&& The Apache Web Server ------------------------: The apache web server is the most widely used webserver on the internet. It is a large program with a myriad of configuration options and other tools. GETTING HELP The apache webserver has very detailed documentation which should (eventually) help you out of any tight spots. @@ http://httpd.apache.org/docs/2.2/ official documentation for apache version 2.2 * install documentation for apache2 on a debian style linux >> sudo apt-get install apache2-doc * show options which can be used with apache >> man apache2 >> man apache ##(the same, for an older version) INSTALLATION * install apache version 2 on a debian-style linux >> sudo apt-get install apache2 >> sudo aptitude install apache2 ##(the same) * test the installation from the webserver computer itself >> firefox 127.0.0.1 >> firefox localhost * see what the status (running, stopped etc) of the webserver is >> sudo apache2ctl status LAMP INSTALLATION .... * install Apache2 wth the MySQL database server and PHP on a 'debian' system >> sudo tasksel install lamp-server @@ http://www.ubuntugeek.com/how-to-install-apache2-webserver-with-phpcgi-and-perl-support-in-ubuntu-server.html how to install apache2 with php and cgi but not mysql SYMBOLIC LINKS * make apache serve documents referenced by unix-style symbolic links >> options followsymlinks CGI CONFIGURATION * execute all scripts in the folder as cgi scripts >> ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/ * allow cgi execution of '.cgi' and '.pl' in a particular folder ---------------------------------------------------------------- Options +ExecCGI AddHandler cgi-script .cgi .pl ,,, * all cgi execution of all files in all user cgi-bin folders ------------------------------------------------------------ Options ExecCGI SetHandler cgi-script ,,, * a perl script to show all environment variables ------------------------------------------------- #!/usr/bin/perl print "Content-type: text/html\n\n"; foreach $key (keys %ENV) { print "$key --> $ENV{$key}
"; } ,,, PERL CGI SUPPORT .... @@ http://slashdot.org an example of a site using the apache perl module with the web server and perl scripts * install the perl-cgi module for apache >> sudo aptitude install libapache2-mod-perl2 * create a cgi folder >> sudo mkdir /home/www/cgi-bin * add to the virtual host configuration --------------------------------------- ScriptAlias /cgi-bin/ /home/www/cgi-bin/ Options ExecCGI AddHandler cgi-script cgi pl ,,, * test perl cgi support ----------------------- cd /home/www/cgi-bin sudo vim test.pl #!/usr/bin/perl -w print "Content-type: text/html\r\n\r\n"; print "Hello there!\n"; sudo chmod a+x test.pl lynx http://yourserverip/cgi-bin/test.pl ,,, PHP INSTALLATION .... * install php5 to run with apache >> sudo aptitiude install php5 libapache2-mod-php5 * install php4 to run with apache >> sudo aptitiude install php4 libapache2-mod-php4 * load the php4 or 5 modules into apache >> sudo a2enmod php5 >> sudo a2enmod php4 * test if the php installation worked swimmingly >> sudo nano /var/www/testphp.php >> add the line '' >> lynx http://localhost/testphp.php STARTING AND STOPPING THE SERVER * restart the apache server >> sudo apache2ctl restart CONFIGURATION TOOLS == some configuration tools .. rapache - graphical configuration .. MODULES @@ http://127.0.0.1/doc/apache2-doc/manual/en/mod/index.html the location of module documentation when apache2 documentation has been installed in the webserver @@ http://www.debian-administration.org/articles/136 how to enable a module * show all loaded modules >> apache2ctl -M >> apachectl -M ##(the same for older version of apache) >> httpd -M ##(for old versions of apache) * show which modules are enabled >> ls /etc/apache2/mods-enabled/ * load the php4 module into apache >> sudo a2enmod php4; sudo apache2ctl restart HTACCESS CONFIGURATION To check if .htaccess files are actually being considered put junk in them and restart the server. * allow .htaccess files to have effect >> AllowOverride all * prevent the directives in '.htaccess' files from having any effect >> AllowOverride None GLOBAL CONFIGURATION * show options for apache2 (which can be used with apache2ctl as well) >> man apache2 * show where the global configuration file is >> apache2ctl -V | grep SERVER_CONFIG_FILE * show verbose information about the installation >> apache2ctl -V * edit the apache2 global configuration file >> sudo nano /etc/apache2/apache2.conf >> sudo vim /etc/apache2/apache2.conf ##(for the intrepid) * change the default document root to '/home/www/' >> DocumentRoot /home/www/ >> and the following tag >> >> ... >> * edit the configuration file for a virtual host >> sudo vim /etc/apache2/sites-available/default ALIASES REDIRECTIONS * place redirections in the ".htaccess" file >> Redirect / http://www.site.com * redirect any requests to '/msadc' to microsoft >> redirect /msadc http://www.microsoft.com * redirect any request to a 'cmd.exe' file to microsoft >> RedirectMatch (.