Apache – Page 2 – GEEKDECODER

Set up vhost in CentOS

June 1, 2016 The Geek Decoder No Comments Apache

Make a vhosts file in /etc/httpd/conf.d


# nano dominname.conf

Add the following

# file: /etc/http/conf.d/dominname.conf
# vhost: geekdecoder.com *.dominname.com
#NameVirtualHost *:80

<VirtualHost *:80>

  # Admin email, Server Name (domain name) and any aliases
    ServerName dominname.com
    ServerAlias www.dominname.com
    ServerAdmin webmaster@dominname.com

  # Index file and Document Root (where the public files are located)
    DirectoryIndex index.html index.php
    DocumentRoot /home/dominname/public_html

  # Custom log file locations
    LogLevel warn
    ErrorLog /home/dominname/logs/error.log
    CustomLog /home/dominname/logs/access.log combined

  # Error Documents
    ErrorDocument 404 /errors/404.html
    ErrorDocument 403 /errors/403.html

  <Directory />
    AllowOverride All
    Options None
  </Directory>

 <Directory "/home/dominname/public_html">
    Order allow,deny
    Allow from all
    Options SymLinksIfOwnerMatch
    Options -Indexes
    Options -Includes
  </Directory>

  ScriptAlias /cgi-bin/ /home/dominname/public_html/cgi-bin/
  <Location /cgi-bin>
  Options +ExecCGI
  </Location>

</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/dominname.crt
        SSLCertificateKeyFile /etc/pki/tls/private/dominname.key
        <Directory /home/dominname/public_html/>
        AllowOverride All
        </Directory>
        DocumentRoot /home/dominname/public_html
        ServerName dominname.com
</VirtualHost>

How to keep apache and mysql from starting automatically on Ubuntu 14

December 30, 2015 The Geek Decoder No Comments Apache, MySQL, Ubuntu

For all system services in /etc/init.d, disabling them can be done with the update-rc.d command, e.g.:


# update-rc.d -f apache2 remove

To restore it to running on startup:


# update-rc.d apache2 defaults

You can also manually start and stop via service apache2 start and service apache2 stop

Install Apache, Mysql and PHP on Ubuntu 14.04

September 29, 2015 The Geek Decoder No Comments Apache, MySQL, PHP, Ubuntu

How to install Apache, MySQL and PHP on Ubuntu 14.04

Update

# sudo apt-get update

Apache

# sudo apt-get install apache2

Install MySQL

# sudo apt-get install mysql-server php5-mysql

# sudo mysql_install_db

# mysql_secure_installation

Install PHP

# sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt

Restart Server

# sudo /etc/init.d/apache2 restart

Check Apache

Open a web browser and navigate to http://IPADDRESS. You should see a message saying It works!

Check PHP

# php -r 'echo "\n\nYour PHP installation is working fine.\n\n\n";'

The requested resource does not allow request data with POST requests

September 7, 2015 The Geek Decoder No Comments Apache

The requested resource
/marketplace/marketplaceaccount/editProfile/
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit

mod_security configuration in the /etc/httpd/conf.d/mod_security.conf file:


# Maximum request body size we will
# accept for buffering
SecRequestBodyLimit 131072

You should be able to change this value and restart apache for the uploads to work.

Update SSL cipher Suite from 1.0 to 1.2

August 28, 2015 The Geek Decoder No Comments Apache, SSL Certificates

SSL certificate info on Chrome you get a message that we are using an obsolete cipher suite TLS 1.0. We need to upgrade to 1.1 or 1.2. How can this be done?

# nano /etc/httpd/conf.d/ssl.conf

Old


# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

New

##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
SSLProtocol All -SSLv2 -SSLv3

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
#
##   SSL Cipher Suite:
## List the ciphers that the client is permitted to negotiate.
## See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Find and disable specific ModSecurity rules

July 26, 2015 The Geek Decoder No Comments Apache, cPanel, Mod_Security, WHM

ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests.

Note: Using SecRuleEngine Off in your modsecurity configuration, you won’t want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity. The SecRuleRemoveById setting is used instead to only disable one specific rule.

If you are seeing errors in you apache log files for a domain such as:


[Sat Jul 25 16:34:57 2015] [error] [client ??.7.??.??] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"][severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "domain.com"] [uri "/skin/frontend/base/default/js/cadence/lib/jquery.cookie.js"] [unique_id "VbQdIdg3u9IAAB9DPQkAAAAH"]

Mod _security is doing its job. If this is a valid script, you can make a change and allow it.
Run the following from ssh:

# grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

The results will look like this:

 # 100 1234123404 www.domain.com /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js

ModSecurity rule ID 1234123404 has been triggered at least 100 times when accessing /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js file.

