web网站服务实验
实验名称:
web网站访问控制和虚拟主机
二、 实验目的:
http服务的目录授权
虚拟web主机的配置
实验环境:
设备名称 |
系统版本 |
IP地址 |
所需软件 |
Web服务器 |
CentOS-7.3 |
eth0=192.168.10.101 |
Httpd-2.24.25.tar.gz
|
客户端 |
CentOS-7.3 |
eth0=192.168.10.102 |
|
四:实验思路:
安装httpd服务器
httpd服务器的访问控制
虚拟主机:基于ip,基于端口,基于域名
实验过程
一:访问控制(要先装apache,并调试好)
1:客户机地址限制
允许所有主机访问:Require all granted
拒绝所有主机访问:Require all denied
仅允许本地主机访问:Require local
允许或拒绝制定主机访问:Require [not] host
允许或拒绝制定IP或网段访问:Require [not] ip
(1)允许所有主机访问
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
<Directory "/usr/local/httpd/htdocs"> ##225行
Options None
AllowOverride None
Require all granted
</Directory>
[root@localhost ~]# service httpd restart
(2)允许指定IP访问
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
<Directory "/usr/local/httpd/htdocs">
Options None
AllowOverride None
Require ip 192.168.10.102
</Directory>
[root@localhost ~]# service httpd restart
(3)拒绝指定IP访问
<Directory "/usr/local/httpd/htdocs">
Options None
AllowOverride None
<RequireAll>
Require all granted
Require not ip 192.168.10.102
</RequireAll>
</Directory>
[root@localhost ~]# service httpd restart
2:用户授权限制
[root@localhost ~]# cd /usr/local/httpd/
[root@localhost httpd]# bin/htpasswd -c /usr/local/httpd/conf/.webpwd admin ## -c为创建,添加用户不用加-c
按提示输入两次密码
[root@localhost httpd]# cat /usr/local/httpd/conf/.webpwd
[root@localhost httpd]# vi /usr/local/httpd/conf/httpd.conf
<Directory "/usr/local/httpd/htdocs">
Options None
AllowOverride None
AuthName "web access"
AuthType Basic
AuthUserFile /usr/local/httpd/conf/.webpwd
Require valid-user
#Require user admin
</Directory>
[root@localhost httpd]# service httpd restart
[root@localhost httpd]# /usr/local/httpd/bin/apachectl restart \\也可以重启
访问时要求输入密码
二:构建虚拟web主机
有三种方法:
- 基于域名
- 基于IP
- 基于端口
1:基于域名的虚拟主机
(1):为虚拟主机提供域名解析
在客户端(linux)设置hosts,提供域名解析
[root@localhost ~]# vi /etc/hosts
192.168.10.101 www.benet.com
192.168.10.101 www.accp.com
(2):为虚拟主机准备网页
[root@localhost ~]# mkdir -p /var/www/html/benetcom
[root@localhost ~]# mkdir -p /var/www/html/accpcom
[root@localhost ~]# echo "<h1>www.benet.com</h1>" > /var/www/html/benetcom/index.html
[root@localhost ~]# echo "<h1>www.accp.com</h1>" > /var/www/html/accpcom/index.html
(3):添加虚拟主机配置,基于域名的虚拟主机
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf
<Directory "/var/www/html">
Require all granted
</Directory>
<VirtualHost 192.168.10.101>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html/benetcom"
ServerName www.benet.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.access_log" common
</VirtualHost>
<VirtualHost 192.168.10.101>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/var/www/html/accpcom"
ServerName www.accp.com
ErrorLog "logs/www.accp.com.error_log"
CustomLog "logs/www.accp.com.access_log" common
</VirtualHost>
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
去掉注释符
Include conf/extra/httpd-vhosts.conf
[root@localhost ~]# service httpd restart
分别用www.benet.com和www.accp.com访问
2:基于ip地址的虚拟主机
为服务器添加网卡
设置其ip地址为192.168.10.200
用两个ip地址访问
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf
<Directory "/var/www/html">
Require all granted
</Directory>
<VirtualHost 192.168.10.101>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html/benetcom"
ServerName www.benet.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.access_log" common
</VirtualHost>
<VirtualHost 192.168.10.200>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/var/www/html/accpcom"
ServerName www.accp.com
ErrorLog "logs/www.accp.com.error_log"
CustomLog "logs/www.accp.com.access_log" common
</VirtualHost>
3:基于端口号的虚拟主机
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf
<Directory "/var/www/html">
Require all granted
</Directory>
<VirtualHost 192.16810.101:5000>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html/benetcom"
ServerName www.benet.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/www.benet.com.error_log"
CustomLog "logs/www.benet.com.error_log" common
</VirtualHost>
<VirtualHost 192.168.10.101:8000>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/var/www/html/accpcom"
ServerName www.accp.com
ErrorLog "logs/www.accp.com.error_log"
CustomLog "logs/www.accp.com.error_log" common
</VirtualHost>
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
添加
Listen 5000 ##52行
Listen 8000
[root@localhost ~]# service httpd restart