Apache webpage and security optimization-webpage compression

Foreword:

As the most commonly used web server, Apache uses the default configuration after deployment.

Today, for different production environments, we need to make different optimization solutions, not only considering the stability of Apache, but also its security.

Image result for Apache webpage and security optimization-webpage compression

I. Apache web page optimization

1.1 Web Compression
1.1.1 Apcahe web page optimization overview
  • In enterprises, adopting default configuration parameters after deploying Apache will cause a lot of problems for websites. In other words, the default configuration is for the previous lower server configuration, the previous configuration, and it is not suitable for the current Internet era
  • In order to meet the needs of enterprises, we need to consider how to improve the performance and stability of Apache. This is what Apache optimizes.
  • Optimize contentConfigure web compressionSelection of working mode and parameter optimizationAnti-theft chainHide version number…
1.1.2 Introduction to gzip
  • Configure Apache’s web compression function to use the gzip compression algorithm to compress the web content before transmitting it to the client browser
  • effectReduced the number of bytes transmitted on the network and speeded up web page loadingSave traffic and improve user browsing experienceGzip has a better relationship with search engine crawlers
1.1.3 Apache’s compression module
  • Introduction to Apache module for implementing web compressionmod_gzip modulemod_deflate module
  • Apache 1.xNo built-in web compression technology, but compression can be performed using a third-party mod_gzip module
  • Apache 2.XWhen developing, mod_deflate is built in instead of mod_gzip
  • mod_gzip and mod_deflateBoth use the gzip compression algorithm, which works similarlymod_deflate compresses slightly faster, while mod_gzip compresses slightly highermod_gzip uses higher server CPUHigh traffic servers, using mod_deflate may load faster than mod_gzip
1.1.4 Configuring Web Compression
  • Steps to enable web compressionSee if mod_deflate module is installedModify the configuration file and enable compressionCapture test
  • See if mod_deflte module is installedExecute the apache -t D DUMP_MODULES commandIf there is no deflate_module (static) in the output, the mod_deflate module is not installedIf not installed, you need to recompile and install./configure –enable-deflate …make && make install
  • Enable gzip in configuration httpd.conf
 AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript #代表对什么样的内容启用gzip压缩DeflateCompressionLevel #代表压缩级别SetOutputFilter DEFLATE #代表启用deflate模块对本站点的输出进行gzip压缩 

Second, Apache web compression experiment

2.1 Manually compile Apache
 [[email protected] ~]# smbclient -L //192.168.181.1/ Enter SAMBA\root's password : OS=[Windows 10 Education 18362] Server=[Windows 10 Education 6.3] Sharename Type Comment --------- ---- ------- ADMIN$ Disk 远程管理 C$ Disk 默认共享 LAMP-C7 Disk ruanjianbao Disk Users Disk安装包Disk ...............省略部分内容[@localhost ~]# mount.cifs //192.168.181.1/LAMP-C7 /mnt Password for [email protected]//192.168.181.1/ LAMP-C7 : [@localhost ~]# cd /mnt [[email protected] mnt]# ls amoeba-mysql-binary-2.2.0.tar.gz Discuz_X2.5_SC_UTF8.zip mha.rar apr-1.6.2.tar.gz httpd-2.4.29.tar.bz2 mysql-5.6.26.tar.gz apr-util-1.6.0.tar.gz LNMP-C7 php-5.6.11.tar.bz2 awstats-7.6.tar.gz LNMP-C7.rar cronolog-1.6.2-14.el7.x86_64.rpm mha 
  • Extract the cross-platform component package and source package
 [[email protected] mnt]# tar zxvf apr-1.6.2.tar.gz -C /opt [[email protected] mnt]# tar zxvf apr-util-1.6.0.tar.gz -C /opt ...............省略部分内容[[email protected] mnt]# tar jxvf httpd-2.4.29.tar.bz2 -C /opt ...............省略部分内容[[email protected] mnt]# cd /opt [[email protected] opt]# ls apr-1.6.2 apr-util-1.6.0 httpd-2.4.29 rh 
  • Install the compiler and other tools
 [[email protected] opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr [[email protected] opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util [[email protected] opt]#yum -y install \ gcc \ #编译器gcc-c++ \ #编译器make \ #make工具pcre-devel \ #支持正则表达式的工具expat-devel \ #使网站能够解析标签语言的工具perl \ #perl语言工具zlib-devel #支持压缩功能的环境包 
2.1.2 Modify the configuration file
 [[email protected] conf]# ln -s /usr/local/httpd/conf/ /etc/httpd.conf #建立软链接,便于管理 

