前端nginx代理设置:
后端apache设置:
就可以接收到源ip了。
apache日志中默认有%h来指定来访客户端你的ip地址,但是如果客户端使用了代理上网则%h获得的ip地址会不准。可以设定 X-Forwarded-For 参数来获取客户端真实的ip地址
对于使用了反向代理的客户端,跟踪真实的ip地址
netstat -n | awk ‘/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}’
状态:描述
CLOSED:无连接是活动的或正在进行
LISTEN:服务器在等待进入呼叫
SYN_RECV:一个连接请求已经到达,等待确认
SYN_SENT:应用已经开始,打开一个连接
ESTABLISHED:正常数据传输状态
FIN_WAIT1:应用说它已经完成
FIN_WAIT2:另一边已同意释放
ITMED_WAIT:等待所有分组死掉
CLOSING:两边同时尝试关闭
TIME_WAIT:另一边已初始化一个释放
LAST_ACK:等待所有分组死掉
在相对大 的网站,节约下来的服务器成本无疑是客观的。而有些小型网站往往服务器不多,如果采用 Apache 这类传统 Web 服务器,似乎也还能撑 过去。但有其很明显的弊端: Apache 在处理流量爆发的时候(比如爬虫或者是 Digg 效应) 很容易过载,这样的情况下采用 Nginx 最为合适。
建议方案:
Apache 后台服务器(主要处理php及一些功能请求 如:中文url)
Nginx 前端服务器(利用它占用系统资源少得优势来处理静态页面 大量请求)
Lighttpd 图片服务器
总体来说,随着nginx功能得完善将使他成为今后web server得主流。
ApacheBench is one of the most common programs used to benchmark web servers.
By default apachebench will run using HTTP/1.0 requests and without compression enabled even if the tested server supports that.
For example:
Apache is one complex piece of software, that contains many features most people are normally not using. You can do so many things with apache outside of the default configurations, and I am not going to discuss today about an external module, but about the plain old mod_log_config.
Normally most people will use for apache logging the combined LogFormat, and will not even think there will be other possible additions to that. This normally looks like:
and it contains most of the information we would like to see in the logs. Still there are many other information we can include here… just see below for the full list.
Description: How to disable the HTTP TRACE method on recent apache versions.
Most vulnerability scanners (like the popular nessus, but commercial ones also) will complain (normally as a low thread or warning level) about TRACE method being enabled on the web server tested.
Normally you will have this enabled by default, but if you want to test if it is really enabled on your server you just have to telnet on the port your web server is running and request for “TRACE / HTTP/1.0” if you get a positive reply it means TRACE is enabled on your system. The output of a server with TRACE enabled will look like: