3-15 隐藏apache 版本信息

屏蔽 apache 版本敏感信息信息

查看是否有gcc

[root@xuegod2 ~]# gcc

gcc gcc-ar gcc-nm gcc-ranlib

1 ）

vim /usr/lib/systemd/system/httpd.service

写入以下内容

打开配置文件

[root@xuegod2 ~]# cd /usr/local/apache/conf/

[root@xuegod2 conf]#

[root@xuegod2 conf]# ls

extra httpd.conf httpd.conf.bak magic mime.types original

[root@xuegod2 conf]# vim httpd.conf

[root@xuegod2 conf]# vim extra/httpd-default.conf

重启apache

systemctl restart httpd

[root@xuegod3 ~]# curl -I 192.168.24.63

HTTP/1.1 200 OK

Date: Thu, 28 May 2020 10:46:43 GMT

Server: Apache 已经隐藏 apache 版本

Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT

ETag: "2d-432a5e4a73a80"

Accept-Ranges: bytes

Content-Length: 45

Content-Type: text/html

2 ）让版本号彻底消失

重新编译

systemctl stop httpd

[root@xuegod3 ~]# systemctl stop httpd

[root@xuegod3 ~]# lsof -i:80

[root@xuegod3 src]# rm -rf httpd-2.4.16

重新解压编译

从新再次编译

./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --enable-deflate --with-apr-util=/usr/local/apr-util --enable-modules=most --enable-mpms-shared=all --with-mpm=event

make -j 4 && make install

[root@xuegod3 httpd-2.4.16]# systemctl daemon-reload

[root@xuegod3 httpd-2.4.16]# systemctl enable httpd

Failed to execute operation: Bad message

[root@xuegod3 httpd-2.4.16]# systemctl start httpd

[root@xuegod3 httpd-2.4.16]# lsof -i:80

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME

httpd 76374 root 4u IPv6 96918 0t0 TCP *:http (LISTEN)

httpd 76375 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)

httpd 76376 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)

httpd 76377 daemon 4u IPv6 96918 0t0 TCP *:http (LISTEN)

[root@xuegod3 httpd-2.4.16]#

测试成功

[root@xuegod3 httpd-2.4.16]# vim /etc/httpd/httpd.conf

重新启动

这里我们设置apache 的网站更目录和属组为daemon

[root@xuegod3 htdocs]# chown daemon.daemon /usr/local/apache/htdocs/ -R

[root@xuegod3 htdocs]# ll -sd /usr/local/apache/htdocs/

0 drwxr-xr-x. 2 daemon daemon 24 5月 28 18:20 /usr/local/apache/htdocs/

15.1.7 保护apache 日志，设置好apache 日志文件权限

对日志的授权，我们要将属主和属组都设置为root

开始设置错误页面

[root@xuegod3 htdocs]# vim /etc/httpd/httpd.conf

[root@xuegod3 htdocs]# echo "404 go to home " > /usr/local/apache/htdocs/404.html

[root@xuegod3 htdocs]# systemctl restart httpd.service

用浏览器测试成功

15.2.2 启用压缩模块 mod_deflate

查看模块

[root@xuegod3 htdocs]# /usr/local/apache/bin/apachectl -M

[root@xuegod3 apache]# ls modules/mod_deflate.so

modules/mod_deflate.so 已经安装

到配置文件中增加一行

[root@xuegod3 apache]# vim /etc/httpd/httpd.conf

写入以下内容

<ifmodule mod_deflate.c>

DeflateCompressionLevel 9

SetOutputFilter DEFLATE

DeflateFilterNote Input instream

DeflateFilterNote Output outstream

DeflateFilterNote Ratio ratio

AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript

</ifmodule>

[root@xuegod3 httpd-2.4.16]# ls modules/filters/mod_deflate.c

modules/filters/mod_deflate.c

测试压缩

[root@xuegod3 httpd-2.4.16]# vim /etc/httpd/httpd.conf

[root@xuegod3 httpd-2.4.16]# cd modules/

[root@xuegod3 modules]# cd metadata/

[root@xuegod3 metadata]# ll mod_expires.c

-rw-r--r--. 1 501 games 18396 5月 7 2014 mod_expires.c

在配置文件中写入对全局

的配置在apache 主配置文件httpd.conf 的末尾如下采纳数即可，

vim /etc/httpd/httpd.conf

<IfModule mod_expires.c>

ExpiresActive on

ExpiresDefault "access plus 12 month"

ExpiresByType text/html "access plus 12 months"

ExpiresByType text/css "access plus 12 months"

ExpiresByType image/gif "access plus 12 months"

ExpiresByType image/jpeg "access plus 12 months"

ExpiresByType image/jpg "access plus 12 months"

ExpiresByType image/png "access plus 12 months"

EXpiresByType application/x-shockwave-flash "access plus 12 months"

EXpiresByType application/x-javascript "access plus 12 months"

ExpiresByType video/x-flv "access plus 12 months"

</IfModule>

重启服务器

systemctl restart httpd

开始用浏览器测试

2 、对目录

对目录进行缓存

查看apache 的运行模式

[root@xuegod3 ~]# /usr/local/apache/bin/httpd -M | grep event

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.24.63. Set the 'ServerName' directive globally to suppress this message

mpm_event_module (shared)

[root@xuegod3 ~]# ls /usr/local/apache/modules/mod_mpm_prefork.so

/usr/local/apache/modules/mod_mpm_prefork.so

再次重启httpd

[root@xuegod3 ~]# ps -aux | grep httpd | wc -l

[root@xuegod3 ~]# ps -aux | grep http | awk '{print $6}'

2116

1800

984

平均为1.7 M

[root@xuegod3 ~]# ps aux | grep http |awk '{sum += $6;n++};END{print sum/n}'

1728.57

15.4.8 如何设置最大连接数

计算后要减去服务器本身系统所需要的资源，比如，内存2G，减去500M 留给服务器，还有1.5G 那么最大的连接数就是1500/1.7 =1000 左右

重启apache 在打开网站看看是否还会有慢的情况

测试观察apache de 最大连接数

[root@xuegod3 ~]# watch -n 1 "pgrep httpd | wc -l "

6 有6个进程

常用配置参考：

生产环境配置实例：

<IFModule mpm_worker_module>

StartServers 5

MaxRequestWorkers 9600

ServerLimit 64

MinSpareThreads 25

MaxSpareThreads 500

ThreadLimit 200

ThreadsPerChild 150

MaxRequestsPerChild 0

</IFModule>

此服务器配置：最多进程数：64个；最多线程数（最大并发数） 64*150=9600 ；不可能超过64*200=12800