Posts tagged Apache
Apache Security – Necessary Settings
Feb 20th
PHP is powerful, and allows static html pages to become dynamic. It also allows information to translate into commands and functions. Because of this you should implement a variety of security features. The biggest security feature, which increases security of the host machine, is setting the basedir parameter. This locks PHP functions to a particular directory, not allowing them to run processes or effect files further down the tree. Use nano and the cntrl-w function to search for “open_basedir” in /etc/php5/apache/php.ini. It will most likely be commented with a # sign. Remove the # sign and add the document root of your website. If you virtualhost, you can add the root of all documents served.
Also turn off several other parementers.
allow_url_fopen
allow_url_include
display_errors
register_globals
safe_mode
Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.
Apache 2 Manage Modules and Sites – Configuration Structure
Feb 14th
Apache2 implements a structured method of organizing and enabling/disabling modules and sites. The default apache2 host is automatically turned on in /etc/apache2/sites-enabled/, and it includes the virtual hosting option. Therefore, by default, virtual hosting is enabled. Create your virtual host containers in /etc/apache2/sites-available, and then enable them by issuing the command:
sudo a2ensite xxxxx.com
VirtualHost containers are easy to format, and can point to any directory. An example virtualhost container is:
<VirtualHost *>
DocumentRoot /www/example1
ServerName www.example1.com
</VirtualHost>
# Other directives here
I tend to place the document roots in my main users home directory. Then chmod the entire document root with owner and group as your username, and then chmod it 775. A permission of 775 will give the owner and group write permissions. Then add www-data, the user running apache2, to your group:
sudo adduser www-data username
Now www-data can write to the document root, which comes in handy for many php solution including blogging software.
Modules are also managed using the a2 command. Use a2enmod/a2dismod respectively. Although with some modules like php5, when you install it the module is loaded automatically:
sudo apt-get install libapache2-mod-php5
Apache2 changed how the configuration files are coordinated. It is much more neater than containing everything in the httpd.conf file. Now there is the ports.conf file, and the sites-available/mod-available, and sites-enabled/mods-enabled directories. Essentially no real modification is required in the new apache2.conf file. The default listening port is configured in /etc/apache2/ports.conf.
Related articles by Zemanta
- How to Add Virtual Hostnames in Apache (helpdeskgeek.com)
- How To Set Up Apache2 With mod_fcgid And PHP5 On OpenSUSE 11.2 (howtoforge.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=fe98f757-f8d7-492b-afd9-59769c3eacbf)
Lighttpd – A lighter Web Server
Dec 26th
The first thing to do it get lighttpd installed with php and mysql working smoothly. Rather than reiterating the same content here is a convenient post:
http://www.howtoforge.com/lighttpd_mysql_php_debian_etch
Interesting options and various configuration for lighttpd can be found here:
http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
One insteresting, built in, option is throttling. Use connection.kbytes-per-second and you can effectivly limit users to particular data transmission rates. There is also a compression module, and a caching module. Much like apache these modules can be installed with apt-get. Issue:
sudo apt-cache search lighttpd
This will list various packages that can be installed. I know the apache modules are packaged as libapache2-mod-*.
With built in round robin and proxy modules this is an interesting package to investigate using.
Grep Without a Pipe
Dec 6th
Grep is used commonly to filter the printout of ls and ps commands. It will only print the search criteria that is the parameter of the grep command. For example:
ps aux | grep apache2
The previous command will determine if apache2 has a running process. You can also use the grep command without the pipe. This will search a folder, which you can do recursively with -r, and look for a particular string in the files. You can sift through the contents of the entire /etc directory for a particular string. How powerful!
sudo grep -r static /etc/*
The above command will most likely pull up /etc/network/interfaces, particularly if your network adapter is setup as static.
Apache Mod – Cband
Aug 23rd
The Cband Apache module can be downloded from the official website here:
This module provides full bandwith limiting of all Apache VirtualHosts. First reference the newly added module with:
LoadModule cband_module /etc/apache2/mod_cband.so
You can put the module anywhere you want, just adjust the directory location accordingly. Now you can add a VirtualHost as usually, and add the addition cband configuration parameters to establish desired functionality.
<VirtualHost *>
ServerName www.bgevolution.com
ServerAdmin admin@bgevolution.com
DocumentRoot /home/user/bgevolution/
CBandSpeed 5000kb/s 24 16
CBandRemoteSpeed 2500 12 8
</VirtualHost>
The CbandSpeed parameter established a maximum bandwidth limit on the entire VirtualHost. The 24 refers to the maximum requests per second, and the 16 refers to the maximum sustained connections at any one time. The CbandRemoteSpeed parameter establish bandwidth throttling for any one specific website visitor. With this parameter you can limit each visitor specifically. Play around with the numbers, try and download something, and you will see in real time the effect your configuration has on the actual download speed.