The Apache Web Server
------------------------:

The apache web server is the most widely used webserver on the internet. It is a large program with a myriad of configuration options and other tools.

GETTING HELP

The apache webserver has very detailed documentation which should (eventually) help you out of any tight spots.

@@ http://httpd.apache.org/docs/2.2/ official documentation for apache version 2.2

* install documentation for apache2 on a debian style linux
>> sudo apt-get install apache2-doc

* show options which can be used with apache
>> man apache2
>> man apache ##(the same, for an older version)

INSTALLATION

* install apache version 2 on a debian-style linux
>> sudo apt-get install apache2
>> sudo aptitude install apache2 ##(the same)

* test the installation from the webserver computer itself
>> firefox
>> firefox localhost

* see what the status (running, stopped etc) of the webserver is
>> sudo apache2ctl status

LAMP INSTALLATION
....

* install Apache2 wth the MySQL database server and PHP on a 'debian' system
>> sudo tasksel install lamp-server

@@ http://www.ubuntugeek.com/how-to-install-apache2-webserver-with-phpcgi-and-perl-support-in-ubuntu-server.html how to install apache2 with php and cgi but not mysql

SYMBOLIC LINKS

* make apache serve documents referenced by unix-style symbolic links
>> options followsymlinks

CGI CONFIGURATION

* execute all scripts in the folder as cgi scripts
>> ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

* allow cgi execution of '.cgi' and '.pl' in a particular folder
----------------------------------------------------------------
<Directory /path/to/folder>
  Options +ExecCGI
  AddHandler cgi-script .cgi .pl
</Directory>
,,,

* all cgi execution of all files in all user cgi-bin folders
------------------------------------------------------------
<Directory /home/*/public_html/cgi-bin>
  Options ExecCGI
  SetHandler cgi-script
</Directory>
,,,

