Apache Web page optimization for Web Services

Posted by Fahid on Fri, 25 Feb 2022 14:04:26 +0100

I Apache Web page and security optimization

In enterprises, only using the default configuration parameters after deploying Apache will cause many problems in the website. In other words, the default configuration is for the previous lower server configuration, which is no longer applicable to today's Internet era.
In order to meet the needs of enterprises, we need to consider how to improve the performance and stability of Apache, which is the content of Apache optimization.

II Web page compression

1. Check whether mod is installed_ Deflate module

apachectl -t -D DUMP_MODULES | grep "deflate"

2. If mod is not installed_ Deflate module, recompile and install Apache, add mod_deflate module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak
 
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate                #Add mod_deflate module
 
make && make install

3. Configure mod_deflate module enabled

vim /usr/local/httpd/conf/httpd.conf
 
--52 that 's ok--modify
Listen 192.198.80.10:80
 
--105 that 's ok--note off
LoadModule deflate_module modules/mod_deflate.so        #Enable mod_deflate module
 
--197 that 's ok--Uncomment, modify
ServerName www.kgc.com:80
 
--Last line add--
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript text/jpg text/png    #Represents what kind of content to enable gzip compression
DeflateCompressionLevel 9            #Represents the compression level, ranging from 1 to 9
SetOutputFilter DEFLATE                #On behalf of enabling deflate module to gzip compress the output of this site

4. Check the installation and start the service

apachectl -t            #Verify that the configuration file is configured correctly
apachectl -t -D DUMP_MODULES | grep "deflate"        #Check Mod_ Is deflate module installed
  deflate_module (shared)                            #Installed correct results
 
systemctl start httpd.service

5. Test Mod_ Whether deflate compression takes effect

cd /usr/local/httpd/htdocs
 First game.jpg File transfer/usr/local/httpd/htdocs Under the directory
 
vim index.html
<html><body><h1>It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!It works!</h1>
<img src="game.jpg"/>
</body></html>

6. Verify

Method 1:
stay Linux In the system, open Firefox browser and right-click to view elements
 Select network ---> choice HTML,WS,other 
visit http://192.168.80.10, double-click the 200 response message to see that the response header contains content encoding: gzip
 
Method 2:
stay Windows Installed in sequence in the system Microsoft.NET4 and fiddler Software, open fiddler Software
 choice inspectors ---> choice Headers
 Browser access http://192.168.80.10, double-click the 200 response message to view the content encoding: gzip

III Web cache

1. Check whether mod is installed_ Expires module

apachectl -t -D DUMP_MODULES | grep "expires"

2. If mod is not installed_ Expires module, recompile and install Apache, add mod_expires module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak1
 
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires            #Add mod_expires module
 
make && make install

3. Configure mod_expires module enabled

vim /usr/local/httpd/conf/httpd.conf
 
--52 that 's ok--modify
Listen 192.198.80.10:80
 
--111 that 's ok--note off
LoadModule expires_module modules/mod_expires.so        #Enable mod_expires module
 
--199 that 's ok--Uncomment, modify
ServerName www.kgc.com:80
 
--Last line add--
<IfModule mod_expires.c>
  ExpiresActive On                                #Turn on Web page caching
  ExpiresDefault "access plus 60 seconds"        #Set cache for 60 seconds
</IfModule>

4. Check the installation and start the service

apachectl -t            #Verify that the configuration file is configured correctly
apachectl -t -D DUMP_MODULES | grep "expires"        #Check Mod_ Is deflate module installed
  deflate_module (shared)                            #Installed correct results
 
systemctl start httpd.service

5. Test whether the cache is effective

cat /usr/local/httpd/htdocs/index.html
 
Method 1:
stay Linux In the system, open Firefox browser and right-click to view elements
 Select network ---> choice HTML,WS,other 
visit http://192.168.80.10, double-click the 200 message to see that the response header contains the Expires item
 
