local/apache2.4/bin/htpasswd -cm /data/.htpasswd aming
```
- 先开打虚拟主机配置文件
```
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
# Please see the documentation at
#
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any  block.
#

    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common


    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common


                                                                  37,5          93%
```
-  把文件内容改为
```
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any  block.
#

    DocumentRoot "/data/wwwroot/abc.com"
    ServerName abc.com
    ServerAlias www.abc.com www.123.com
    ErrorLog "logs/abc.com-error_log"
    CustomLog "logs/abc.com-access_log" common


    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
   
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
   
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common


:wq         
```
- /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
- -c 是creaate 创建用户  -m 是使用MD5方式 加密  /data/.htpasswd 指定密码文件目录  aming 是创建的新用户
```
[root@localhost ~]# vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -c -m /data/.htpasswd aming
New password:
Re-type new password:
Adding password for user aming
[root@localhost ~]#
[root@localhost ~]# cat /data/.htpasswd
aming:$apr1$EXwYfiem$WmlVecIGEuLU781VJMO6y/
[root@localhost ~]# ls /data/.htpasswd
/data/.htpasswd
[root@localhost ~]#
```
- 再增加一个用户zhangsan
```
[root@localhost ~]# /usr/local/apache2.4/bin/htpasswd -m /data/.htpasswd zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost ~]#
[root@localhost ~]# cat /data/.htpasswd
aming:$apr1$hRjEjYks$LpCPxZ/PUOvox0ZE5Qea9.
zhangsan:$apr1$cwKQ8Lwu$P.iw/DySVIn2sBrAF3AUb0
[root@localhost ~]#
```
-  重新加载配置-t , graceful  绑定hosts，浏览器测试
-  curl -x127.0.0.1:80 www.123.com //状态码为401
-  curl -x127.0.0.1:80 -uaming:passwd www.123.com //状态码为200
```
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
Syntax OK
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]#
[root@localhost ~]# curl -x127.0.0.1:80 111.com


401 Unauthorized

Unauthorized
This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.

[root@localhost ~]#
[root@localhost ~]# curl -x127.0.0.1:80 111.com -I
HTTP/1.1 401 Unauthorized
Date: Sun, 08 Oct 2017 14:59:22 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
WWW-Authenticate: Basic realm="111.com user auth"
Content-Type: text/html; charset=iso-8859-1
[root@localhost ~]#
```
-  401 这个状态码 ，是说明你访问的内容需要做用户验证
-  同样也可以在浏览器里面看下，前提你要在windows hosts文件里定义111.com
-  
```
[root@localhost ~]# curl -x127.0.0.1:80 -uaming:123456 111.com -I
HTTP/1.1 200 OK
Date: Sun, 08 Oct 2017 15:50:41 GMT
Server: Apache/2.4.27 (Unix) PHP/7.1.6
X-Powered-By: PHP/7.1.6
Content-Type: text/html; charset=UTF-8
[root@localhost ~]# curl -x127.0.0.1:80 -uaming:123456 111.com
111.com[root@localhost ~]#
```
- 故意输错密码,又是这样
```
111.com[root@localhost ~]# curl -x127.0.0.1:80 -uaming:12345 111.com


401 Unauthorized

Unauthorized
This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.

[root@localhost ~]#
```
- 关于用户认证还有另一种需求，不想针对所有的目录，一个网站总有一个敏感信息，比如一些后台访问的数据，做一个认证，针对某一个文件，做一个认证
- 打开配置文件
```

    DocumentRoot "/data/wwwroot/111.com"
    ServerName 111.com
    ServerAlias www.example.com
   #
     
        AllowOverride AuthConfig
        AuthName "111.com user auth"
        AuthType Basic
        AuthUserFile /data/.htpasswd
        require valid-user
     
   #
    ErrorLog "logs/111.com-error_log"
    CustomLog "logs/111.com-access_log" common

:wq                    
```
- 把diretory 注释掉，换上
```
[root@localhost ~]# !vi
vim /usr/local/apache2.4/conf/extra/httpd-vhosts.conf
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl -t
[root@localhost ~]# /usr/local/apache2.4/bin/apachectl graceful
[root@localhost ~]# vim /data/wwwroot/111.com/123.php