article in Tech
linux-unix-and-friends
Apache and LAMP Notes
Apache is a great webserver. It does the job very well. It has a lot of modules and configuration options. It isn't a small implementation, but it is a good one.
Welcome! - The Apache HTTP Server Project
I usually build apache from source. However, on windows, I like to install the LAMP stack installers...there are many. It is nice because they include a lot of other things like Mysql, PHP, PERL, mingw, etc. For Perl and mod_perl, you need to install an add-on.
apache friends - xampp for windows
Rob’s Notebook » XAMPP - misc documents relating to XAMPP (like securing it)
Build apache from subversion
#!/bin/bash
svn checkout http://svn.apache.org/repos/asf/httpd/httpd/trunk/ http.trunk
cvs -d :pserver:cvsread@cvs.php.net:/repository checkout -d php5.2 -r PHP_5_2 php5
SSL Setup
The Linux Titbits - Sign your own certificate with OpenSSL
5 easy tips to accelerate SSL – Unhandled expression
Note: you can not run multiple virtual hosts on the same IP. You must have a separate IP and or Port for this to work. This is because SSL is wrapping the HTTP proto. I've hyperlinked some info about this in the SSL/TLS Strong Encryption: FAQ, by the way, you really should read the FAQ before you waste your afternoon.
Also, if you are interested in reading more on the problems with name based SSL hosting read this.
A good read on things you can do with the openssl tools. Real-world uses for OpenSSL
Creating new SSL certs is a straight forward process (valid for 10 years).
openssl req -new -x509 -sha1 -days 3560 -nodes -out server.crt -keyout server.key
These files are not encrypted by default and don't have a pass phrase, so Apache will restart without requesting a password.
You may create a wildcard SSL certificate which covers many subdomains (*.mydomain.com). This is nice for when you want to have a single SSL cert that can cover multiple hosts (using one IP)... I have heard rumors that it doesn't work in all browsers... but I haven't run into any issues with it.
Apache Out Of Control
Apache sometimes acts up on my systems... I still have yet to figure out why this is.... but I've at least found a solution that gets my machine up and runnning.
Sometimes I login to find MANY httpd processes running zombied or non-responsive. I quickly try to shut down the service using the service scripts, however, the httpd processes stick around. Then I do a trusty killall httpd in hopes that will take care of it. Many times I've had to even set a -9 level for the kill to actually work.
Then, you should make sure to clean up the lock files as well as the semaphores left hanging.
The lock file comes first, delete /var/lock/subsys/httpd. If you don't do this, you might get the error "httpd dead but subsys locked".
Then list all the semaphores by the user that runs as apache.
ipcs -s | grep apache
If there are a bunch of random open semaphores owned by the apache user, then delete them with the following command.
ipcs -s | grep apache | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'
If you don't do this, you run the risk of allowing apache to eat up all your system semaphores which leads to errors like "no space on device", which is very hard to understand at first because your first thought is.... I have space on the drive!!!
Web Resources
Apache2, WebDAV, SSL and MySQL: Life In The Fast Lane
Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader) | HowtoForge - Linux Howtos and Tutorials
CAPTCHA
Doesn't really belong here, but i dunno where else to put it.
reCAPTCHA: Stop Spam, Read Books
PHP CAPTCHA Library for reCAPTCHA
ImageShield as CAPTCHA - VidoopSecure Strong Authentication Demo
mod_rewrite
.htaccess tricks and tips.. part two: url rewriting with mod rewrite.
mod_python | ThoughtSpark.org - has some mod_python code to do auth in python...
Apache Log Management
Apache will log to a single file if you ask it to. Backing up log files can be problematic. Managing log files requires careful consideration.
rotatelogs - Piped logging program to rotate Apache logs - Apache HTTP Server
cronolog - The cronolog package consists of two programs: cronolog and cronosplit.
Changing Apache log rotation behaviour on CentOS / RHEL - (uses logrotate)default install of CentOS or Red Hat Enterprise Linux, the log rotation script will automatically rotate the Apache log file each day and then reload the httpd service. This post looks at how to prevent this action from occuring automatically, or to change the behaviour to rotate the log files if your naming convention for log files is different from the default.
Apache Log Rotation « Sachin’s Weblog - talks a bit about rotatelogs...
Rotating Apache log files using Cronolog - Night Dreaming (by Sudar)
OutOfOrder.cc :: mod_log_sql - mod_log_sql is a logging module for Apache 1.3 and 2.0 which logs all requests to a database.
Writing Apache's Logs to MySQL - O'Reilly Media
Analog: WWW logfile analysis
awk - How to split existing apache logfile by month? - Stack Overflow - awk, that's how.
linux - How to split apache logfile per Month - Webmasters Stack Exchange - this one suggests awk and csplit.
HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples
Steve.org.uk - asql - Apache SQL querying
Apache Performance
Basic Apache Performance Tips « hurikhan’s Thoughts - interesting to note on this list... 2) Combine your per-vhost logging into one monolithic site-wide log file, 3) Use piped logging instead of direct file logging.
