Apache Web page and security optimization -- web page compression

Article directory

Preface:

As the most commonly used web server, Apache uses the default configuration after deployment.

Now, we need to make different optimization schemes for different production environments, not only considering the stability of Apache, but also considering its security

1, Apache Web page optimization

1.1 web page compression
1.1.1 overview of apcahe web page optimization
  • In an enterprise, using default configuration parameters after deploying Apache will cause many problems in the website. In other words, the default configuration is for the previous lower server configuration, the previous configuration and not suitable for today's Internet era

  • In order to meet the needs of enterprises, we need to consider how to improve the performance and stability of Apache, which is the content of Apache optimization

  • Optimize content

    Configure web page compression

    Selection of working mode and optimization of parameters

    Anti-theft chain

    Hide version number

    ...

1.1.2 gzip introduction
  • To configure Apache's Web compression function, gzip compression algorithm is used to compress the web content and then transfer it to the client browser

  • Effect

    Reduce the number of bytes transmitted by the network and speed up the loading of web pages

    Save traffic and improve users' browsing experience

    gzip has a better relationship with search engine grabbing tools

1.1.3 Apache compression module
  • The module introduction of Apache to realize the function of web page compression

    Mod? Gzip module

    Mod? Deflate module

  • Apache 1.x

    There is no built-in web page compression technology, but you can use the third-party mod ﹣ gzip module to perform compression

  • Apache 2.X

    During redevelopment, mod ﹣ deflate is built in to replace mod ﹣ gzip

  • Mod gzip module and mod deflate module

    Both of them use gzip compression algorithm, with similar operation principle

    Mod ABCD deflate compression speed is slightly faster, while mod ABCD gzip compression ratio is slightly higher

    Mod ﹣ gzip takes up more CPU on the server

    For high traffic servers, using mod ﹣ deflate may load faster than mod ﹣ gzip

1.1.4 configure web compression function
  • To enable Web page compression

    Check to see if mod? Deflate module is installed

    Modify the configuration file to enable compression

    Grab Test

  • Check if mod? Deflte module is installed

    Execute the Apache - t d dump? Modules command

    If there is no deflate module (static) in the output, the module is not installed at compile time

    Without installation, you need to recompile the installation

    ./configure --enable-deflate...

    make && make install

  • Configure and turn on the gzip function in the configuration of httpd.conf

AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript	#Represents what content to enable gzip compression for
DeflateCompressionLevel	 #Represents compression level
SetOutputFilter DEFLATE	 #On behalf of enabling deflate module to gzip the output of this site

2, Apache Web compression experiment

2.1 compiling apache manually
[root@localhost ~]# smbclient -L //192.168.181.1/
Enter SAMBA\root's password: 
OS=[Windows 10 Education 18362] Server=[Windows 10 Education 6.3]

	Sharename       Type      Comment
	---------       ----      -------
	ADMIN$          Disk      Remote management
	C$              Disk      Default sharing
	LAMP-C7         Disk      
	ruanjianbao     Disk      
	Users           Disk      
	//Installation package Disk      
...............Omit part of the content
[@localhost ~]# mount.cifs //192.168.181.1/LAMP-C7 /mnt
Password for root@//192.168.181.1/LAMP-C7:  
[@localhost ~]# cd /mnt
[root@localhost mnt]# ls
amoeba-mysql-binary-2.2.0.tar.gz  Discuz_X2.5_SC_UTF8.zip  mha.rar
apr-1.6.2.tar.gz                  httpd-2.4.29.tar.bz2     mysql-5.6.26.tar.gz
apr-util-1.6.0.tar.gz             LNMP-C7                  php-5.6.11.tar.bz2
awstats-7.6.tar.gz                LNMP-C7.rar
cronolog-1.6.2-14.el7.x86_64.rpm  mha

  • Decompress cross platform component package and source package
[root@localhost mnt]# tar zxvf apr-1.6.2.tar.gz -C /opt
[root@localhost mnt]# tar zxvf apr-util-1.6.0.tar.gz -C /opt
...............Omit parts
[root@localhost mnt]# tar jxvf httpd-2.4.29.tar.bz2 -C /opt
...............Omit part of the content
[root@localhost mnt]# cd /opt
[root@localhost opt]# ls
apr-1.6.2  apr-util-1.6.0  httpd-2.4.29  rh
  • Install compilers and other tools
[root@localhost opt]# mv apr-1.6.2/ httpd-2.4.29/srclib/apr
[root@localhost opt]# mv apr-util-1.6.0/ httpd-2.4.29/srclib/apr-util
[root@localhost opt]#yum -y install \
gcc \				#Compiler
gcc-c++ \			#Compiler
make \				#make tools
pcre-devel \		#Tools that support regular expressions
expat-devel \		#Tools to enable websites to parse label languages
perl \				#perl language tools
zlib-devel			#Environment package supporting compression
2.1.2 modify configuration file
[root@localhost conf]# ln -s /usr/local/httpd/conf/ /etc/httpd.conf   #Establish soft links for easy management