* a perl script to show all environment variables
-------------------------------------------------
#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
  print "$key $ENV{$key}<br>";
}
,,,
"; \} ,,, PERL CGI SUPPORT .... @@ \url{http://slashdot.org} an example of a site using the apache perl module with the web server and perl scripts * install the perl-cgi module for apache >> sudo aptitude install libapache2-mod-perl2 * create a cgi folder >> sudo mkdir \texttt{/home/www/cgi-bin} * add to the virtual host configuration --------------------------------------- ScriptAlias \texttt{/cgi-bin/} \texttt{/home/www/cgi-bin/} } Options ExecCGI AddHandler cgi-script cgi pl ,,, * test perl cgi support ----------------------- cd \texttt{/home/www/cgi-bin} sudo vim test.pl \\#!/usr/bin/perl -w print "Content-type: text/html\\$\\backslash\\$r\\$\\backslash\\$n\\$\\backslash\\$r\\$\\backslash\\$n"; print "Hello there!\\$\\backslash\\$n"; sudo chmod a+x test.pl lynx \url{http://yourserverip/cgi-bin/test.pl} ,,, PHP INSTALLATION .... * install php5 to run with apache >> sudo aptitiude install php5 libapache2-mod-php5 * install php4 to run with apache >> sudo aptitiude install php4 libapache2-mod-php4 * load the php4 or 5 modules into apache >> sudo a2enmod php5 >> sudo a2enmod php4 * test if the php installation worked swimmingly >> sudo nano \texttt{/var/www/testphp.php} >> add the line '' >> lynx \url{http://localhost/testphp.php} STARTING AND STOPPING THE SERVER * restart the apache server >> sudo apache2ctl restart CONFIGURATION TOOLS \title{} \author{bumble.sourceforge.net} \maketitle \tableofcontents some configuration tools .. rapache - graphical configuration .. MODULES @@ \url{} the location of module documentation when apache2 documentation has been installed in the webserver @@ \url{http://www.debian-administration.org/articles/136} how to enable a module * show all loaded modules >> apache2ctl -M >> apachectl -M \\#\\#(the same for older version of apache) >> httpd -M \\#\\#(for old versions of apache) * show which modules are enabled >> ls \texttt{/etc/apache2/mods-enabled/} * load the php4 module into apache >> sudo a2enmod php4; sudo apache2ctl restart HTACCESS CONFIGURATION To check if .htaccess files are actually being considered put junk in them and restart the server. * allow .htaccess files to have effect >> AllowOverride all * prevent the directives in '.htaccess' files from having any effect >> AllowOverride None GLOBAL CONFIGURATION * show options for apache2 (which can be used with apache2ctl as well) >> man apache2 * show where the global configuration file is >> apache2ctl -V | grep SERVER\\_CONFIG\\_FILE * show verbose information about the installation >> apache2ctl -V * edit the apache2 global configuration file >> sudo nano \texttt{/etc/apache2/apache2.conf} >> sudo vim \texttt{/etc/apache2/apache2.conf} \\#\\#(for the intrepid) * change the default document root to '/home/www/' >> DocumentRoot \texttt{/home/www/} >> and the following tag >> } >> ... >> * edit the configuration file for a virtual host >> sudo vim \texttt{/etc/apache2/sites-available/default} ALIASES REDIRECTIONS * place redirections in the ".htaccess" file >> Redirect / \url{http://www.site.com} * redirect any requests to '/msadc' to microsoft >> redirect /msadc \url{http://www.microsoft.com} * redirect any request to a 'cmd.exe' file to microsoft >> RedirectMatch (.*)\\$\\backslash\\$cmd.exe\\$ \url{http://www.microsoft.com\\$1} USING MOD REWRITE .... @@ \url{http://httpd.apache.org/docs/2.2/rewrite/rewrite\\_guide.html} solving specific problems using the rewrite module @@ \url{http://www.tutorio.com/tutorial/enable-mod-rewrite-on-apache} how to enable the rewrite module * redirect filenames ending in ".txt.html" to the cgi script 'text2html.cgi' >> RewriteRule \\^(.*)\\$\\backslash\\$.txt\\$\\backslash\\$.html\\$ \texttt{/cgi-bin/text2html.cgi?\\$1} For example a request to >> \url{http://www.server.org/path/file.txt.html} Is translated to >> \url{http://www.server.org/cgi-bin/text2html.cgi?path/file.txt.html} * redirect 'www.m.org' to 'www.m.org/cgi-bin/test.cgi? >> RewriteRule \\^\\$ \texttt{/cgi-bin/test.cgi?\\$1} * allow editing of the '.htaccess' file (probably not a great idea) >> RewriteRule \\^htaccess\\$ \texttt{/cgi-bin/edit.cgi?../htdocs/.htaccess} If the user makes a request to 'www.m.org/htaccess' she will be redirected to 'www.m.org/cgi-bin/edit.cgi?../htdocs/.htaccess. If the 'edit.cgi' script allows editing of files, then this is one, extremely insecure way of update the '.htaccess' file. CONDITIONAL REDIRECTIONS .... * redirect requests from to the page 'about.html' .,, SetEnvIf REMOTE\\_ADDR REDIR="redir" RewriteCond \\%\{REDIR\} redir RewriteRule \\^/\\$ /about.html ,,, DENYING ACCESS In some cases it is advisable to disallow any web-access to a file on the web-server. * deny access from anybody to a web-folder >> deny from all * forbidd access to all files with a '.cfg' filename extension -------------------------------------------------------------- order allow,deny deny from all ,,, * forbid access for anyone to the file 'config.inc.php' ------------------------------------------------------- order allow,deny deny from all ,,, ALLOW ACCESS BY IP ADDRESS Allow connections only from the ip address .,, order allow deny deny from all allow from ,,, USING BASIC AUTHENTICATION .... @@ \url{http://www.htpasswdgenerator.com/apache/htaccess.html} a simple introduction to the htaccess file * create a password file for user 'jon' to use with basic authentication >> htpasswd -c \texttt{/path/to/passwordfile} jon * place the text 'restricted zone' in the title bar of the login box >> AuthName "restricted zone" * set a password for the file 'private.txt' ------------------------------------------- AuthName "Users zone" AuthType Basic AuthUserFile \texttt{/pub/home/your\\_login/.htpasswd} ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile \texttt{/home/users/www/.htpasswd} Require valid-user ,,, * require a password to access all files which end with "x.cgi" --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile \texttt{/home/users/www/.htpasswd} Require valid-user ,,, * require a password to access all files which end with 'cgi' or 'txt' --------------------------------------------------------------- AuthType Basic AuthName "Password Protected" AuthUserFile \texttt{/home/users/www/.htpasswd} Require valid-user ,,, * require a password to access an entire folder ----------------------------------------------- AuthName "Private zone" AuthType Basic AuthUserFile \texttt{/pub/home/user/.htpasswd} require valid-user ,,, This should be placed in a '.htaccess' file in the folder which you wish to protect, or else in a tag in the global configuration file. LOG FILES

log file tools
..
ip2host - substitute servernames for ip addresses in the log files
..
jdresolv - alternative to logresolv
..
logstalgia - access log visualizer
..
visitors - access log analyser
..
vlogger - log file rotator

* show the apache2 error log on a debian-style linux system
>> less /var/log/apache2/error.log

* look in configuration files to see where the error log file is
>> grep -sri errorlog /etc/apache2

MONITORING

apache webserver monitoring tools
..
apachetop
.. LOAD TESTING

..
jmeter - load testing and metering

OTHER WEB SERVERS

some alternatives to apache
..
mini-httpd - a small server with cgi
..
lighttpd - small server
..
cherokee - another one
..
nanoweb - web server written in php (!?)
..
nginx -
.. NOTES

* restart apache only if config works
>> alias restart='apache2ctl configtest && apache2ctl restart'

* List apache2 virtualhosts
>> /usr/sbin/apache2ctl -S 2>&1 | perl -ne 'm@.*port\s+([0-9]+)\s+\w+\s+(\S+)\s+\$((.+):.*@ && do { print "$2:$1\n\t$3\n"; $root = qx{grep DocumentRoot $3}; $root =~ s/^\s+//; print "\t$root\n" };'

* Restart the web server gracefully
>> apache2ctl graceful

* Watch for when your web server returns
>> watch -n 15 curl -s --connect-timeout 10 http://www.google.com/

* Analyse an Apache access log for the most common IP addresses
>> tail -10000 access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail