"hello world"
article in Tech linux-unix-and-friends

Apache and LAMP Notes

Apache is a great webserver. It does the job very well. It has a lot of modules and configuration options. It isn't a small implementation, but it is a good one.
Welcome! - The Apache HTTP Server Project

I usually build apache from source. However, on windows, I like to install the LAMP stack installers...there are many. It is nice because they include a lot of other things like Mysql, PHP, PERL, mingw, etc. For Perl and mod_perl, you need to install an add-on.
apache friends - xampp for windows
Rob’s Notebook » XAMPP - misc documents relating to XAMPP (like securing it)

Build apache from subversion

svn checkout http://svn.apache.org/repos/asf/httpd/httpd/trunk/ http.trunk
cvs -d :pserver:cvsread@cvs.php.net:/repository checkout -d php5.2 -r PHP_5_2 php5

SSL Setup

The Linux Titbits - Sign your own certificate with OpenSSL
5 easy tips to accelerate SSL – Unhandled expression
Note: you can not run multiple virtual hosts on the same IP.  You must have a separate IP and or Port for this to work.  This is because SSL is wrapping the HTTP proto.  I've hyperlinked some info about this in the SSL/TLS Strong Encryption: FAQ, by the way, you really should read the FAQ before you waste your afternoon.

Also, if you are interested in reading more on the problems with name based SSL hosting read this.
A good read on things you can do with the openssl tools.  Real-world uses for OpenSSL

Creating new SSL certs is a straight forward process (valid for 10 years).
openssl req -new -x509 -sha1 -days 3560 -nodes -out server.crt -keyout server.key

These files are not encrypted by default and don't have a pass phrase, so Apache will restart without requesting a password.

You may create a wildcard SSL certificate which covers many subdomains (*.mydomain.com).  This is nice for when you want to have a single SSL cert that can cover multiple hosts (using one IP)... I have heard rumors that it doesn't work in all browsers... but I haven't run into any issues with it.

Apache Out Of Control

Apache sometimes acts up on my systems... I still have yet to figure out why this is.... but I've at least found a solution that gets my machine up and runnning.

Sometimes I login to find MANY httpd processes running zombied or non-responsive.  I quickly try to shut down the service using the service scripts, however, the httpd processes stick around.  Then I do a trusty killall httpd in hopes that will take care of it.  Many times I've had to even set a -9 level for the kill to actually work.

Then, you should make sure to clean up the lock files as well as the semaphores left hanging.

The lock file comes first, delete /var/lock/subsys/httpd.  If you don't do this, you might get the error "httpd dead but subsys locked".

Then list all the semaphores by the user that runs as apache.
ipcs -s | grep apache

If there are a bunch of random open semaphores owned by the apache user, then delete them with the following command.
ipcs -s | grep apache |  perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'

If you don't do this, you run the risk of allowing apache to eat up all your system semaphores which leads to errors like "no space on device", which is very hard to understand at first because your first thought is.... I have space on the drive!!!

Web Resources

Apache2, WebDAV, SSL and MySQL: Life In The Fast Lane
Apache2-SSL-PHP5-Howto (+ Zend Optimizer And IonCube Loader) | HowtoForge - Linux Howtos and Tutorials


Doesn't really belong here, but i dunno where else to put it.
reCAPTCHA: Stop Spam, Read Books
ImageShield as CAPTCHA - VidoopSecure Strong Authentication Demo


.htaccess tricks and tips.. part two: url rewriting with mod rewrite.

mod_python | ThoughtSpark.org - has some mod_python code to do auth in python...

Apache Log Management

Apache will log to a single file if you ask it to. Backing up log files can be problematic. Managing log files requires careful consideration.
rotatelogs - Piped logging program to rotate Apache logs - Apache HTTP Server
cronolog - The cronolog package consists of two programs: cronolog and cronosplit.
Changing Apache log rotation behaviour on CentOS / RHEL - (uses logrotate)default install of CentOS or Red Hat Enterprise Linux, the log rotation script will automatically rotate the Apache log file each day and then reload the httpd service. This post looks at how to prevent this action from occuring automatically, or to change the behaviour to rotate the log files if your naming convention for log files is different from the default.
Apache Log Rotation « Sachin’s Weblog - talks a bit about rotatelogs...
Rotating Apache log files using Cronolog - Night Dreaming (by Sudar)
OutOfOrder.cc :: mod_log_sql - mod_log_sql is a logging module for Apache 1.3 and 2.0 which logs all requests to a database.
Writing Apache's Logs to MySQL - O'Reilly Media
Analog: WWW logfile analysis
awk - How to split existing apache logfile by month? - Stack Overflow - awk, that's how.
linux - How to split apache logfile per Month - Webmasters Stack Exchange - this one suggests awk and csplit.
HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples
Steve.org.uk - asql - Apache SQL querying

Apache Performance

Basic Apache Performance Tips « hurikhan’s Thoughts - interesting to note on this list... 2) Combine your per-vhost logging into one monolithic site-wide log file, 3) Use piped logging instead of direct file logging.
Diego Benna's Blog: Knowledge Base - Apache Optimization

