apache access controll in 2.2 and 2.4

In this example, all requests are denied.

In this example, all requests are allowed.

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

Apache2 Ubuntu Default Page

It works!

This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian, from which the Ubuntu Apache packaging is derived. If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file (located at /var/www/html/index.html) before continuing to operate your HTTP server.

If you are a normal user of this web site and don’t know what this page is about, this probably means that the site is currently unavailable due to maintenance. If the problem persists, please contact the site’s administrator.

Configuration Overview

Ubuntu’s Apache2 default configuration is different from the upstream default configuration, and split into several files optimized for interaction with Ubuntu tools. The configuration system is fully documented in /usr/share/doc/apache2/README.Debian.gz. Refer to this for the full documentation. Documentation for the web server itself can be found by accessing the manual if the apache2-doc package was installed on this server.

The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:

/etc/apache2/
|– apache2.conf
| -- ports.conf
|-- mods-enabled
| |-- *.load
|
— *.conf
|– conf-enabled
| -- *.conf
|-- sites-enabled
|
— *.conf

apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.

ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.

Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.

They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.

The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not work with the default configuration.

Document Roots

By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.

The default Ubuntu document root is /var/www/html. You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box.

Reporting Problems

Please use the ubuntu-bug tool to report bugs in the Apache2 package with Ubuntu. However, check existing bug reports before reporting a new bug.

Please report bugs specific to modules (such as PHP and others) to respective packages, not to the web server itself.

Apache性能調效,KeepAlive

關於Apache的keep-alive,主要有三個參數:
KeepAlive
MaxKeepAliveRequests
KeepAliveTimeout

關於這三個參數的解說,可以參考這裡:http://httpd.apache.org/docs/2.0/en/mod/core.html#keepalive

apache預設KeepAlive是打開的,如果妳沒開KeepAlive,那麼你每一個request都會重新一個connectiion,這對cpu來說可能有點負擔。

所以如果把KeepAlive打開,而你的MaxKeepAliveRequests又夠大,當client再download你server上的東西時(例如css.js.images…等等),就有可能再一個connection裡全部做完,而且對User來說體驗會比較好,因為等待的時間變短了。

不過KeepAlive打開也有缺點,它可能會造成記憶體使用增加,因為apache的程序需要等待下一個requests進來,所以connection會保持打開,直到你設定的keepAliveTimeout的時間到了為止。

所以KeepAlive主要有以下優缺點:
優點:
一、較好的performance
二、減少cpu使用量
缺點:
一、可能造成記憶體使用量增加

如何看一個網站有沒有設定KeepALive?開一下console就可以看到了。
螢幕擷圖存為 2014-05-29 02:57:35

一般來說網站我都會把KeepALive設On,因為performance會變好。
而MaxKeepAliveRequests我會調到可以超過網站頁面的所有requests數,這可以因網站不同而異,如果你有很多頁面包含一堆檔案,例如圖片,那麼可能就需要調高一點。
至於KeepAliveTimeout我不會設太高,因為設太高可能會cost太多記憶體使用量。

參考文章:
1.Apache Performance Tuning: KeepAlive to remove latency

apache2.2升級至2.4需要調整conf設定

2.2 configuration:

2.4 configuration:

常用到的有以下幾種

Require all denied

Require all granted

Require host xxx.com

Require ip 192.168.1 192.168.2

Require local

相關文件請參考:http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require

用Apache benchmark做壓力測試

Apache本身的套件有個ab程式可以做測試,它可以測試你的網站可以乘載多少壓力!

用法:

option:
-A auth-username:password
Supply BASIC Authentication credentials to the server. The username and password are separated by a single : and sent  on  the
wire  base64  encoded.  The  string  is  sent  regardless of whether the server needs it (i.e., has sent an 401 authentication
needed).

-b windowsize
Size of TCP send/receive buffer, in bytes.

-c concurrency
Number of multiple requests to perform at a time. Default is one request at a time.

-C cookie-name=value
Add a Cookie: line to the request. The argument is typically in the form of a name=value pair. This field is repeatable.

-d     Do not display the “percentage served within XX [ms] table”. (legacy support).

-e csv-file
Write a Comma separated value (CSV) file which contains for each percentage (from 1% to 100%) the time  (in  milliseconds)  it
took to serve that percentage of the requests. This is usually more useful than the ‘gnuplot’ file; as the results are already
‘binned’.

-f protocol
Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL).

-g gnuplot-file
Write all measured values out as a ‘gnuplot’ or TSV (Tab separate values) file. This file can easily be imported into packages
like Gnuplot, IDL, Mathematica, Igor or even Excel. The labels are on the first line of the file.

-h     Display usage information.
-H custom-header
Append  extra  headers  to the request. The argument is typically in the form of a valid header line, containing a colon-sepa‐
rated field-value pair (i.e., “Accept-Encoding: zip/zop;8bit”).

-i     Do HEAD requests instead of GET.

-k     Enable the HTTP KeepAlive feature, i.e., perform multiple requests within one HTTP session. Default is no KeepAlive.

-n requests
Number of requests to perform for the benchmarking session. The default is to just perform  a  single  request  which  usually
leads to non-representative benchmarking results.

-p POST-file
File containing data to POST. Remember to also set -T.

-P proxy-auth-username:password
Supply BASIC Authentication credentials to a proxy en-route. The username and password are separated by a single : and sent on
the wire base64 encoded. The string is sent regardless of whether the proxy needs it (i.e., has sent an 407 proxy  authentica‐
tion needed).

-q     When  processing  more  than  150 requests, ab outputs a progress count on stderr every 10% or 100 requests or so. The -q flag
will suppress these messages.

-r     Don’t exit on socket receive errors.

-s     When compiled in (ab -h will show you) use the SSL protected https rather than the http protocol. This feature is experimental
and very rudimentary. You probably do not want to use it.

-S     Do  not  display  the median and standard deviation values, nor display the warning/error messages when the average and median
are more than one or two times the standard deviation apart. And default to the min/avg/max values. (legacy support).

-t timelimit
Maximum number of seconds to spend for benchmarking. This implies a -n 50000 internally. Use  this  to  benchmark  the  server
within a fixed total amount of time. Per default there is no timelimit.
-T content-type
Content-type header to use for POST/PUT data, eg. application/x-www-form-urlencoded. Default: text/plain.

-u PUT-file
File containing data to PUT. Remember to also set -T.

-v verbosity
Set  verbosity  level  –  4 and above prints information on headers, 3 and above prints response codes (404, 200, etc.), 2 and
above prints warnings and info.

-V     Display version number and exit.

-w     Print out results in HTML tables. Default table is two columns wide, with a white background.

-x <table>-attributes
String to use as attributes for <table>. Attributes are inserted <table here >.

-X proxy[:port]
Use a proxy server for the requests.

-y <tr>-attributes
String to use as attributes for <tr>.

-z <td>-attributes
String to use as attributes for <td>.

-Z ciphersuite
Specify SSL/TLS cipher suite (See openssl ciphers).

相關文章:
http://blog.longwin.com.tw/2005/08/apache_ab_test_performance/

在ubuntu(12.0LTS)上安裝Apache+Php+Mysql+Phpmyadmin

一.安裝Apache
sudo apt-get install apache2
之後輸入網址會出現it works
sudo a2enmod rewrite #若有需要,自行開啟mod_rewrite
sudo a2enmod proxy_http #若有需要,自行開啟proxy_http
sudo a2enmod proxy_balancer #若有需要,自行開啟proxy_balancer

閱讀全文〈在ubuntu(12.0LTS)上安裝Apache+Php+Mysql+Phpmyadmin〉