Enter the configuration file, turn on the compression function, and confirm that both the request header configuration item and the filter function are turned on * * (if there are no three functions, you need to check the previous configuration and recompile the installation)**

LoadModule filter_module modules/mod_filter.so
#Search / filter (confirm that the filter function in filter of line 101 is on)
LoadModule deflate_module modules/mod_deflate.so
#Search / deflate (enable 105 line compression)
LoadModule headers_module modules/mod_headers.so
#Search / headers (confirm that the request header function of line 112 is on)

After the above function modules are confirmed to be enabled, add the following information at the end of the configuration file

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascrip text/jpg text/png
  DeflateCompressionLevel 9
  SetOutputFilter DEFLATE
</IfModule>
#Support web page, JavaScript picture, jpg, png picture, can be added, format is text / file extension
#DeflateCompressionLevel 9 high compression ratio (reduces link bandwidth, traffic)
#SetOutputFilter DEFLAT lets deflat load as the default filter

Modify listening port and domain name

Listen 192.168.181.173:80		#Enable ipv4 monitoring, ip address points to the local machine (line 51)
#Listen 80						#Turn off ipv6 port listening (line 52)
ServerName www.demo.com:80		#Change the domain name to demo (line 198)
---------->wq
[root@localhost conf]# /usr/local/httpd/bin/apachectl -t  #Check syntax
Syntax OK

Start service:

[root@localhost conf]# /usr/local/httpd/bin/apachectl start		#Starting apache with a startup script
[root@localhost conf]# systemctl stop firewalld.service 
[root@localhost conf]# setenforce 0
#Turn off firewall and enhanced security
2.1.3 verification module
  • View site Homepage
[root@localhost conf]# cd ..
[root@localhost httpd]# ls
bin  build  cgi-bin  conf  error  htdocs  icons  include  lib  logs  man  manual  modules
[root@localhost httpd]# cd htdocs   #The homepage of httpd is in htdocs
[root@localhost htdocs]# ls
index.html
[root@localhost htdocs]# cat index.html  #It can be simply modified on the homepage of the site(For example, embed pictures)
<html><body><h1>It works!</h1></body></html>

Verification module

[root@localhost htdocs]# cd /usr/local/httpd/bin/ #Enter the startup script directory bin/
[root@localhost bin]# ls
ab         apr-1-config  apxs      dbmmanage  envvars-std  htcacheclean  htdigest  httpd      logresolve
apachectl  apu-1-config  checkgid  envvars    fcgistarter  htdbm         htpasswd  httxt2dbm  rotatelogs
[root@localhost bin]# ./apachectl -t -D DUMP_MODULES |grep "deflate"  (Check for support deflate Function module)
 deflate_module (shared)
2.2 validation

Start a win10 virtual machine simulation client and install the package grabbing tool

Use browser to access address

View the package grabbing tool. It can be seen that the client supports compression by default

Now let's add pictures to the homepage of the site:

[root@localhost /]# cd /mnt
[root@localhost mnt]# ls
amoeba-mysql-binary-2.2.0.tar.gz  Discuz_X2.5_SC_UTF8.zip  mha
apr-1.6.2.tar.gz                  dog.jpg                  mha.rar
apr-util-1.6.0.tar.gz             httpd-2.4.29.tar.bz2     mysql-5.6.26.tar.gz
awstats-7.6.tar.gz                LNMP-C7                  php-5.6.11.tar.bz2
cronolog-1.6.2-14.el7.x86_64.rpm  LNMP-C7.rar
[root@localhost mnt]# cp dog.jpg /usr/local/httpd/htdocs/
[root@localhost mnt]# cd /usr/local/httpd/htdocs/
[root@localhost htdocs]# ls
dog.jpg  index.html
[root@localhost htdocs]# vim index.html 
<html><body><h1>It works!</h1>
<img src="dog.jpg"/>		#Add pictures to the front page of the site
</body></html>
-------->wq
  • Use the client again to access the site

  • View grab tool

gzip the picture

Conclusion:

When we embed pictures, videos and other files in the web page, we will do gzip compression and retransmission when we transfer the port.
This blog introduces the web page compression in Apache Web page and security optimization, and then it will continue to introduce the optimization of Apache Web page cache, anti-theft chain and hidden version

46 original articles published, 46 praised, 6219 visited
Private letter follow

Keywords: Apache MySQL xml Javascript

Added by kujtim on Wed, 22 Jan 2020 11:12:52 +0200