Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Archive for the 'HTTP' Category

This category gather articles related to How To configure a HTTP, mainly Apache. Creating VirtualHost, configuring awstats, making a server runs PHP5…

How-To: Apache2 authentication using MySQL backend — page 2

Posted by chantra on 17th December 2008

This entry is part 1 of 2 in the series How-To: Apache2 authentication using MySQL backend

3. Creating users

Here we will be using sha1 password. To create a password, you can use the following command:

# echo -n 'password' | sha1sum
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 -

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, HTTP, Networking, System | 5 Comments »

How-To: Apache2 authentication using MySQL backend

Posted by chantra on 17th December 2008

This entry is part 1 of 2 in the series How-To: Apache2 authentication using MySQL backend

this tutorial will explain how to use a MySQL backend in order to authentication users against your Apache website.

To achieve this we will use Apache2 and its auth_mysql module.

Read the rest of this entry »

Tags: , , ,
Posted in Administration, HowTo, HTTP, Networking, System | 1 Comment »

Awstats: Error: Couldn’t open server log file … logresolvemerge.pl … access.log …. No such file or directory

Posted by chantra on 9th April 2007

After an upgrade from Debian 3.1 (sarge) to Debian 4.0 (etch), awstats stopped automatically updating.

Awstats was complaining that the log files could found. By logging in to the server, user www-data was able to open the files, but still awstats was complaining.

Read the rest of this entry »

Tags: , ,
Posted in Administration, HowTo, HTTP, System | 1 Comment »

Spying Apache server activity and performance with mod_status

Posted by chantra on 27th September 2006

On Debian based systems such as Ubuntu... Apache comes with mod_status compiled in by default.
mod_status provides information on your apache server activity and performance.
This tutorial will show you how to enable this feature in such a way that only requested issued from localhost will be accepted and served.
Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

Basic Apache Optimizations — page 2

Posted by chantra on 23rd September 2006

This entry is part 2 of 2 in the series Basic Apache Optimizations

KeepAlive

KeepAlive is a feature that make the server keep each listening connection alive for a certain amount of time, allowing a client and the server to keep the same connection for a certain amount of time. This feature has benefits and drawbacks.
A benefit would be that a client making more than one request won't have to re-initiate a new connection for each request.
A drawback will be that ressources on the server are monopolize for a predefined time, even though the client might not request other pages.

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

Basic Apache Optimizations

Posted by chantra on 23rd September 2006

This entry is part 1 of 2 in the series Basic Apache Optimizations

Apache, the most popular web server, is a stable and reliable software for providing web pages to the world. But sometimes, it happens that Apache will struggle under high loaded traffic.

Here is an overview on how you can optimize apache so it can cope with higher loads. Those tips are not meant to be exceptional but should be sufficient to increase your web site performance by handling more traffic.

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

Secure your Apache2 with mod-security — page 3

Posted by chantra on 13th August 2006

This entry is part 3 of 3 in the series Secure your Apache2 with mod-security

4. mod-security filter examples:

Suppose for instance you want to prevent attackers injecting shell command execution through your scripts. You could use this query in order to block anything containing /bin/:

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

Secure your Apache2 with mod-security — page 2

Posted by chantra on 13th August 2006

This entry is part 2 of 3 in the series Secure your Apache2 with mod-security

3. Adding Filtering Rules:

mod-security can take two kinds of filters:

  • Simple Filters: SecFilter directive
  • Advance Filters: SecFilterSelective directive

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

Secure your Apache2 with mod-security

Posted by chantra on 13th August 2006

This entry is part 1 of 3 in the series Secure your Apache2 with mod-security

This article will show how-to install, configure and set up apache's mod-security module on a debian based system. This was done on Ubuntu Dapper and should fit any Debian based system.

Mod_security is an Apache 1.x/2.x module whose purpose is to tighten the Web application security by shielding the applications from attack. The idea is to filter request and web content before passing it to apache core.

Once installed, mod-security needs to be defined some rules matching patterns, filter request and HTTP stream and in the end do different actions like allowing, denying, log...

Effectively, it is an intrusion detection and/or prevention system for apache web server.

Read the rest of this entry »

Tags: ,
Posted in Administration, HowTo, HTTP | No Comments »

How-To: Apache web server basic security measures — page 2

Posted by chantra on 30th July 2006

This entry is part 2 of 2 in the series How-To: Apache web server basic security measures

3. PHP:

Another way to hide which PHP version you are running can be achieved through php.ini.
Php as a directive of its own in order not to be too verbose, this is the variable called expose_php. Turning this one to Off will avoid php telling that it is running. In the following output, I had ServerTokens set to Full and expose_php to Off:
Read the rest of this entry »

Tags:
Posted in Administration, HowTo, HTTP | No Comments »