Shulou(Shulou.com)06/02 Report--

1, web page compression

The speed of website access is determined by a number of factors, including:

1) response speed of the application

2) Network bandwidth

3) Server performance

4) the network transmission speed between the client and the client, etc.

The most important thing is the response speed of Apache itself, so the first thing to deal with to improve the performance of a website is to improve the execution speed of Apache as much as possible. The use of web page compression can improve the speed of the application without any cost.

Compression module of Apache

Apache2.x has a built-in mod_deflate module that uses the gzip compression algorithm. Mod_deflate can use the DeflateCompressionLevel directive to set the compression level. The value of this instruction can be an integer from 1 to (fastest compression speed, lowest compression quality) 9 (slowest compression speed, highest compression quality), and its default value is 6 (compression speed and compression quality are more balanced).

(1) first compile and install the Apache source code package

Delete the httpd that comes with the system before compiling and installing yum-y remove httpd #

Tar xzvf httpd-2.4.2.tar.gz-C / opt # decompress the source package

Tar xzvf apr-util-1.4.1.tar.gz-C / opt # decompress the dependency package

Tar xzvf apr-1.4.6.tar.gz-C / opt # decompresses dependency packages, supports upper apache applications across platforms, provides underlying interface libraries, and effectively alleviates the number of concurrent connection processes

Cp-R apr-util-1.4.1/ httpd-2.4.2/srclib/apr-util

Cp-R apr-1.4.6/ httpd-2.4.2/srclib/apr-util

Yum-y install gcc gcc-c++ pcre pcre-devel zlib-devel # installation package to build a compilation environment

Cd httpd-2.4.2/ # goes to the httpd directory to configure, compile and install

. / configure\

-- prefix=/usr/local/httpd\ # specify the httpd installation directory

-- enable-deflate\ # add mod_deflate module

-- enable-so\

-- enable-rewrite\

-- enable-charset-lite\

-- enable-cgi

Make & & make install # for compilation and installation

Cd / uar/local/httpd

Grep-v "#" bin/apachectl > / etc/init.d/httpd # optimizes the startup mode. You can use the service command to manage apache services

Vim / etc/init.d/httpd

#! / bin/bash

# chkconfig:2345 85 35 # add necessary comments to the apache startup script

# description:Apache is a web server

Chmod 755 / etc/init.d/httpd

Chkconfig-- add httpd # set the apache service to boot automatically

Chkconfig httpd on

Ln-s / usr/local/httpd/conf/httpd.conf / etc/httpd.conf # generates a link to the apache main configuration file in the / etc directory for easy management.

(2) build a web site www.benet.com, and build a DNS service to resolve the domain name.

Vim / etc/httpd.conf

Vim / etc/named.conf

Vim / etc/named.rfc1912.zones

Service named start

You can modify the home page of the apache site to add picture information.

Vim / usr/local/httpd/htdocs/index.html

Use the browser to input www.benet.com to visit the web page, and then use the package grabbing tool Fiddler to grab the package

The content is not compressed before the mod_deflate module is enabled

(3) configure mod_ deflate module to enable

After the compilation and installation is complete, the mod_deflate module needs to be enabled in the httpd.conf file to take effect.

Vim / etc/httpd.conf

LoadModule filter_module modules/mod_filter.so

LoadModule headers_module modules/mod_headers.so # enable module service

LoadModule deflate_module modules/mod_deflate.so

At the end of the httpd.conf configuration file, add the configuration item for mod_deflate.

AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript # the first line represents what kind of content gzip compression is enabled for

DeflateCompressionLevel 9 # the second line represents the compression level

The third line of SetOutputFilter DEFLATE # means to enable deflate module compression for gzip compression of the output of this site.

After the modification of the configuration file, you can detect whether the mod_deflate module is enabled, and then start the apache service

Cd / usr/local/httpd/bin

. / apachectl-t-D DUMP_MODULES | grep "deflate"

Service httpd start

(4) Test whether mod_deflate compression is effective.

Open the Fiddler package capture tool and visit the page of the Apache server with a browser. You can see that Content-Encoding:gzip is included in the response header, indicating that the compression has taken effect.

2. Web caching

The web page cache is a part of the page cache that often does not change or changes very little, and the next time the browser visits these pages again, it does not need to download these pages again, thus improving the access speed of users.

Apache's mod_exprices module automatically generates Express tags and Cache-Control tags in the page header information. According to the tags, the client browser decides that the next visit is to get the page in the cache of the local machine, and there is no need to send a request to the server, thus reducing the frequency and times of client access, reducing unnecessary traffic and increasing access speed.

The steps for configuring the mod_exprices module are similar to the mod_deflate module.

