WebSocks is supported by Apache starting at version 2.4.xx. Here are some minimal configuration for Apache 2.4.xx. in Ubuntu 14.04.x Install the proper modules: a2enmod proxy a2enmod proxy_wstunnel Configure the VirtualHost (only the WebSock part is shown here) # Make sure the backend server gets the right URL in ‘Location:’ http Header ProxyPreserveHost On # …
Category: Apache
Apache 1.3 and 2.x Tips and tricks
Customizing apache2-suexec-custom
Apache2 Suexec module comes with at least 2 flavors in many distributions of Linux. – apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec – apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec Many times when I’ve been trying to use the standard mod_suexec with mod_fcgi (useful for WordPress installations),the mod_suexec complains that the …
Installing VSFTPD for FTP-SSL web sites upload on Ubuntu
In order to force an exclusive use of the SSL/TLS connectivity to users here is how to install it: Note: This tutorial was base from this site: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps Install the vsftpd package sudo apt-get install vsftpd Edit the /etc/vsftpd.conf configuration file and add the following at the end of the file or alternatively adapt the …
Selectively blocking / redirecting HTTP requests per country of origin with Apache
If you need to block or redirect requests that are originated from certain countries, here is a good method using geoIP information. Install the GeoIP binaries and Apache module: apt-get install geoip-bin libgeoip1 libapache2-mod-geoip a2enmod geoip service apache2 restart Example of blocking requests from germby(DE) in a VirtualHost configuration: SetEnvIf GEOIP_COUNTRY_CODE DE BlockCountry Deny from …
phpmyadmin: The mcrypt extension is missing. Please check your PHP configuration.
This was the error message I got in PhpMyadmin in Ubuntu 14.04-2. The mcrypt extension is missing. Please check your PHP configuration. So I found the following solution in: http://askubuntu.com/questions/460837/mcrypt-extension-is-missing-in-14-04-server-for-mysql/477608#477608 First, I’m not really sure that this directory needs to be created, but since it’s in php.ini configuration, I’d rather make sure all will work …
Using CURL for sending crafted HTTP POST authenticated queries
CHALLENGE: I came across a situation where I needed to send an HTTP request using the POST method with some POST data but after I have authenticated with name and password. SOLUTION:(using curl tool) The trick here is to preserve the SESSIONID of the authenticated response for the second POST request. EXAMPLE: I needed to …
Monitoring latency time of http requests
Here is a simple but useful command which shows the latency time of http requests. You can adjust the delay between repeats as well as the URL being queried. Reference: http://www.shellhacks.com/en/Check-a-Website-Response-Time-from-the-Linux-Command-Line host=”www.google.de”; delay=5; while true ; do echo -n “Response time for http://$host:” ;curl -s -w %{time_total}\\n -o /dev/null http://$host ;sleep $delay; done Results: Response …
Proxy Rewrite to an URL with a non valid Cert
If we do a Proxy Rewrite to an URL with a non valid Cert, we have to deactivate the SSL validation in the vhost where the Proxy Rewrite resides as follows: SSLProxyEngine On SSLProxyVerifyDepth 0
Verifying a SSL certificate chain
In order to see if an SSL web site has the proper SSL Certificate chain, this simple command can help: echo “” | openssl s_client -showcerts -servername web.site.com -connect web.site.com:443 -CApath /etc/ssl/certs/ Example: echo ” ” | openssl s_client -showcerts -servername tipstricks.itmatrix.eu -connect tipstricks.itmatrix.eu:443 -CApath /etc/ssl/certs Result:(most important extract from full result) CONNECTED(00000003) depth=2 C …
Dump only headers of HTTP request and response
In roder to only get the headers of any HTTP request and response here is a smal command that does it well: Eg. curl -sv http://my.website.com/index.html >/dev/null
ModSecurity: Rules must have at least id action
After compiling ModSecurity 2.8.0 with Apache 2.4.10 I got the the folowing error when trying to start Apache2: ModSecurity: Rules must have at least id action After Google-ing it I found this site that explains what went wrong: https://evilazrael.de/content/modsecurity-rules-must-have-least-id-action According to this site the labeling(identification) of the rules was optional till the version 2.7.0, after …
Changing the domain name of WordPress
SITUATION: You’ve had a WordPress site since a while and want to change its URL by which it is called. WordPress needs to have a constant URL to be able to work. If you just configure the web server to use another URL, it won’t work. The original URL stored in your WordPress database, which …
Dynamically change Apache response content
Although the example below doesn’t quite represent a very good one in terms of real life problem, nevertheless it shows how to implement a dynamic web server response content modification. These replacements are done in application server responses before they leave Apache web server. In this example we are dynamically replacing parts of the URI …
Creating a XEN machine and Installing Group Office in Debian Wheezy
Introduction In this Tutorial I will explain the steps I did to create a Xen Virtual Machine with minimal packages and then install the latest Group Office Web based Collaboration software. You’ll need to be fluent in Linux and Xen because I don’t explain much here. Note: My hypervisor is Xen 4.0 in Debian Squeeze …
vhosts calling themselves behind load balancer
PROBLEM: If a virtualhost configured behind a load balancer originated http/https, requests using the proxy module in destination to the Internet IP of the virtual host, the route of the packet would then have to be: Vhost ==ProxyModule==>> LoadBalancer ==>> Loop to itself ==>> Vhost For technical reasons I needed to avoid this route. This …
Some tools for SSL certificates
Checking that a certificate is paired to the key Example: openssl rsa -noout -modulus -in mycert.key |openssl md5 33c63cb62080fdf2bc06c47a59e02917 openssl x509 -noout -modulus -in mycert.crt |openssl md5 33c63cb62080fdf2bc06c47a59e02917 Both results should be the same Generating a certificate for VSFTP openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem Creating a self signed …
Limiting connections per Virtual Host with mod_bw
Introduction: In order to limit the number of simultaneous connections to a Web server (for the whole server) the following Core directive is used in our Live web servers, limiting it to 2000 simultaneous connections per web server. MaxClients 2000 In the case of wanting to limit the number of simultaneous connections per VirtualHost we …
Redirect POST requests
Since quite a while it was not possible to use the Apache mod_rewrite to redirect POST resquests. After the browser received a redirect response code 301(permanent) or 302(temporary) from a POST request it redirected the request to the new URL but using a GET method. After research I found out that since some time the …
php5-cgi fills up memory, too many processes.
Problem Description: I just solved a strange situation where peu-à-peu the number of php5-cgi processes kept on increasing till all the RAMS were used and the system went to a crawl no more responding to web requests. Cause: After the maximum number of requests got reached for a php5-cgi requests the process gets detached from …
Verifying Web Server certificates
In the world of so many types and variations of available certificates it is sometimes difficult to be sure that the components of a certificate are fitting together. For this purposes here are some commands that will help. Verifying the a certificate chain Whether the certificates are WEB certificates or CA(Certificate of Authority) all the …