Diego Benna's Blog: Knowledge Base - Apache Optimization
Restart apache with vengeance
#!/bin/bash
# This script kills and restarts apache
# I should NOT have to do this! Why is apache crashing?!
/sbin/service httpd stop
killall -9 httpd
killall -9 httpd
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
/sbin/service httpd start
Deploying mod_spnego | Cats and Code - Apache Kerberos/SPNEGO module
mod_pagespeed
touch /var/cache/mod_pagespeed/cache.flush
mod_pagespeed - Make the Web Faster — Google Developers
How to install mod_pagespeed on Ubuntu | I Am Aaron Shafovaloff - wget;dpkg -i mod-pagespeed*.deb;vi /etc/apache2/mods-available/pagespeed.conf
mod_pagespeed as a proxy for your phone | Frank DENIS random thoughts.
Mobile browsing & content optimization | Vincent Bernat
Moving mod_pagespeed's file-based cache into RAM | kieranbarnes
Apache Security
Apache Binary Backdoors on Cpanel-based servers | Sucuri Blog
Linux/Cdorked.A - A new Apache backdoor is being used in the wild to serve Blackhole
Web Server Abuse Detection Script @ Calomel.org
mod_security
Category:OWASP ModSecurity Core Rule Set Project - OWASP
Mod_Security .htaccess tricks
modsecurity 2.1.3 Configuration Directives
ModSecurity Advanced Topic of the Week: (Updated) Exception Handling - SpiderLabs Anterior
How to disable ModSecurity rules for Drupal and Wordpress | How To | The Fan Club | dynamic design solutions
How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server | How To | The Fan Club | dynamic design solutions
Ubuntu 12.04 Precise LTS: Install ModSecurity for Apache 2 web server
Install apache2 mod_security and mod_evasive on Ubuntu 12.04 Design and Development Agency based in Palma de Mallorca - Ma-No Web Design and Development
mod_evasive
mod_evasive | Jonathan Zdziarski's Domain - mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.
perl apache
Plack::Handler::Apache2 - search.cpan.org
Prevent and survive DoS/DDoS attacks with Apache and mod_evasive | kieranbarnes
Limit Apache requests per IP Address with mod_limitipconn | kieranbarnes - mod_limitipconn.c
NTLM auth
NTLM authenticates each TCP connection. So it is important to turn KeepAlive On.
The NTLM Authentication Protocol and Security Support Provider
Security Watch: The Most Misunderstood Windows Security Setting of All Time - NTLM version 2 (NTLMv2) and the LMCompatibilityLevel setting that governs it.
Apache2::AuthenNTLM - search.cpan.org
Setting Up NTLM on Ubuntu 9.10 « Emporium of Uselessness - sudo apt-get install libapache2-authenntlm-perl
Ridiculously simple NTLM Authentication for Apache (Ubuntu) | kieranbarnes - another apt-get install libapache2-authenntlm-perl
NTLM Authentication (Active Directory) on Apache (Linux) | kieranbarnes - using ntlm_winbind_module
Apache2::AuthenNTLM::Cookie - search.cpan.org - in order to improve performance, the present module saves the result of that handshake in a cookie, so that the next request gets an immediate answer.
Legrandin/PyAuthenNTLM2 - PyAuthenNTLM2 is an authentication module for Apache. It validates a user by means of the NTLM protocol and a separate Domain Controller (or Active Directory server).
Tiny drops of knowledge: NTLM authentication and Firefox - about:config add url to ntlm-auth.trusted-uris.
perl - Apache2::AuthenNTLM connects to Domain controller but does not authenticate - Server Fault - Apache2::AuthenNTLM apparently doesn't support v2?
NTLM authentication with Drupal+Apache+Linux | In just five minutes… - again walk through of ntlmv1 but also includes screen caps of "LAN Manager Authentication Level" to "Send LM & NTLM responses"
mod_xsendfile for Apache2/Apache2.2
SPDY || mod_spdy || speedier secure https
SPDY (pronounced speedy) actually runs over https protocol, so it is transparent to users with spdy support. if you're interested in the specifics; it seems they are in Google Technical Note - TLS Next Protocol Negotiation SPDY requires the use of SSL/TLS, and does not support operation over plain HTTP.
SPDY - Wikipedia
SPDY: An experimental protocol for a faster web - The Chromium Projects - Multiplexed streams, Request prioritization, HTTP header compression,
mod-spdy - Apache SPDY module - Google Project Hosting
Using mod_spdy With Apache2 On Ubuntu 12.04 | HowtoForge - Linux Howtos and Tutorials
chrome://net-internals/#spdy - is u spdy fast? is you am a dog?
Can I use SPDY networking protocol - Compatibility table for support of SPDY networking protocol in desktop and mobile browsers.
Liip Blog // This site now runs on SPDY
header Alternate-Protocol: 443:npn-spdy/2 and rewrite rules are ways to advertise:
RewriteCond %{HTTP_USER_AGENT} Firefox\/[0-9]{2}\.
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/*(.*)$ https://blog.liip.ch/$1 [L,R=301]
Created: 2006-01-06 01:36:34
Modified: 2014-06-25 21:24:47