Archive for the ‘Apache’ Category

« Older Entries

Installing MySQL, Apache and PHP in Solaris 10

Monday, December 11th, 2006 by karkoma

This is a quick guide to install PHP4, MySQL4 and Apache2 in Solaris 10. In order to facilitate the management and installation of packages we will use the pkg-get tool. pkg-get is a tool to automate download and installation of binary packages, for example from Blastwave an Open Source software repository for Solaris.

Our first task will be the installation of pkg-get. At Blastwave you’ll find a complete guide on how to undertake this task. Briefly:

cd /tmp
/usr/sfw/bin/wget http://www.blastwave.org/pkg_get.pkg
pkgadd -d pkg_get.pkg all
/usr/sfw/bin/wget http://www.blastwave.org/wget-i386.bin
chmod 755 wget-i386.bin

PATH=/tmp:/opt/csw/bin:/usr/sbin:/usr/bin:

\ /usr/dt/bin:/usr/openwin/bin:/usr/ccs/bin
export PATH

vi /opt/csw/etc/pkg-get.conf

Pick a mirror next to you. Then:

pkg-get -i wget

PATH=/opt/csw/bin:/usr/sbin:/usr/bin:/usr/dt/bin:

\ /usr/openwin/bin:/usr/ccs/bin
export PATH

And now you may install other packages. But let’s focus in our target.

As Solaris 10 comes with MySQL and Apache installed by default, first we are going to uninstall them. Take a look at your system:

pkginfo | grep -i apache

system SUNWaclg Apache Common Logging
system SUNWapch2d Apache Web Server V2 Documentation
system SUNWapch2r Apache Web Server V2 (root)
system SUNWapch2u Apache Web Server V2 (usr)
system SUNWapchd Apache Web Server Documentation
system SUNWapchr Apache Web Server (root)
system SUNWapchu Apache Web Server (usr)

pkginfo | grep -i mysql

system SUNWmysqlr mysql - MySQL Database Management System (root component)
system SUNWmysqlt mysql - MySQL Database Management System (test component)
system SUNWmysqlu mysql - MySQL Database Management System (usr component)

Next task would be to uninstall these packages. Proceed as follows:

pkgrm SUNWaclg SUNWapch2d SUNWapch2r SUNWapch2u SUNWapchd SUNWapchr SUNWapchu
pkgrm SUNWmysqlr SUNWmysqlt SUNWmysqlu

Finally, install Apache, MySQL and PHP from pkg-get:

pkg-get -i apache2 mysql4 php4 mod_php

That’s all. Now configure the software as usual. Note that packages installed with pkg-get reside in /opt/csw, so I recommed adding something like this to your /etc/profile:

PATH=/opt/csw/bin:/opt/csw/mysql4/bin:$PATH
export PATH

More info:

pkg-get installation howto
pkg-get users guide
Customizing Your Working Environment

Posted by karkoma in Apache, MySQL, Solaris | 1 Comment »

Redirect HTTP to HTTPS

Saturday, August 6th, 2005 by karkoma

This little trick will show you how to configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.karkomaonline.com to https://www.karkomaonline.com.

Add this directives to you configuration file:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

Posted by karkoma in Apache | 1 Comment »

mod_rewrite serve pages depending on time

Friday, April 1st, 2005 by sigix

Apache’s mod_rewrite can be used to serve pages depending on the time.

RewriteEngine on
RewriteCond %{TIME_HOUR}%{TIME_MIN} >2300
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1900
RewriteRule ^index.php$ day.html
RewriteRule ^index.php$ night.html

When request for index.php is made then to corresponding time day.html or night.html page is served.

Posted by sigix in Apache | No Comments »

Memory allocation DOS

Monday, July 12th, 2004 by karkoma

A bug in Apache 2.0.49 may allow a remote attacker to perform a Denial of Service attack by exhausting memory. It seems that 1.3.x releases are safe.

For more information:

Posted by karkoma in Apache, Security | No Comments »

Gracefully restarting Apache

Monday, June 14th, 2004 by karkoma

When you restart your Apache by issuing…

apachectl restart

or

/etc/init.d/apache restart

the httpd daemon is stopped and started again closing currently open connections.

There is a way to restart Apache’s http daemon keeping current connections opened. Simply type:

apachectl graceful

This is useful if you changed the httpd.conf configuration file and want Apache to re-read it keeping connections.

Posted by karkoma in Apache | 1 Comment »

Apache as an open proxy?

Sunday, April 25th, 2004 by karkoma

If you have seen entries in your access.log file like this one…

a.b.c.d - - [24/Apr/2004:23:00:00 +0200] “GET http://www.google.com/” 200 46124

This means that a.b.c.d is trying to access www.google.com using your Apache as a proxy. As you can see the response status 200 indicates success and the data returned is 46124 bytes long.

If you don’t want your server to be used as a forward proxy make sure that ProxyRequests directive is set to Off, even better do not load mod_proxy module.

Despite the fact the entry shown in the previous example says that the request succeded, this is not necessarily true. Try the following to test your server:

telnet www.yoursite.com 80
GET http://www.google.com/

Watch the access.log file. If you see the code status 200, compare the bytes returned by Apache (the last field in the log entry) with your homepage size (your index.html). If they match, Apache is serving your homepage instead of forwarding the request to google. If they don’t, probably your Apache is an open forwarding proxy.

References:

Posted by karkoma in Apache, Security | No Comments »

Monitoring Apache activity

Wednesday, March 24th, 2004 by karkoma

The Apache mod_status module provides useful information to find out the activity and performance of the HTTP daemon.

To watch the activity of your Apache webserver edit httpd.conf or apache2.conf or whatever is named in your environment and add the following:

(more…)

Posted by karkoma in Apache | No Comments »

Identifying the process that served a request

Sunday, February 1st, 2004 by karkoma

In some situations it is very useful to know what request was processed by a given PID (process id) in your Apache box to identify undesirable behaviour such as too memory usage, CPU load, etc.

Apache can log the process ID of the child that serviced a request. It’s very easy. Simply edit your httpd.conf configuration file and add or modify the following:

LogFormat “%h %l %u %t %P “%r” %>s %b “%{Referer}i” “%{User-Agent}i”" combined

Then tell Apache to reload the configuration file:

/etc/init.d/apache reload

Note the %P directive in the format string, which is replaced in the log file by the value of the process ID that processes the request.
References:

Posted by karkoma in Apache | No Comments »

Apache: Customizing error responses

Wednesday, November 19th, 2003 by karkoma

Apache provides the possibility to customize the HTTP error codes returned to your clients. If you hate the default error messages that Apache displays or you simply want to fit those messages to your own needs, read on…

The easiest way to start is by simply adding the following lines to your httpd.conf configuration file:

(more…)

Posted by karkoma in Apache | No Comments »

Apache ServerTokens

Monday, November 17th, 2003 by karkoma

The Apache’s ServerTokens directive controls whether Server response header field which is sent back to clients, includes a description of the generic OS-type of the server as well as information about compiled-in modules.

As many worms/viruses check the Server header before attempting an exploit in order to choose the best attack available, it could be a good idea to provide the minimal information possible (the default is to provide full information). Edit your httpd.conf and add the following:

ServerTokens Prod

This will only send the string Apache in the Server header.

Note that this would not stop skilled bad guys, but would slow down those kiddies playing around.

Posted by karkoma in Apache, Security | No Comments »

« Older Entries