Method 2:
stay Windows Installed in sequence in the system Microsoft.NET4 and fiddler Software, open fiddler Software
 choice inspectors ---> choice Headers
 Browser access http://192.168.80.10, double-click the 200 message to view the Expires item

IV Hide version information

vim /usr/local/httpd/conf/httpd.conf
 
--491 that 's ok--note off
Include conf/extra/httpd-default.conf

vim /usr/local/httpd/conf/extra/httpd-default.conf
 
--55 that 's ok--modify
ServerTokens Prod            #Change the original Full to Prod, only display the name, no version
#ServerTokens indicates whether the response header field returned by the Server to the client contains information about the Server OS type and the compiled module description.

systemctl restart httpd.service
 
Browser access http://192.168.80.10, double-click the 200 message to view the Server item

V Apache anti-theft chain

1. Check whether mod is installed_ Rewrite Module

apachectl -t -D DUMP_MODULES | grep "rewrite"

2. If mod is not installed_ Rewrite module, recompile and install Apache, add mod_rewrite Module

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2
 
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \                    #Add mod_rewrite Module
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
 
make && make install

3. Configure mod_rewrite Module enabled

systemctl stop httpd.service
cd /usr/local/httpd/conf
mv httpd.conf httpd.conf.bak2
 
yum -y install gcc gcc-c++ pcre pcre-devel zlib-devel
cd /opt/httpd-2.4.29/
./configure \
--prefix=/usr/local/httpd \
--enable-so \
--enable-rewrite \                    #Add mod_rewrite Module
--enable-charset-lite \
--enable-cgi \
--enable-deflate \
--enable-expires
 
make && make install

RewriteCond %{HTTP_REFERER} !^ http://www.kgc.com/. *Field meaning of $[NC]:
'% {http_reference}': the URL of a link, indicating which link to access the required web page from.
"! ^": indicates that it does not start with the following string.
“ http://www.kgc.com ”: is the path of this website, matching according to the whole string.
". * $": indicates that it ends with any character.
"[NC]": indicates case insensitive letters.

RewriteRule .*\.(gif|jpg|swf)$ http://www.kgc.com/error.png Field meaning of:
“.” : Indicates a match of one character.
"*": indicates matching 0 to more than one character, which is the same as "." Together, it means to match any character in front of 0 to multiple times. If it is 1 to multiple times, it can be represented by "+".
“\.” : The "\" here is the escape character, "\." It stands for the symbol "." I mean. Because "." In the instruction, it is a regular character with corresponding meaning. If it needs to be matched, an escape character "\" needs to be added in front of it. If other regular characters need to be matched, the same processing should be done.
"(gif|jpg|swf)": means to match any one of "GIF", "JPG" and "SWF", and "$" means to end. The final rule is to end with ". GIF", "JPG" and ". SWF", preceded by a string of 1 to more characters, that is, a file matching the image type.
“ http://www.kgc.com/error.png ”: indicates forwarding to this path.

The meaning of the whole configuration is to display error when accessing the image file of this site with a website domain name other than this site Png this picture.

4. Web page preparation

Web Source host configuration:
 
cd /usr/local/httpd/htdocs
 take game.jpg,error.png File transfer/usr/local/httpd/htdocs Under the directory
 
vim index.html
<html><body><h1>this is kgc.com!</h1>
<img src="game.jpg"/>
</body></html>
 
echo "192.168.80.10 www.kgc.com" >> /etc/hosts 
echo "192.168.80.12 www.benet.com" >> /etc/hosts

Stolen website host:
 
cd /usr/local/httpd/htdocs                #The default path of httpd service installed by yum is / var/www/html/
 
vim index.html
<html><body><h1>this is benet.com!</h1>
<img src="http://www.kgc.com/game.jpg"/>
</body></html>
 
echo "192.168.80.10 www.kgc.com" >> /etc/hosts 
echo "192.168.80.12 www.benet.com" >> /etc/hosts

5. Verify the browser on the host of the map stealing website

http://www.benet.com

Topics: Front-end Apache server

Programmer Think