实验 Apache网页与安全优化
程序员文章站
2022-06-25 21:45:08
...
一 Apache网页优化
1.1 网页压缩
apachectl -D DUMP_MODULES | grep "deflate"
systemctl stop httpd
cd /opt/httpd-2.4.29/
[aaa@qq.com httpd-2.4.29]# ./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-cgid \
--enable-deflate \
--enable-expires
[aaa@qq.com httpd-2.4.29]# make && make install
[aaa@qq.com httpd-2.4.29]# vi /usr/local/httpd/conf/httpd.conf
LoadModule deflate_module modules/mod_deflate.so
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript image/png image/jpg
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
[aaa@qq.com httpd-2.4.29]# httpd -t
Syntax OK
[aaa@qq.com httpd-2.4.29]# systemctl restart httpd
把测试照片传入/usr/local/httpd/htdocs/目录下
[aaa@qq.com httpd-2.4.29]# cd /usr/local/httpd/htdocs/
[aaa@qq.com htdocs]# vi index.html
<html>
<head>
<title>--压缩测试页--</title>
</head>
<body><h1>这是一个测试网页内容压缩的页面!!This is test Page!!</h1>
<img src=b.jpg / >
</body>
</html>
用抓包软件测试图片是否压缩
如果有中文乱码问题如图:
[aaa@qq.com htdocs]# vi /etc/httpd.conf
ServerRoot "/usr/local/httpd"
AddDefaultCharset utf-8 #添加
[aaa@qq.com htdocs]# systemctl restart httpd
1.2 网页缓存
[aaa@qq.com ~]# apachectl -D DUMP_MODULES | grep "expire"
[aaa@qq.com ~]# systemctl stop httpd
[aaa@qq.com ~]# cd /opt/httpd-2.4.29/
[aaa@qq.com httpd-2.4.29]# ./configure \
> --prefix=/usr/local/httpd \
> --enable-so \
> --enable-rewrite \
> --enable-charset-lite \
> --enable-cgi \
> --enable-cgid \
> --enable-deflate \
> --enable-expires
[aaa@qq.com httpd-2.4.29]# make && make install
[aaa@qq.com httpd-2.4.29]# vi /etc/httpd.conf
LoadModule expires_module modules/mod_expires.so //去掉#
<IfModule mod_expires.c> //末尾添加
ExpiresActive On
ExpiresDefault "access plus 60 seconds"
</IfModule>
[aaa@qq.com httpd-2.4.29]# httpd -t
Syntax OK
[aaa@qq.com httpd-2.4.29]# systemctl restart httpd
[aaa@qq.com httpd-2.4.29]# apachectl -D DUMP_MODULES | grep "expire"
expires_module (shared)
用抓包软件测试图片传输是否缓存
二 Apache安全优化
2.1 隐藏版本信息
用抓包软件抓取包,能显示出Apache版本信息
如果黑客或别有用心的人得到Apache的版本信息,就会有针对性的展开攻击,很有可能会给网站造成很大的损失。所以,需要隐藏Apache的版本号,降低遭受攻击的风险,保护服务器的安全运行
[aaa@qq.com ~]# vi /usr/local/httpd/conf/httpd.conf
Include conf/extra/httpd-default.conf //前面去掉#
[aaa@qq.com ~]# vi /usr/local/httpd/conf/extra/httpd-default.conf
ServerTokens Prod //把Full改为Prod
[aaa@qq.com ~]# systemctl restart httpd
访问测试,抓包测试图片传输是否有版本号
2.2 配置防盗链
(1)先做一个盗用图片的网站
[aaa@qq.com ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
20.0.0.21 www.51xit.top
[aaa@qq.com ~]# yum -y install httpd
[aaa@qq.com ~]# systemctl start httpd
[aaa@qq.com ~]# systemctl enable httpd
[aaa@qq.com ~]# vi /var/www/html/index.html
<html>
<head>
<title>--压缩测试页--</title>
</head>
<body><h1>这是一个盗用网页内容的页面!!This is test Page!!</h1>
<img src=http://20.0.0.21/b.jpg / >
</body>
</html>
测试一下
(2)接下来做防盗处理
[aaa@qq.com ~]# apachectl -t -D DUMP_MODULES | grep "rewrite"
[aaa@qq.com ~]# systemctl stop httpd
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://20.0.0.21/*
RewriteCond %{HTTP_REFERER} !^http://51xit.top/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://51xit.top$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.51xit.top/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.51xit.top$ [NC]
RewriteRule .*\.(gif|jpg|swf|png)$ https://ss1.bdstatic.com/70cFuXSh_Q1YnxGkpoWK1HF6hhy/it/u=3577784466,441383939&fm=26&gp=0.jpg [R,NC]
[aaa@qq.com ~]# systemctl restart httpd
测试
上一篇: so
下一篇: Apache 网页与安全优化