Restart apache with vengeance

# This script kills and restarts apache
# I should NOT have to do this!  Why is apache crashing?!
/sbin/service httpd stop
killall -9 httpd
killall -9 httpd
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
ipcs -s | grep apache | perl -e 'while ( ) { @a=split(/\s+/); print `ipcrm -s $a[1]`}'
/sbin/service httpd start

Deploying mod_spnego | Cats and Code - Apache Kerberos/SPNEGO module


touch /var/cache/mod_pagespeed/cache.flush
mod_pagespeed - Make the Web Faster — Google Developers
How to install mod_pagespeed on Ubuntu | I Am Aaron Shafovaloff - wget;dpkg -i mod-pagespeed*.deb;vi /etc/apache2/mods-available/pagespeed.conf
mod_pagespeed as a proxy for your phone | Frank DENIS random thoughts.
Mobile browsing & content optimization | Vincent Bernat
Moving mod_pagespeed's file-based cache into RAM | kieranbarnes

Apache Security

Apache Binary Backdoors on Cpanel-based servers | Sucuri Blog
Linux/Cdorked.A - A new Apache backdoor is being used in the wild to serve Blackhole
Web Server Abuse Detection Script @ Calomel.org


Category:OWASP ModSecurity Core Rule Set Project - OWASP
Mod_Security .htaccess tricks
modsecurity 2.1.3 Configuration Directives
ModSecurity Advanced Topic of the Week: (Updated) Exception Handling - SpiderLabs Anterior
How to disable ModSecurity rules for Drupal and Wordpress | How To | The Fan Club | dynamic design solutions
How to install apache2 mod_security and mod_evasive on Ubuntu 12.04 LTS server | How To | The Fan Club | dynamic design solutions
Ubuntu 12.04 Precise LTS: Install ModSecurity for Apache 2 web server
Install apache2 mod_security and mod_evasive on Ubuntu 12.04 Design and Development Agency based in Palma de Mallorca - Ma-No Web Design and Development


mod_evasive | Jonathan Zdziarski's Domain - mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.

perl apache

Plack::Handler::Apache2 - search.cpan.org
Prevent and survive DoS/DDoS attacks with Apache and mod_evasive | kieranbarnes
Limit Apache requests per IP Address with mod_limitipconn | kieranbarnes - mod_limitipconn.c

NTLM auth

NTLM authenticates each TCP connection. So it is important to turn KeepAlive On.
The NTLM Authentication Protocol and Security Support Provider
Security Watch: The Most Misunderstood Windows Security Setting of All Time - NTLM version 2 (NTLMv2) and the LMCompatibilityLevel setting that governs it.
Apache2::AuthenNTLM - search.cpan.org
Setting Up NTLM on Ubuntu 9.10 « Emporium of Uselessness - sudo apt-get install libapache2-authenntlm-perl
Ridiculously simple NTLM Authentication for Apache (Ubuntu) | kieranbarnes - another apt-get install libapache2-authenntlm-perl
NTLM Authentication (Active Directory) on Apache (Linux) | kieranbarnes - using ntlm_winbind_module
Apache2::AuthenNTLM::Cookie - search.cpan.org - in order to improve performance, the present module saves the result of that handshake in a cookie, so that the next request gets an immediate answer.
Legrandin/PyAuthenNTLM2 - PyAuthenNTLM2 is an authentication module for Apache. It validates a user by means of the NTLM protocol and a separate Domain Controller (or Active Directory server).
Tiny drops of knowledge: NTLM authentication and Firefox - about:config add url to ntlm-auth.trusted-uris.
perl - Apache2::AuthenNTLM connects to Domain controller but does not authenticate - Server Fault - Apache2::AuthenNTLM apparently doesn't support v2?
NTLM authentication with Drupal+Apache+Linux | In just five minutes… - again walk through of ntlmv1 but also includes screen caps of "LAN Manager Authentication Level" to "Send LM & NTLM responses"

mod_xsendfile for Apache2/Apache2.2

SPDY || mod_spdy || speedier secure https

SPDY (pronounced speedy) actually runs over https protocol, so it is transparent to users with spdy support. if you're interested in the specifics; it seems they are in Google Technical Note - TLS Next Protocol Negotiation SPDY requires the use of SSL/TLS, and does not support operation over plain HTTP.
SPDY - Wikipedia
SPDY: An experimental protocol for a faster web - The Chromium Projects - Multiplexed streams, Request prioritization, HTTP header compression,
mod-spdy - Apache SPDY module - Google Project Hosting
Using mod_spdy With Apache2 On Ubuntu 12.04 | HowtoForge - Linux Howtos and Tutorials
chrome://net-internals/#spdy - is u spdy fast? is you am a dog?
Can I use SPDY networking protocol - Compatibility table for support of SPDY networking protocol in desktop and mobile browsers.
Liip Blog // This site now runs on SPDY
header Alternate-Protocol: 443:npn-spdy/2 and rewrite rules are ways to advertise:
RewriteCond  %{HTTP_USER_AGENT}  Firefox\/[0-9]{2}\.    
RewriteCond  %{SERVER_PORT}  ^80$   
RewriteRule ^/*(.*)$ https://blog.liip.ch/$1 [L,R=301]  
Created: 2006-01-06 01:36:34 Modified: 2014-06-25 21:24:47
/root sections/
>peach custard pie
>random tech

moon and stars

My brain

Visible Dave Project

destory this webpage; if you will.