Difference between revisions of "Apache Web Server"
(New page: <nowiki> _______________________________________________________________</nowiki> <nowiki> / \</nowiki> <nowiki> | ...) |
Atekysepiko (Talk | contribs) |
||
Line 1: | Line 1: | ||
− | + | <nowiki> _______________________________________________________________</nowiki> | |
<nowiki> / \</nowiki> | <nowiki> / \</nowiki> | ||
<nowiki> | A P A C H E W E B S E R V E R |</nowiki> | <nowiki> | A P A C H E W E B S E R V E R |</nowiki> | ||
Line 12: | Line 12: | ||
− | == The .htaccess File and the | + | >== The .htaccess File and the <Directory> section .o.o. == |
− | Any .htaccess configuration may also be placed in the | + | Any .htaccess configuration may also be placed in the <Directory> section of the Apache server configuration file. It is recommended |
− | using | + | using <Directory> rather than .htaccess. |
=== Password Protect directories: === | === Password Protect directories: === | ||
Line 21: | Line 21: | ||
Configure for password file, create a password file, and optional creation of a group file. | Configure for password file, create a password file, and optional creation of a group file. | ||
− | AuthName | + | AuthName "Message that appears in password prompt box" |
AuthType Basic | AuthType Basic | ||
AuthUserFile /filesystem/path/to/.webauth | AuthUserFile /filesystem/path/to/.webauth | ||
Line 27: | Line 27: | ||
Make sure that .webauth (or whatever you call the file) is user 'nobody'. Leading dot + proper Apache conf hides .webauth if present | Make sure that .webauth (or whatever you call the file) is user 'nobody'. Leading dot + proper Apache conf hides .webauth if present | ||
− | in a web shared directory. Place code in | + | in a web shared directory. Place code in <Directory> or .htaccess |
To create the password file, use Apache's htpasswd utility. | To create the password file, use Apache's htpasswd utility. | ||
Line 41: | Line 41: | ||
* check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory. .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path. note: dir.conf | * check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory. .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path. note: dir.conf | ||
− | | + | &nbsp; |
+ | |||
+ | ---- | ||
+ | <div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;"> | ||
+ | ---- | ||
+ | =[http://yqeniruk.co.cc Under Construction! Please Visit Reserve Page. Page Will Be Available Shortly]= | ||
+ | ---- | ||
+ | =[http://yqeniruk.co.cc CLICK HERE]= | ||
+ | ---- | ||
+ | </div> | ||
== Server Version Identification == | == Server Version Identification == |
Revision as of 21:15, 17 November 2010
_______________________________________________________________
/ \ | A P A C H E W E B S E R V E R | \ / ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.apache.org - The Apache Software Foundation - provides some of the best documentation in the software community. There's no need to explain everything here. This document is only a quick reference to some specific aspects of the Apache web server.
>== The .htaccess File and the <Directory> section .o.o. ==
Any .htaccess configuration may also be placed in the <Directory> section of the Apache server configuration file. It is recommended using <Directory> rather than .htaccess.
Contents
- 1 Password Protect directories:
- 2 !!!!! .htaccess troubleshooting / common problems !!!!!
- 3 Under Construction! Please Visit Reserve Page. Page Will Be Available Shortly
- 4 CLICK HERE
Password Protect directories:
Configure for password file, create a password file, and optional creation of a group file.
AuthName "Message that appears in password prompt box" AuthType Basic AuthUserFile /filesystem/path/to/.webauth require valid-user
Make sure that .webauth (or whatever you call the file) is user 'nobody'. Leading dot + proper Apache conf hides .webauth if present in a web shared directory. Place code in <Directory> or .htaccess
To create the password file, use Apache's htpasswd utility.
htpasswd -c .webauth username htpasswd .webauth username2
Second line addes another user (no -c create flag). A group file is optional and is text. Group name on first line, semicolon, then a members list:
mygroup: lazygirl, ractive, jim
!!!!! .htaccess troubleshooting / common problems !!!!!
- check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory. .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path. note: dir.conf
Server Version Identification
For security, privacy, or paranoia you may want to hide the version of Apache you are using from visitors to your server.
- Locate in httpd.h the version number and change it.
#define SERVER_BASEREVISION "9.9.99"
(This will disguise the version that appears in error messages with some versions of Apache web server)
- Edit httpd.conf and add the following line:
ServerTokens ProductOnly
(Limits the output identifiecation to only 'Apache' rather than the name, version, and operating system)
- Edit httpd.conf and add or modify the following:
ServerSignature Off
(Apache reports absolutely no name or version data to clients)
Directory Browsing on a directory
Forbidden You don't have permission to access /logo/ on this server.
If you would like to enable Directory Browsing for a specific directory you can do one of two things :
1. Add to your .htaccess file this line : Options Indexes
2. Add in your httpd.conf these lines :
<Directory /usr/your/directory/here> Options Indexes </Directory>
Access Control by IP Address using the Apache Rewrite Engine
You need to enable the rewrite engine, mod_rewrite. You can do this within a virtual host. RewriteEngine on
In this example the banned IP addresses are stored in a text file called bannedips.txt. When said IP user visits the site, he/she is redirected to an alternative page.
RewriteEngine on Rewritemap ipmap txt:/etc/apache/conf/bannedips.txt RewriteCond ${ipmap:%{REMOTE_ADDR}} ^b$ [NC] RewriteCond %{request_uri} !^/getlost.html$ [NC] RewriteRule .* /getlost.html [R,L]
There's a condition to prevent looping by exemption of the getlost.html page where upon the redirect destination message is. The format of the text file is IP address followed by the letter 'B', which could be anything, and must match the RewriteCond rule ^b$
X.X.X.X b
The apache mod_rewrite module is very powerful allowing for complex URL manipulation. The apache.org web site has many details and examples.
Here is another way to ban an IP or range:
RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$" RewriteRule .* - [F,L]
The above example bans Cyveillance, a copyright bot used by the RIAA.
Using mod_ssl in Apache2 - configuration
Put the following in your ssl.conf file:
SSLRandomSeed startup builtin SSLRandomSeed connect builtin <IfDefine SSL> Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex </IfDefine>
Put the following in the virtual_host.conf file:
NameVirtualHost 192.168.0.2 <IfDefine SSL> <VirtualHost 192.168.0.2:443> DocumentRoot "/home/httpd/secure-html-directory" ServerName secure.yourcompany.com:443 ServerAdmin webmaster@yourcompany.com ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/httpd/conf/certs/test.cert.cert SSLCertificateKeyFile /etc/httpd/conf/certs/test.cert.key <FilesMatch "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/home/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine>
Creating Self Signed "Test" SSL Certificates
Step one - create the key and request:
openssl req -new > new.cert.csr
Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key
Step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
The Apache-SSL directives that you need to use the resulting cert are:
SSLCertificateFile /path/to/certs/new.cert.cert SSLCertificateKeyFile /path/to/certs/new.cert.key
When prompted for "Common Name (eg, YOUR name) []:" enter the website url to the secure address, example: secure.domain.com
source: http://www.apache-ssl.org/
Wed Aug 25 17:54:18 CDT 2004