&& The Apache Web Server ------------------------: The apache web server is the most widely used webserver on the internet. It is a large program with a myriad of configuration options and other tools. GETTING HELP The apache webserver has very detailed documentation which should (eventually) help you out of any tight spots. @@ http://httpd.apache.org/docs/2.2/ official documentation for apache version 2.2 * install documentation for apache2 on a debian style linux >> sudo apt-get install apache2-doc * show options which can be used with apache >> man apache2 >> man apache ##(the same, for an older version) INSTALLATION * install apache version 2 on a debian-style linux >> sudo apt-get install apache2 >> sudo aptitude install apache2 ##(the same) * test the installation from the webserver computer itself >> firefox 127.0.0.1 >> firefox localhost * see what the status (running, stopped etc) of the webserver is >> sudo apache2ctl status LAMP INSTALLATION .... * install Apache2 wth the MySQL database server and PHP on a 'debian' system >> sudo tasksel install lamp-server @@ http://www.ubuntugeek.com/how-to-install-apache2-webserver-with-phpcgi-and-perl-support-in-ubuntu-server.html how to install apache2 with php and cgi but not mysql SYMBOLIC LINKS * make apache serve documents referenced by unix-style symbolic links >> options followsymlinks CGI CONFIGURATION * execute all scripts in the folder as cgi scripts >> ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/ * allow cgi execution of '.cgi' and '.pl' in a particular folder ---------------------------------------------------------------- <Directory /usr/local/apache2/htdocs/somedir> Options +ExecCGI AddHandler cgi-script .cgi .pl </Directory> ,,, * all cgi execution of all files in all user cgi-bin folders ------------------------------------------------------------ <Directory /home/*/public_html/cgi-bin> Options ExecCGI SetHandler cgi-script </Directory> ,,, * a perl script to show all environment variables ------------------------------------------------- #!/usr/bin/perl print "Content-type: text/html\n\n"; foreach $key (keys %ENV) { print "$key --> $ENV{$key}<br>"; } ,,, PERL CGI SUPPORT .... @@ http://slashdot.org an example of a site using the apache perl module with the web server and perl scripts * install the perl-cgi module for apache >> sudo aptitude install libapache2-mod-perl2 * create a cgi folder >> sudo mkdir /home/www/cgi-bin * add to the virtual host configuration --------------------------------------- ScriptAlias /cgi-bin/ /home/www/cgi-bin/ <Directory /home/www/cgi-bin/> Options ExecCGI AddHandler cgi-script cgi pl </Directory> ,,, * test perl cgi support ----------------------- cd /home/www/cgi-bin sudo vim test.pl #!/usr/bin/perl -w print "Content-type: text/html\r\n\r\n"; print "Hello there!\n"; sudo chmod a+x test.pl lynx http://yourserverip/cgi-bin/test.pl ,,, PHP INSTALLATION .... * install php5 to run with apache >> sudo aptitiude install php5 libapache2-mod-php5 * install php4 to run with apache >> sudo aptitiude install php4 libapache2-mod-php4 * load the php4 or 5 modules into apache >> sudo a2enmod php5 >> sudo a2enmod php4 * test if the php installation worked swimmingly >> sudo nano /var/www/testphp.php >> add the line '<?php phpinfo(); ?>' >> lynx http://localhost/testphp.php STARTING AND STOPPING THE SERVER * restart the apache server >> sudo apache2ctl restart CONFIGURATION TOOLS == some configuration tools .. rapache - graphical configuration .. MODULES @@ http://127.0.0.1/doc/apache2-doc/manual/en/mod/index.html the location of module documentation when apache2 documentation has been installed in the webserver @@ http://www.debian-administration.org/articles/136 how to enable a module * show all loaded modules >> apache2ctl -M >> apachectl -M ##(the same for older version of apache) >> httpd -M ##(for old versions of apache) * show which modules are enabled >> ls /etc/apache2/mods-enabled/ * load the php4 module into apache >> sudo a2enmod php4; sudo apache2ctl restart HTACCESS CONFIGURATION To check if .htaccess files are actually being considered put junk in them and restart the server. * allow .htaccess files to have effect >> AllowOverride all * prevent the directives in '.htaccess' files from having any effect >> AllowOverride None GLOBAL CONFIGURATION * show options for apache2 (which can be used with apache2ctl as well) >> man apache2 * show where the global configuration file is >> apache2ctl -V | grep SERVER_CONFIG_FILE * show verbose information about the installation >> apache2ctl -V * edit the apache2 global configuration file >> sudo nano /etc/apache2/apache2.conf >> sudo vim /etc/apache2/apache2.conf ##(for the intrepid) * change the default document root to '/home/www/' >> DocumentRoot /home/www/ >> and the following <Directory> tag >> <Directory /home/www/> >> ... >> </Directory> * edit the configuration file for a virtual host >> sudo vim /etc/apache2/sites-available/default ALIASES REDIRECTIONS * place redirections in the ".htaccess" file >> Redirect / http://www.site.com * redirect any requests to '/msadc' to microsoft >> redirect /msadc http://www.microsoft.com * redirect any request to a 'cmd.exe' file to microsoft >> RedirectMatch (.