Shulou(Shulou.com)06/02 Report--

Apache connection retention Apache connection retention related parameters

KeepAlive

Whether to open and keep the connection, OFF closed, ON open.

KeepAlive' Timeout

The maximum interval between multiple requests in a connection beyond which two requests are disconnected MaxKeepAliveRequests the maximum number of requests that can be transmitted by a connection Apache access control

Action

Control access to website resources add access authorization to a specific website directory commonly used access control client address restrictions user authorization restrictions access control based on client address

Use Require configuration items to implement access control and restrict them sequentially

Can be used in, and configuration segments

Common syntax of Require configuration items Require all grantedRequire all deniedRequire localRequire [not] host / / when using not to prohibit access, you should place it in the container and specify the corresponding restriction policy Require [not] ip configuration instance

Install the DNS and HTTP services in the Linux system, and set up the DNS service.

[root@localhost ~] # yum install bind httpd-y / / the installation service has loaded plug-ins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com...// omits part of the content. Installed: bind.x86_64 32 90.el7.centos 9.11.4-9.P2.el7 httpd.x86_64 0VR 2.4.6-90.el7.centos. / / omit some of the contents. Over! [root@localhost conf] # vim / etc/named.conf / / Edit the DNS configuration file. / / omit part of the content. Options {listen-on port 53 {any;}; / / change the IP address to any listen-on-v6 port 53 {:: 1;}; directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db" Statistics-file "/ var/named/data/named_stats.txt"; memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;} / / change the listening host to omit part of the content for any...//.: wq [root@localhost conf] # vim / etc/named.rfc1912.zones / / Edit zone configuration file. / / omit part of the content. Zone "kgc.com" IN {/ / change the domain name type master; file "kgc.com.zone" / / change the zone data file name allow-update {none;};} ...: wq [root@localhost conf] # cd / var/named/ enter the zone data file directory [root@localhost named] # ls / / View the directory data dynamic named.ca named.empty named.localhost named.loopback slaves [root@localhost named] # cp-p named.localhost kgc.com.zone / / copy the zone data file [root@localhost] Named] # vim kgc.com.zone / / enter the edit file $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H; retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.144.133 / / set domain name resolution: wq / / Save exit

Open two win 10 clients and look at the client IP address

Enter the http service site directory in the Linux system, edit the contents of the home page, turn on DNS and HTTP services, turn off the firewall and enhanced security functions

[root@localhost named] # cd / var/www/html/ enter the http service site directory [root@localhost html] # vim index.html / / Edit the default home page this is kgc web / / Edit content: wq [root@localhost html] # ls / / View index.html [root@localhost html] # cat index.html / / View Web content this Is kgc web [root@localhost html] # systemctl start httpd.service / / start http service [root@localhost html] # systemctl start named / / start DNS service [root@localhost html] # systemctl stop firewalld.service / / turn off firewall [root@localhost html] # setenforce 0 / / disable enhanced security features

Use two win 10 clients to access the information to the website to see if the service is provided properly.

Configure HTTP service profile and set client access rights in Linux system

[root@localhost html] # vim / etc/httpd/conf/httpd.conf / / Edit the contents of the main configuration file (it is not recommended to modify the contents of the main configuration file directly You can add new subprofiles to restrict). / / omit part of the content. # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named * explicitly*-"Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # / / add sub-container Require not ip 192.168.144.128 / / add the IP address of the host with restricted access (if the network segment is restricted, you can add 192.168.144.0Uniplic24 directly Note that subnet mask is required for the network segment) Require all granted. / / omit part of the content.: wq [root@localhost html] # systemctl restart httpd.service

Check to see if the first restricted win 10 client can still access the website

User Authorization restriction configuration instance

Create a user authentication database

[root@localhost html] # htpasswd-c / etc/httpd/conf/pwd test01 / / create a user authentication database (- c is created. If the data authentication file already exists, you don't need-c You can directly add the command to the authentication file) New password: / / enter the set password Re-type new password: / / re-enter the password Adding password for user test01 / / successfully create [root@localhost html] # cd / etc/httpd/conf / / enter the directory [root@localhost conf] # ls / / View httpd.conf magic pwd / / successfully created the file [root@localhost conf] # cat pwd / / View the contents of the file test01:$apr1 $zDZ/54yz$rUCXaWixaltHE6ZBvjv0h/ the user and password created

Add user authorization configuration

[root@localhost conf] # vim httpd.conf...// omits some content. # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named * explicitly*-"Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None # # Controls who can get stuff from this server. # AuthName "DocumentRoot" / / change the access control entry above This entry states that the authentication information AuthType Basic / / verification type is basic authentication AuthUserFile / etc/httpd/conf/pwd / / verify file path Require valid-user / / set to authorized user authentication. / / omit part of the content.: wq / / Save to exit [root@localhost conf] # systemctl restart httpd.service / / restart the service

Verify the configuration in the client

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.