Before enabling the mod_exprices module function, you can open a browser to enter www.benet.com to access the web page, use the Fiddler packet crawling tool to grab the packet first, and check whether the cache sets the expires entry, which can be compared with the mod_exprices module enabled.

(1) install mod_ exprices module

Based on the apache source package just installed, first close the apache service and add the mod_exprices module to compile and install again.

Service htted stop

Cd / opt/httpd-2.4.2/

. / configure\

-- prefix=/usr/local/httpd\

-- enable-deflate\ # add mod_deflate module

-- enable-expires\ # add mod_exprices module

-- enable-so\

-- enable-rewrite\

-- enable-charset-lite\

-- enable-cgi

Make & & make install # compilation and installation

(2) configure mod_exprices module

Vim / etc/httpd.conf

LoadModule expires_module modules/mod_expires.so # Open the mod_exprices module

Add a mod_exprices module setting item at the end of httpd.conf

ExpiresActive On

ExpiresDefault "access plus 60 seconds" # add cache time 60 seconds

Then restart the apache service

Service httpd restart

(3) Test whether the cache is valid.

Open the Fiddler package grab tool and visit the page of the Apache server with a browser. You can see that the response header contains an expires item, indicating that the cache is already working.

3. The default settings of hotlink protection Apache can not only optimize the performance, but also set the security accordingly. If a website does not have the picture information described in its page, then it can be linked to the picture information of other websites. Like this. Websites without any resources make use of the resources of other sites to show them to visitors, which increases their visits, but most visitors are not easy to find. In order not to increase the cost, some bad websites expand their own site content and often steal links from other websites, which on the one hand harms the legitimate interests of the source website, on the other hand, it increases the burden on the server, so we need to set up hotlink protection.

Prepare the environment:

1) the client uses Windows system and IP address 192.168.30.100 to build a pirated website www.test.com.

2) Source host redhat6.5 system, IP address 192.168.30.15 build source website www.benet.com

(1) build a pirated website www.test.com on the client, and add the mapping relationship between the above IP address and domain name in the hosts file

Open the internet Information Services Manager

Open IIS for site configuration

Create a new file, write the html format, point the picture information to the source host, modify the file format to html format, and put it in the site wwwroot

Add a mapping relationship to the hosts file

Enter www.benet.com,www.test.com in the browser to access it, and you can see that there is no difference in the content of the picture.

When you use the Fiddler package crawling tool to grab data, you can see that the request to www.test.com and then to www.benet.com/abc.jpg indicates that the hotlink theft is successful.

(2) apache hotlink protection configuration

If the mod_rewrite module is not installed, you need to stop the apache service, recompile the installation, and add the mod_rewrite module in the parameters.

Cd httpd-2.4.2/

. / configure\

-- prefix=/usr/local/httpd\

-- enable-deflate\

-- enable-so\

-- enable-rewrite\ # add mod_rewrite module

-- enable-charset-lite\

-- enable-cgi

Make & & make install

(3) configure mod_rewrite module to enable

Vim / etc/httpd.conf

Add rewrite settings at the end of the site directory

... ..

RewriteEngine On

RewriteCond% {HTTP_REFERER}! ^ http://benet.com/.*$ [NC]

RewriteCond% {HTTP_REFERER}! ^ http://benet.com/$ [NC]

RewriteCond% {HTTP_REFERER}! ^ http://www.benet.com/.*$ [NC]

RewriteCond% {HTTP_REFERER}! ^ http://www.benet.com/$ [NC]

RewriteRule. *\. (gif | jpg | swf) $http://www.benet.com/error.png

The final match result is: second, third, fourth, five elements of the trust site, can use the site image; in addition to the trust site, if you directly access the file ending in gif,jpg,swf will jump to the redirect page.

Restart the apache service

(4) Test whether the mod_rewrite redirection is effective.

Clear the browser's cache to avoid reading the cached content locally, move the error.png image to the site directory / usr/local/httpd/htdocs, and visit the website again, as shown in the following figure

4. Hide version information in general, the vulnerability information of the software is related to a specific version, so the version number of the software is very valuable to the person who uses Fiddler to grab the package. You can see the version of apache with the package grab tool.

If × × or people with ulterior motives get the version information of apache, it will be targeted and cause great losses to the website, so we should hide the version number of apache, reduce the risk of being exposed to × ×, and protect the safe operation of the server.

Modify the httpd.conf configuration file to make the httpd-default.conf file effective, which contains whether or not to return version information.

Then modify the httpd-default.conf file

Restart the apache service, visit the web page again, and use the Fiddler packet crawling tool to grab the packet, and you can see that the version information has been hidden.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.