apache access controll in 2.2 and 2.4

In this example, all requests are denied.

In this example, all requests are allowed.

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

Apache2 Ubuntu Default Page

It works!

This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian, from which the Ubuntu Apache packaging is derived. If you can read this page, it means that the Apache HTTP server installed at this site is working properly. You should replace this file (located at /var/www/html/index.html) before continuing to operate your HTTP server.

If you are a normal user of this web site and don’t know what this page is about, this probably means that the site is currently unavailable due to maintenance. If the problem persists, please contact the site’s administrator.

Configuration Overview

Ubuntu’s Apache2 default configuration is different from the upstream default configuration, and split into several files optimized for interaction with Ubuntu tools. The configuration system is fully documented in /usr/share/doc/apache2/README.Debian.gz. Refer to this for the full documentation. Documentation for the web server itself can be found by accessing the manual if the apache2-doc package was installed on this server.

The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:

|– apache2.conf
| -- ports.conf
|-- mods-enabled
| |-- *.load
— *.conf
|– conf-enabled
| -- *.conf
|-- sites-enabled
— *.conf

apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.

ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.

Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.

They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.

The binary is called apache2. Due to the use of environment variables, in the default configuration, apache2 needs to be started/stopped with /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not work with the default configuration.

Document Roots

By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.

The default Ubuntu document root is /var/www/html. You can make your own virtual hosts under /var/www. This is different to previous releases which provides better security out of the box.

Reporting Problems

Please use the ubuntu-bug tool to report bugs in the Apache2 package with Ubuntu. However, check existing bug reports before reporting a new bug.

Please report bugs specific to modules (such as PHP and others) to respective packages, not to the web server itself.








螢幕擷圖存為 2014-05-29 02:57:35


1.Apache Performance Tuning: KeepAlive to remove latency


2.2 configuration:

2.4 configuration:


Require all denied

Require all granted

Require host xxx.com

Require ip 192.168.1 192.168.2

Require local


用Apache benchmark做壓力測試



-A auth-username:password
Supply BASIC Authentication credentials to the server. The username and password are separated by a single : and sent  on  the
wire  base64  encoded.  The  string  is  sent  regardless of whether the server needs it (i.e., has sent an 401 authentication

-b windowsize
Size of TCP send/receive buffer, in bytes.

-c concurrency
Number of multiple requests to perform at a time. Default is one request at a time.

-C cookie-name=value
Add a Cookie: line to the request. The argument is typically in the form of a name=value pair. This field is repeatable.

-d     Do not display the “percentage served within XX [ms] table”. (legacy support).

-e csv-file
Write a Comma separated value (CSV) file which contains for each percentage (from 1% to 100%) the time  (in  milliseconds)  it
took to serve that percentage of the requests. This is usually more useful than the ‘gnuplot’ file; as the results are already

-f protocol
Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL).

-g gnuplot-file
Write all measured values out as a ‘gnuplot’ or TSV (Tab separate values) file. This file can easily be imported into packages
like Gnuplot, IDL, Mathematica, Igor or even Excel. The labels are on the first line of the file.

-h     Display usage information.
-H custom-header
Append  extra  headers  to the request. The argument is typically in the form of a valid header line, containing a colon-sepa‐
rated field-value pair (i.e., “Accept-Encoding: zip/zop;8bit”).

-i     Do HEAD requests instead of GET.

-k     Enable the HTTP KeepAlive feature, i.e., perform multiple requests within one HTTP session. Default is no KeepAlive.

-n requests
Number of requests to perform for the benchmarking session. The default is to just perform  a  single  request  which  usually
leads to non-representative benchmarking results.

-p POST-file
File containing data to POST. Remember to also set -T.

-P proxy-auth-username:password
Supply BASIC Authentication credentials to a proxy en-route. The username and password are separated by a single : and sent on
the wire base64 encoded. The string is sent regardless of whether the proxy needs it (i.e., has sent an 407 proxy  authentica‐
tion needed).

-q     When  processing  more  than  150 requests, ab outputs a progress count on stderr every 10% or 100 requests or so. The -q flag
will suppress these messages.

-r     Don’t exit on socket receive errors.

-s     When compiled in (ab -h will show you) use the SSL protected https rather than the http protocol. This feature is experimental
and very rudimentary. You probably do not want to use it.

-S     Do  not  display  the median and standard deviation values, nor display the warning/error messages when the average and median
are more than one or two times the standard deviation apart. And default to the min/avg/max values. (legacy support).

-t timelimit
Maximum number of seconds to spend for benchmarking. This implies a -n 50000 internally. Use  this  to  benchmark  the  server
within a fixed total amount of time. Per default there is no timelimit.
-T content-type
Content-type header to use for POST/PUT data, eg. application/x-www-form-urlencoded. Default: text/plain.

-u PUT-file
File containing data to PUT. Remember to also set -T.

-v verbosity
Set  verbosity  level  –  4 and above prints information on headers, 3 and above prints response codes (404, 200, etc.), 2 and
above prints warnings and info.

-V     Display version number and exit.

-w     Print out results in HTML tables. Default table is two columns wide, with a white background.

-x <table>-attributes
String to use as attributes for <table>. Attributes are inserted <table here >.

-X proxy[:port]
Use a proxy server for the requests.

-y <tr>-attributes
String to use as attributes for <tr>.

-z <td>-attributes
String to use as attributes for <td>.

-Z ciphersuite
Specify SSL/TLS cipher suite (See openssl ciphers).



sudo apt-get install apache2
之後輸入網址會出現it works
sudo a2enmod rewrite #若有需要,自行開啟mod_rewrite
sudo a2enmod proxy_http #若有需要,自行開啟proxy_http
sudo a2enmod proxy_balancer #若有需要,自行開啟proxy_balancer