-2

我在我的一个网站(称为此处)上使用 awstats 工具(CGI 脚本)、图标和相关的直方图条时遇到了困难website.com

这个问题非常棘手,因为我使用不同的 RewriteCond 和 RewriteRules 来http://www.website.com, http://website.com, https://www.website.com重定向到https://website.com目标。

此外,任务更复杂,因为我在 Apache 之后有一个 Zope 服务器。

因此,总而言之,在下面所有这些 rewritecond 和 rewriterules 产生预期的结果,即所有重定向到工具https://website.com并通过密码访问awstats工具。awstats一切工作正常,除了图标和直方图在加载后者后主页中丢失的事实:

<VirtualHost *:443>

    # Test local
    ServerAdmin admin@website.com
    ServerName website.com
    ServerAlias www.website.com 

    # LOG
    CustomLog /var/log/apache2/access.log combined

    # ACTIVATE SSL
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem

    RewriteEngine On
    # www to non www for HTTPS
    # checking for the same thing again
    RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
    # some people might argue second redirect here is excessive since you already arrived at correct host, but I'd leave this for you to sort out
    RewriteRule ^/(.*) https://website.com/$1 [R=301,L] 
    # your /cgi-bin checks can be merged into one regex 
    RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
    RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    #CacheDisable *

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    Alias /awstatsclasses "/usr/share/awstats/lib/"
    Alias /awstats-icon "/usr/share/awstats/icon/"
    Alias /awstatscss "/usr/share/fdoc/awstats/examples/css"

<Files "awstats.pl">
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        SetHandler cgi-script
        Satisfy any
        Order deny,allow
        Deny from all
        AuthType Basic
        AuthName "Advanced Web Statistics"
        AuthUserFile /etc/apache2/awstats-users.pwd
        Require valid-user
</Files>

<Directory "/usr/share/awstats/icon">
        AllowOverride None
        Order allow,deny
        Allow from all
</Directory>

<Directory "/usr/lib/cgi-bin/">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
        SSLRequireSSL
</Directory>

</VirtualHost>

我不是 CGI 脚本及其别名方面的专家。所有图标都位于/usr/share/awstats/icon/目录中。

我的错误在哪里?

更新 1:

0)我意识到这似乎没有必要,但是对于Alias /awstatsclasses "/usr/share/awstats/lib/", 这是必要的。Alias /awstatscss "/usr/share/doc/awstats/examples/css"Alias /awstats-icon "/usr/share/awstats/icon/"

但是,这是一个问题,CSS但我认为最重要的文件是图标的目录。

1) 我找到并安装awstats_7.6Debian 10 Buster.

现在,所有文件(插件、lib、lang 等)都位于/usr/share/awstats/

目前,我从Apache2日志中获得了更多信息。当我重新加载awstats页面(可从 访问https://website.com/cgi-bin/awstats.pl)时,我进入access.log

    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/browser/notavailable.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/hx.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    100.87.10.76 - - [02/Apr/2020:01:20:06 +0200] "GET /awstats-icon/other/he.png HTTP/1.1" 404 434 "https://website.com/cgi-bin/awstats.pl?framename=mainright" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"
    ... etc

我已经说明etc了所有缺少的图标列表。

2)此外,一旦我加载 awstats 主页,我就会在顶部显示此消息:

在此处输入图像描述

结论:我不知道该尝试什么了。但是,从1)上面的部分来看,我已经在 Apache2 配置文件中明确指出:

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstats-icon "/usr/share/awstats/icon"

有权限:

drwxr-xr-x 9 www-data www-data 4096 Apr  2 16:25 /usr/share/awstats/icon/

3)最后,我认为最有趣的信息来自error.logApache2 :

[Thu Apr 02 01:37:04.344047 2020] [proxy:debug] [pid 19209] proxy_util.c(2578): [client 100.87.10.76:40246] AH00947: connected /++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Thu Apr 02 01:37:04.600404 2020] [proxy:debug] [pid 19209] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)

Virtualhost from Zope这显示了 path of和CGI scriptsfrom之间的冲突Apache2,尤其是第一行:

/++vh++https:website.com:443/++/awstats-icon/other/hh.png to localhost:8443, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

您如何看待所有这些线索?

更新 2:根据 的建议@Tom Hundt,我对日志重写进行了更深入的分析。以下是我加载awstats主页时得到的结果。

[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057093 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057107 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] rewrite '/awstats-icon/other/hx.png' -> 'https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057120 2020] [rewrite:trace2] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] forcing proxy-throughput with https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png, referer: https://website.com/cgi-bin/awstats.pl?framename=mainright
[Sun Apr 05 16:17:01.057131 2020] [rewrite:trace1] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] go-ahead with proxy request proxy:https://localhost:8443/++vh++https:website.com:443/++/awstats-icon/other/hx.png [OK], referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

似乎有趣的一行是:

[Sun Apr 05 16:17:01.057073 2020] [rewrite:trace3] [pid 25288] mod_rewrite.c(483): [client 31.11.12.101:51422] 31.11.12.101 - - [website.com/sid#7fa0b5d01d98][rid#7fa0ba0930a0/initial] applying pattern '^/(.*)' to uri '/awstats-icon/other/hx.png', referer: https://website.com/cgi-bin/awstats.pl?framename=mainright

表示模式'^/(.*)'应用于uri '/awstats-icon/other/hx.png'

所以我得出结论,我的问题从一开始就来自于我在带有 cgi-bin 目录的 URL 上应用的重写规则,即当我这样做时:

RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*)  RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

你同意吗 ?

4

3 回答 3

1

您当前的配置在此处使用 RewriteCond 阻止 /cgi-bin/ 的代理:

RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

您还需要将 /awstats* 短路,这样它们就不会被代理为 zope 废话。
默认情况下,多个条件是 AND 的,因此很容易:

RewriteCond %{REQUEST_URI} !^/awstats [NC]
RewriteCond %{REQUEST_URI} !^/cgi-bin/(search|awstats) [NC]
RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
于 2020-04-12T21:27:39.113 回答
-1

mod_rewrite建议:暂时开启日志记录。

投入http.conf

LogLevel alert rewrite:trace3

然后(可选)在你的shell中你可以做

tail -f error_log|fgrep '[rewrite:'

帮助弄清楚发生了什么。

于 2020-04-04T22:57:34.717 回答
-1

我想你忘记了quotes,如果这不能解决你的问题,请检查 apacheerror log

Alias "/awstatsclasses" "/usr/share/awstats/lib/"
Alias "/awstats-icon" "/usr/share/awstats/icon/"
Alias "/awstatscss" "/usr/share/doc/awstats/examples/css"
于 2020-04-01T13:55:14.730 回答