*)\cmd.exe$ http://www.microsoft.com$1 USING MOD REWRITE .... @@ http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html solving specific problems using the rewrite module @@ http://www.tutorio.com/tutorial/enable-mod-rewrite-on-apache how to enable the rewrite module * redirect filenames ending in ".txt.html" to the cgi script 'text2html.cgi' >> RewriteRule ^(.*)\.txt\.html$ /cgi-bin/text2html.cgi?$1 For example a request to >> www.server.org/path/file.txt.html Is translated to >> www.server.org/cgi-bin/text2html.cgi?path/file.txt.html * redirect 'www.m.org' to 'www.m.org/cgi-bin/test.cgi? >> RewriteRule ^$ /cgi-bin/test.cgi?$1 * allow editing of the '.htaccess' file (probably not a great idea) >> RewriteRule ^htaccess$ /cgi-bin/edit.cgi?../htdocs/.htaccess If the user makes a request to 'www.m.org/htaccess' she will be redirected to 'www.m.org/cgi-bin/edit.cgi?../htdocs/.htaccess. If the 'edit.cgi' script allows editing of files, then this is one, extremely insecure way of update the '.htaccess' file. CONDITIONAL REDIRECTIONS .... * redirect requests from 192.12.131.1 to the page 'about.html' .,, SetEnvIf REMOTE_ADDR 192.12.131.1 REDIR="redir" RewriteCond %{REDIR} redir RewriteRule ^/$ /about.html ,,, DENYING ACCESS In some cases it is advisable to disallow any web-access to a file on the web-server. * deny access from anybody to a web-folder >> deny from all * forbidd access to all files with a '.cfg' filename extension -------------------------------------------------------------- <Files ~ "\.(cfg)$"> order allow,deny deny from all </Files> ,,, * forbid access for anyone to the file 'config.inc.php' ------------------------------------------------------- <Files config.inc.php> order allow,deny deny from all </Files> ,,, ALLOW ACCESS BY IP ADDRESS Allow connections only from the ip address 192.126.12.199 .,, order allow deny deny from all allow from 192.126.12.199 ,,, USING BASIC AUTHENTICATION .... @@ http://www.htpasswdgenerator.com/apache/htaccess.html a simple introduction to the htaccess file * create a password file for user 'jon' to use with basic authentication >> htpasswd -c /path/to/passwordfile jon * place the text 'restricted zone' in the title bar of the login box >> AuthName "restricted zone" * set a password for the file 'private.txt' ------------------------------------------- <Files private.txt> AuthName "Users zone" AuthType Basic AuthUserFile /pub/home/your_login/.htpasswd </Files> ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd <Files ~ "\.x\.cgi$"> Require valid-user </Files> ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd <Files ~ "\.x\.cgi$"> Require valid-user </Files> ,,, * require a password to access all files which end with 'cgi' or 'txt' --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile /home/users/www/.htpasswd <Files ~ "\.(cgi|txt)$"> Require valid-user </Files> ,,, * require a password to access an entire folder ----------------------------------------------- AuthName "Private zone" AuthType Basic AuthUserFile /pub/home/user/.htpasswd require valid-user ,,, This should be placed in a '.htaccess' file in the folder which you wish to protect, or else in a <directory> tag in the global configuration file. LOG FILES == log file tools .. ip2host - substitute servernames for ip addresses in the log files .. jdresolv - alternative to logresolv .. logstalgia - access log visualizer .. visitors - access log analyser .. vlogger - log file rotator * show the apache2 error log on a debian-style linux system >> less /var/log/apache2/error.log * look in configuration files to see where the error log file is >> grep -sri errorlog /etc/apache2 MONITORING == apache webserver monitoring tools .. apachetop .. LOAD TESTING == .. jmeter - load testing and metering OTHER WEB SERVERS == some alternatives to apache .. mini-httpd - a small server with cgi .. lighttpd - small server .. cherokee - another one .. nanoweb - web server written in php (!?) .. nginx - .. NOTES * restart apache only if config works >> alias restart='apache2ctl configtest && apache2ctl restart' * List apache2 virtualhosts >> /usr/sbin/apache2ctl -S 2>&1 | perl -ne 'm@.*port\s+([0-9]+)\s+\w+\s+(\S+)\s+\((.+):.*@ && do { print "$2:$1\n\t$3\n"; $root = qx{grep DocumentRoot $3}; $root =~ s/^\s+//; print "\t$root\n" };' * Restart the web server gracefully >> apache2ctl graceful DOCUMENT-NOTES: # this section contains information about the document and # will not normally be printed. # A small (16x16) icon image to identify the book document-icon: # A larger image to identify or illustrate the title page document-image: # what sort of document is this document-type: book # in what kind of state (good or bad) is this document document-quality: just beginning # work which has been carried out on this document document-history: @@ 2009 document begun, in a very rudimentary fashion. @@ jan 29, 2010 adding some configuration information # who wrote this authors: mjbishop at fastmail dot fm # a short description of the contents, possible used for doc lists short-description: how to administer the apache web server # the script which will be used to produce html (a webpage) make-html: booktohtml.cgi # the script which will produce 'LaTeX' output (for printing, pdf etc) make-latex: booktolatex.cgi * Watch for when your web server returns >> watch -n 15 curl -s --connect-timeout 10 http://www.google.com/ * Analyse an Apache access log for the most common IP addresses >> tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail