Difference between revisions of "Apache Web Server"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m (Reverted edits by Atekysepiko (Talk); changed back to last version by Admin)
Line 1: Line 1:
<nowiki>  _______________________________________________________________</nowiki>
+
<nowiki>  _______________________________________________________________</nowiki>
 
  <nowiki>  /                                                              \</nowiki>
 
  <nowiki>  /                                                              \</nowiki>
 
  <nowiki> |                A P A C H E  W E B  S E R V E R                |</nowiki>
 
  <nowiki> |                A P A C H E  W E B  S E R V E R                |</nowiki>
Line 12: Line 12:
  
  
>== The .htaccess File and the &lt;Directory&gt; section .o.o. ==
+
== The .htaccess File and the <Directory> section .o.o. ==
  
Any .htaccess configuration may also be placed in the &lt;Directory&gt; section of the Apache server configuration file.  It is recommended
+
Any .htaccess configuration may also be placed in the <Directory> section of the Apache server configuration file.  It is recommended
using &lt;Directory&gt; rather than .htaccess.
+
using <Directory> rather than .htaccess.
  
 
=== Password Protect directories: ===
 
=== Password Protect directories: ===
Line 21: Line 21:
 
Configure for password file, create a password file, and optional creation of a group file.
 
Configure for password file, create a password file, and optional creation of a group file.
  
     AuthName &quot;Message that appears in password prompt box&quot;
+
     AuthName "Message that appears in password prompt box"
 
     AuthType Basic
 
     AuthType Basic
 
     AuthUserFile /filesystem/path/to/.webauth  
 
     AuthUserFile /filesystem/path/to/.webauth  
Line 27: Line 27:
  
 
Make sure that .webauth (or whatever you call the file) is user 'nobody'.  Leading dot + proper Apache conf hides .webauth if present
 
Make sure that .webauth (or whatever you call the file) is user 'nobody'.  Leading dot + proper Apache conf hides .webauth if present
in a web shared directory.  Place code in &lt;Directory&gt; or .htaccess  
+
in a web shared directory.  Place code in <Directory> or .htaccess  
  
 
To create the password file, use Apache's htpasswd utility.
 
To create the password file, use Apache's htpasswd utility.
Line 41: Line 41:
 
* check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory.  .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path.  note: dir.conf
 
* check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory.  .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path.  note: dir.conf
  
&amp;nbsp;
+
&nbsp;
 
+
----
+
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
+
----
+
=[http://yqeniruk.co.cc Under Construction! Please Visit Reserve Page. Page Will Be Available Shortly]=
+
----
+
=[http://yqeniruk.co.cc CLICK HERE]=
+
----
+
</div>
+
  
 
== Server Version Identification ==
 
== Server Version Identification ==

Revision as of 12:49, 24 November 2010

   _______________________________________________________________
  /                                                               \
 |                A P A C H E   W E B   S E R V E R                |
  \                                                               /
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   www.apache.org - The Apache Software Foundation - provides some
   of the best documentation in the software community.  There's no
   need to explain everything here.  This document is only a quick
   reference to some specific aspects of the Apache web server.


The .htaccess File and the <Directory> section .o.o.

Any .htaccess configuration may also be placed in the <Directory> section of the Apache server configuration file. It is recommended using <Directory> rather than .htaccess.

Password Protect directories:

Configure for password file, create a password file, and optional creation of a group file. 

   AuthName "Message that appears in password prompt box"
   AuthType Basic
   AuthUserFile /filesystem/path/to/.webauth 
   require valid-user

Make sure that .webauth (or whatever you call the file) is user 'nobody'. Leading dot + proper Apache conf hides .webauth if present in a web shared directory. Place code in <Directory> or .htaccess

To create the password file, use Apache's htpasswd utility. 

   htpasswd -c .webauth username
   htpasswd .webauth username2

Second line addes another user (no -c create flag). A group file is optional and is text. Group name on first line, semicolon, then a members list: 

   mygroup: lazygirl, ractive, jim

!!!!! .htaccess troubleshooting / common problems !!!!!

  • check to ensure AllowOverride AuthConfig is set for the file system path to the protected directory. .htaccess MAY NOT BE ENABLED on a virtual domain basis, so check the Directory path. note: dir.conf

 

Server Version Identification

For security, privacy, or paranoia you may want to hide the version of Apache you are using from visitors to your server.

  • Locate in httpd.h the version number and change it. 
 #define SERVER_BASEREVISION "9.9.99"

(This will disguise the version that appears in error messages with some versions of Apache web server)

  • Edit httpd.conf and add the following line: 
 ServerTokens ProductOnly

(Limits the output identifiecation to only 'Apache' rather than the name, version, and operating system)

  • Edit httpd.conf and add or modify the following: 
 ServerSignature Off

(Apache reports absolutely no name or version data to clients)

 

Directory Browsing on a directory

Forbidden
You don't have permission to access /logo/ on this server.

If you would like to enable Directory Browsing for a specific directory you can do one of two things :

1. Add to your .htaccess file this line : Options Indexes

2. Add in your httpd.conf these lines : 

<Directory /usr/your/directory/here>
   Options Indexes
</Directory>

 

Access Control by IP Address using the Apache Rewrite Engine

You need to enable the rewrite engine, mod_rewrite. You can do this within a virtual host. RewriteEngine on

In this example the banned IP addresses are stored in a text file called bannedips.txt. When said IP user visits the site, he/she is redirected to an alternative page. 

   RewriteEngine on
   Rewritemap ipmap txt:/etc/apache/conf/bannedips.txt
   RewriteCond ${ipmap:%{REMOTE_ADDR}} ^b$ [NC]
   RewriteCond %{request_uri} !^/getlost.html$ [NC]
   RewriteRule .* /getlost.html [R,L]

There's a condition to prevent looping by exemption of the getlost.html page where upon the redirect destination message is. The format of the text file is IP address followed by the letter 'B', which could be anything, and must match the RewriteCond rule ^b$ 

   X.X.X.X b

The apache mod_rewrite module is very powerful allowing for complex URL manipulation. The apache.org web site has many details and examples.

Here is another way to ban an IP or range: 

   RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$"
   RewriteRule .* - [F,L]

The above example bans Cyveillance, a copyright bot used by the RIAA.

 

Using mod_ssl in Apache2 - configuration

Put the following in your ssl.conf file: 

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/run/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex
</IfDefine>

Put the following in the virtual_host.conf file: 

NameVirtualHost 192.168.0.2 
<IfDefine SSL>
<VirtualHost 192.168.0.2:443>
DocumentRoot "/home/httpd/secure-html-directory"
ServerName secure.yourcompany.com:443
ServerAdmin webmaster@yourcompany.com
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/certs/test.cert.cert
SSLCertificateKeyFile /etc/httpd/conf/certs/test.cert.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/home/httpd/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>                                  
</IfDefine>

 

Creating Self Signed "Test" SSL Certificates

Step one - create the key and request:

 openssl req -new > new.cert.csr

Step two - remove the passphrase from the key (optional):

 openssl rsa -in privkey.pem -out new.cert.key

Step three - convert request into signed cert:

  openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365

The Apache-SSL directives that you need to use the resulting cert are: 

 SSLCertificateFile /path/to/certs/new.cert.cert
 SSLCertificateKeyFile /path/to/certs/new.cert.key

When prompted for "Common Name (eg, YOUR name) []:" enter the website url to the secure address, example: secure.domain.com

source: http://www.apache-ssl.org/

 

Wed Aug 25 17:54:18 CDT 2004

Retrieved from "http://wiki.robotz.com/index.php?title=Apache_Web_Server&oldid=5051"