In order to disable just the specific ModSecurity rule for the 1234123404 rule, run the following command:


# echo "SecRuleRemoveById 1234123404" >> /usr/local/apache/conf/userdata/std/2/userna5/domain.com/modsec.conf

You can also search for the rule in WHM/cPanel at Home »Security Center »ModSecurity™ Tools » Rules List

Note the error in the log file – the ID:

# [id "1234123404"]

This is the rule. Search for this at Home »Security Center »ModSecurity™ Tools » Rules List.

You can click disable to allow the script.

warn] module security2_module is already loaded, skipping

July 20, 2015 The Geek Decoder No Comments Administration, Apache

It simply means that the security2 module is being listed twice in your httpd configurations.

edited /etc/httpd/conf/httpd.conf and commented out the occurrence of this module so you should no longer see this notification.

Enable UserDir on CentOS vhosts

June 28, 2015 The Geek Decoder No Comments Apache

Edit the /etc/httpd/conf/httpd.conf file.
Change the ‘UserDir disabled’ line to ‘UserDir enabled ’.
Uncomment the ‘UserDir public_html’ line.
Also uncomment the whole ‘’ section until the ‘’.
Apply the proper permissions:


# chmod 711 ~<username>


# chmod 755 -R ~<username>/public_html/

<IfModule mod_userdir.c>
 #
 # UserDir is disabled by default since it can confirm the presence
 # of a username on the system (depending on home directory
 # permissions).
 #
UserDir enabled unixmenuser

 #
 # To enable requests to /~user/ to serve the user's public_html
 # directory, remove the "UserDir disabled" line above, and uncomment
 # the following line instead:
 #
 UserDir public_html

</IfModule>

<Directory /home/*/public_html>
Options Indexes Includes FollowSymLinks
##For  apache 2.2,Please use:

 AllowOverride All
 Allow from all
 Order deny,allow
#For apache >= 2.4,Please  use :
  Require all granted

</Directory>

Find httpd confi file for an IP

May 20, 2015 The Geek Decoder No Comments Apache

Find apache config files for an IP

httpd -S

Compressing web pages with mod_deflate

April 1, 2015 The Geek Decoder No Comments Apache

The mod_deflate module allows the Apache2 web service to compress files and deliver them to clients (browsers) that can handle them. With mod_deflate you can compress HTML, text or XML files by up to 70% of their original sizes. Thus, saving you server traffic and speeding up page loads.

Compressing files will increase load on your server, but it is a small tradeoff considering your client’s connection times will decrease significantly.

This will not exclude users with older browsers that cannot handle compressed content. The browser negotiates with the server before any file is transferred, and if the browser does not have the capability to handle compressed content, the server delivers the files uncompressed.

mod_deflate has replaced Apache 1.3’s mod_gzip in Apache2.

This article shows how to enable mod_deflate globally across all the domains on your DV server. Should you only wish to enable for a single domain you’d need to add the AddOutputFilterByType and BrowserMatch rules below to the VirtualHost section in your configuration.

For Plesk:

Set server wide configuration file in /etc/httpd/conf.d/

Make sure that mod_deflate is enabled on your server. Your DV server should have it enabled by default. If the following command returns a line with a “#” at the beginning you will have to remove(uncomment) the “#” character using vi or the perl command below:


# grep 'mod_deflate' /etc/httpd/conf/httpd.conf

If the result was LoadModule deflate_module modules/mod_deflate.so, you can continue.

If the result was #LoadModule deflate_module modules/mod_deflate.so, please run the following command:


# perl -pi -e 's/# LoadModule mod_deflate/LoadModule mod_deflate/g' /etc/httpd/conf/httpd.conf

Now that we have verified that mod_deflate is in fact being loaded by Apache, we must configure the module. First, backup your existing conf file in case you need to revert back:


# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

Using nano, we will edit our Apache conf file and add the following lines at the very bottom of the file, making sure they are separated from any other configurations:


nano /etc/httpd/conf/httpd.conf

     #
     # Deflate output configuration
     #
     AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
     BrowserMatch ^Mozilla/4 gzip-only-text/html
     BrowserMatch ^Mozilla/4\.0[678] no-gzip
     BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

Save your file. Now, we need to check that Apache likes our changes using the apachectl command:


# /usr/sbin/apachectl -t

You should see a Syntax OK message. If not, please check your file to make sure you modified the file correctly. Next, we need to restart apache using the same apachectl command:


# /usr/sbin/apachectl graceful

You have now enabled mod_deflate on your DV server! You can see whether the changes are in effect using the following tool at http://whatsmyip.org/mod_gzip_test/.