*)\cmd.exe$ http://www.microsoft.com$1 USING MOD REWRITE .... @@ http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html solving specific problems using the rewrite module @@ http://www.tutorio.com/tutorial/enable-mod-rewrite-on-apache how to enable the rewrite module * redirect filenames ending in ".txt.html" to the cgi script 'text2html.cgi' >> RewriteRule ^(.*)\.txt\.html$ /cgi-bin/text2html.cgi?$1 For example a request to >> www.server.org/path/file.txt.html Is translated to >> www.server.org/cgi-bin/text2html.cgi?path/file.txt.html * redirect 'www.m.org' to 'www.m.org/cgi-bin/test.cgi? >> RewriteRule ^$ /cgi-bin/test.cgi?$1 * allow editing of the '.htaccess' file (probably not a great idea) >> RewriteRule ^htaccess$ /cgi-bin/edit.cgi?../htdocs/.htaccess If the user makes a request to 'www.m.org/htaccess' she will be redirected to 'www.m.org/cgi-bin/edit.cgi?../htdocs/.htaccess. If the 'edit.cgi' script allows editing of files, then this is one, extremely insecure way of update the '.htaccess' file. CONDITIONAL REDIRECTIONS .... * redirect requests from 192.12.131.1 to the page 'about.html' .,, SetEnvIf REMOTE_ADDR 192.12.131.1 REDIR="redir" RewriteCond %{REDIR} redir RewriteRule ^/$ /about.html ,,, DENYING ACCESS In some cases it is advisable to disallow any web-access to a file on the web-server. * deny access from anybody to a web-folder >> deny from all * forbidd access to all files with a '.cfg' filename extension -------------------------------------------------------------- order allow,deny deny from all ,,, * forbid access for anyone to the file 'config.inc.php' ------------------------------------------------------- order allow,deny deny from all ,,, ALLOW ACCESS BY IP ADDRESS Allow connections only from the ip address 192.126.12.199 .,, order allow deny deny from all allow from 192.126.12.199 ,,, USING BASIC AUTHENTICATION .... @@ http://www.htpasswdgenerator.com/apache/htaccess.html a simple introduction to the htaccess file * create a password file for user 'jon' to use with basic authentication >> htpasswd -c /path/to/passwordfile jon * place the text 'restricted zone' in the title bar of the login box >> AuthName "restricted zone" * set a password for the file 'private.txt' ------------------------------------------- AuthName "Users zone" AuthType Basic AuthUserFile /pub/home/your_login/.htpasswd ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd Require valid-user ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd Require valid-user ,,, * require a password to access all files which end with 'cgi' or 'txt' --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd Require valid-user ,,, * require a password to access an entire folder ----------------------------------------------- AuthName "Private zone" AuthType Basic AuthUserFile /pub/home/user/.htpasswd require valid-user ,,, This should be placed in a '.htaccess' file in the folder which you wish to protect, or else in a tag in the global configuration file. LOG FILES == log file tools .. ip2host - substitute servernames for ip addresses in the log files .. jdresolv - alternative to logresolv .. logstalgia - access log visualizer .. visitors - access log analyser .. vlogger - log file rotator * show the apache2 error log on a debian-style linux system >> less /var/log/apache2/error.log * look in configuration files to see where the error log file is >> grep -sri errorlog /etc/apache2 MONITORING == apache webserver monitoring tools .. apachetop .. LOAD TESTING == .. jmeter - load testing and metering OTHER WEB SERVERS == some alternatives to apache .. mini-httpd - a small server with cgi .. lighttpd - small server .. cherokee - another one .. nanoweb - web server written in php (!?) .. nginx - .. NOTES * restart apache only if config works >> alias restart='apache2ctl configtest && apache2ctl restart' * List apache2 virtualhosts >> /usr/sbin/apache2ctl -S 2>&1 | perl -ne 'm@.*port\s+([0-9]+)\s+\w+\s+(\S+)\s+\((.+):.*@ && do { print "$2:$1\n\t$3\n"; $root = qx{grep DocumentRoot $3}; $root =~ s/^\s+//; print "\t$root\n" };' * Restart the web server gracefully >> apache2ctl graceful DOCUMENT-NOTES: # this section contains information about the document and # will not normally be printed. # A small (16x16) icon image to identify the book document-icon: # A larger image to identify or illustrate the title page document-image: # what sort of document is this document-type: book # in what kind of state (good or bad) is this document document-quality: just beginning # work which has been carried out on this document document-history: @@ 2009 document begun, in a very rudimentary fashion. @@ jan 29, 2010 adding some configuration information # who wrote this authors: mjbishop at fastmail dot fm # a short description of the contents, possible used for doc lists short-description: how to administer the apache web server # the script which will be used to produce html (a webpage) make-html: booktohtml.cgi # the script which will produce 'LaTeX' output (for printing, pdf etc) make-latex: booktolatex.cgi * Watch for when your web server returns >> watch -n 15 curl -s --connect-timeout 10 http://www.google.com/ * Analyse an Apache access log for the most common IP addresses >> tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail