Category: Apache

Apache 1.3 and 2.x Tips and tricks

Apache, Linux

Configuring Apache to handle WebSocks

WebSocks is supported by Apache starting at version 2.4.xx. Here are some minimal configuration for Apache 2.4.xx. in Ubuntu 14.04.x Install the proper modules: a2enmod proxy a2enmod proxy_wstunnel Configure the VirtualHost (only the WebSock part is shown here) # Make sure the backend server gets the right URL in ‘Location:’ http Header ProxyPreserveHost On # …

Apache, Linux, Wordpress

Customizing apache2-suexec-custom

Apache2 Suexec module comes with at least 2 flavors in many distributions of Linux. – apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec – apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec Many times when I’ve been trying to use the standard mod_suexec with mod_fcgi (useful for WordPress installations),the mod_suexec complains that the …

Apache, Linux, Security

Installing VSFTPD for FTP-SSL web sites upload on Ubuntu

In order to force an exclusive use of the SSL/TLS connectivity to users here is how to install it: Note: This tutorial was base from this site: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps Install the vsftpd package sudo apt-get install vsftpd Edit the /etc/vsftpd.conf configuration file and add the following at the end of the file or alternatively adapt the …

Apache, Linux

Selectively blocking / redirecting HTTP requests per country of origin with Apache

If you need to block or redirect requests that are originated from certain countries, here is a good method using geoIP information. Install the GeoIP binaries and Apache module: apt-get install geoip-bin libgeoip1 libapache2-mod-geoip a2enmod geoip service apache2 restart Example of blocking requests from germby(DE) in a VirtualHost configuration: SetEnvIf GEOIP_COUNTRY_CODE DE BlockCountry Deny from …

Apache, Linux

phpmyadmin: The mcrypt extension is missing. Please check your PHP configuration.

This was the error message I got in PhpMyadmin in Ubuntu 14.04-2. The mcrypt extension is missing. Please check your PHP configuration. So I found the following solution in: http://askubuntu.com/questions/460837/mcrypt-extension-is-missing-in-14-04-server-for-mysql/477608#477608 First, I’m not really sure that this directory needs to be created, but since it’s in php.ini configuration, I’d rather make sure all will work …

Apache, Linux, Monitoring, NGinX

Using CURL for sending crafted HTTP POST authenticated queries

CHALLENGE: I came across a situation where I needed to send an HTTP request using the POST method with some POST data but after I have authenticated with name and password. SOLUTION:(using curl tool) The trick here is to preserve the SESSIONID of the authenticated response for the second POST request. EXAMPLE: I needed to …

Apache, Bash, Linux, Monitoring, NGinX

Monitoring latency time of http requests

Here is a simple but useful command which shows the latency time of http requests. You can adjust the delay between repeats as well as the URL being queried. Reference: http://www.shellhacks.com/en/Check-a-Website-Response-Time-from-the-Linux-Command-Line host=”www.google.de”; delay=5; while true ; do echo -n “Response time for http://$host:” ;curl -s -w %{time_total}\\n -o /dev/null http://$host ;sleep $delay; done Results: Response …

Apache, Linux, NGinX

Verifying a SSL certificate chain

In order to see if an SSL web site has the proper SSL Certificate chain, this simple command can help: echo “” | openssl s_client -showcerts -servername web.site.com -connect web.site.com:443 -CApath /etc/ssl/certs/ Example: echo ” ” | openssl s_client -showcerts -servername tipstricks.itmatrix.eu -connect tipstricks.itmatrix.eu:443 -CApath /etc/ssl/certs Result:(most important extract from full result) CONNECTED(00000003) depth=2 C …

Apache

ModSecurity: Rules must have at least id action

After compiling ModSecurity 2.8.0 with Apache 2.4.10 I got the the folowing error when trying to start Apache2: ModSecurity: Rules must have at least id action After Google-ing it I found this site that explains what went wrong: https://evilazrael.de/content/modsecurity-rules-must-have-least-id-action According to this site the labeling(identification) of the rules was optional till the version 2.7.0, after …

Apache, Linux

Changing the domain name of WordPress

SITUATION: You’ve had a WordPress site since a while and want to change its URL by which it is called. WordPress needs to have a constant URL to be able to work. If you just configure the web server to use another URL, it won’t work. The original URL stored in your WordPress database, which …

Apache, Linux

Dynamically change Apache response content

Although the example below doesn’t quite represent a very good one in terms of real life problem, nevertheless it shows how to implement a dynamic web server response content modification. These replacements are done in application server responses before they leave Apache web server. In this example we are dynamically replacing parts of the URI …

Apache, Linux, Postfix, XEN

Creating a XEN machine and Installing Group Office in Debian Wheezy

Introduction In this Tutorial I will explain the steps I did to create a Xen Virtual Machine with minimal packages and then install the latest Group Office Web based Collaboration software. You’ll need to be fluent in Linux and Xen because I don’t explain much here. Note: My hypervisor is Xen 4.0 in Debian Squeeze …

Apache, Linux

vhosts calling themselves behind load balancer

PROBLEM: If a virtualhost configured behind a load balancer originated http/https, requests using the proxy module in destination to the Internet IP of the virtual host, the route of the packet would then have to be: Vhost ==ProxyModule==>> LoadBalancer ==>> Loop to itself ==>> Vhost For technical reasons I needed to avoid this route. This …

Apache, Linux

Some tools for SSL certificates

Checking that a certificate is paired to the key Example: openssl rsa -noout -modulus -in mycert.key |openssl md5 33c63cb62080fdf2bc06c47a59e02917 openssl x509 -noout -modulus -in mycert.crt |openssl md5 33c63cb62080fdf2bc06c47a59e02917 Both results should be the same Generating a certificate for VSFTP openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem Creating a self signed …

Apache

Limiting connections per Virtual Host with mod_bw

Introduction: In order to limit the number of simultaneous connections to a Web server (for the whole server) the following Core directive is used in our Live web servers, limiting it to 2000 simultaneous connections per web server. MaxClients 2000 In the case of wanting to limit the number of simultaneous connections per VirtualHost we …

Apache, Linux

php5-cgi fills up memory, too many processes.

Problem Description: I just solved a strange situation where peu-à-peu the number of php5-cgi processes kept on increasing till all the RAMS were used and the system went to a crawl no more responding to web requests. Cause: After the maximum number of requests got reached for a php5-cgi requests the process gets detached from …

Apache, Linux

Verifying Web Server certificates

In the world of so many types and variations of available certificates it is sometimes difficult to be sure that the components of a certificate are fitting together. For this purposes here are some commands that will help. Verifying the a certificate chain Whether the certificates are WEB certificates or CA(Certificate of Authority) all the …