Enter the configuration file, enable the compression function, and confirm that both the request header configuration item and the filter function are enabled ** (if there are no three functions, you need to check the previous configuration and recompile and install)

 LoadModule filter_module modules/mod_filter.so #搜索/filter(确认101行filter中的过滤器功能开启) LoadModule deflate_module modules/mod_deflate.so #搜索/deflate(开启105行压缩功能) LoadModule headers_module modules/mod_headers.so #搜索/headers(确认112行的请求头部功能开启) 

After confirming the above function modules, add the following information to the end of the configuration file

 <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascrip text/jpg text/png DeflateCompressionLevel 9 SetOutputFilter DEFLATE </IfModule> #支持网页、javascrip图片、jpg、png图片,可添加,格式为text/文件扩展名#DeflateCompressionLevel 9 高压缩比(减少链路带宽、流量) #SetOutputFilter DEFLAT 让deflat作为默认的过滤器加载 

Modify the listening port and domain name

 Listen 192.168.181.173 : 80 #开启ipv4监听,ip地址指向本机(51行) #Listen 80 #关闭ipv6端口监听(52行) ServerName www.demo. com : 80 #将域名修改为demo(198行) ----------》wq [[email protected] conf]# /usr/local/httpd/bin/apachectl -t #检查语法Syntax OK 

Start the service :

 [[email protected] conf]# /usr/local/httpd/bin/apachectl start #使用启动脚本的方式启动apache [[email protected] conf]# systemctl stop firewalld.service [[email protected] conf]# setenforce 0 #关闭防火墙和增强性安全功能 
2.1.3 Verification Module
  • View Site Home
 [[email protected] conf]# cd .. [[email protected] httpd]# ls bin build cgi-bin conf error htdocs icons include lib logs man manual modules [[email protected] httpd]# cd htdocs #httpd的站点首页在htdocs中[[email protected] htdocs]# ls index.html [[email protected] htdocs]# cat index.html #可以在站点首页简单修改(例如嵌入图片) <html><body><h1>It works!</h1></body></html> 

Verification module

 [[email protected] htdocs]# cd /usr/local/httpd/bin/ #进入启动脚本目录bin/ [[email protected] bin]# ls ab apr-1-config apxs dbmmanage envvars-std htcacheclean htdigest httpd logresolve apachectl apu-1-config checkgid envvars fcgistarter htdbm htpasswd httxt2dbm rotatelogs [[email protected] bin]# ./apachectl -t -D DUMP_MODULES |grep "deflate" (检查是否支持deflate功能模块) deflate_module ( shared ) 
2.2 Verification
Insert picture description here

Start a win10 virtual machine simulation client and install the packet capture tool

Insert picture description here

Access address using browser

Insert picture description here

Looking at the packet capture tool, it can be seen that the client supports compression by default

Now we add pictures to the site homepage :

 [[email protected] /]# cd /mnt [[email protected] mnt]# ls amoeba-mysql-binary-2.2.0.tar.gz Discuz_X2.5_SC_UTF8.zip mha apr-1.6.2.tar.gz dog.jpg mha.rar apr-util-1.6.0.tar.gz httpd-2.4.29.tar.bz2 mysql-5.6.26.tar.gz awstats-7.6.tar.gz LNMP-C7 php-5.6.11.tar.bz2 cronolog-1.6.2-14.el7.x86_64.rpm LNMP-C7.rar [[email protected] mnt]# cp dog.jpg /usr/local/httpd/htdocs/ [[email protected] mnt]# cd /usr/local/httpd/htdocs/ [[email protected] htdocs]# ls dog.jpg index.html [[email protected] htdocs]# vim index.html <html><body><h1>It works!</h1> <img src= "dog.jpg" /> #在站点首页添加图片</body></html> --------》wq 
  • Accessing the site using the client again
Insert picture description here
  • View Packet Capture Tool

The image has been gzipped

to sum up:

When we embed images, videos, and other files on the webpage, we will gzip the data to the transmission port before transmitting.
This blog introduces the web compression in Apache web pages and security optimization, and will continue to introduce the optimization of Apache web caching, anti-hotlinking and hidden versions.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: