Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


"What are you talking about? "
"Never mind, eat the fruit. "
"You know, this place almost looks like the Garden of Eden."
"Eat the fruit. "
"Sounds quite like it too. "

Where will you go today?

"I don't know, " said the voice on the PA, "apathetic bloody planet, I've no sympathy at all. "

Apache Web Server

Performance Notes

Log File Options

Internal Redirect

Note that an Internal Rewrite gets the content for requested URL from a different server filepath than implied by the requested URL, while an External Redirect tells the client to ask for the requested content again using a new URL and HTTP request.

See also

The following is from


Mod_rewrite is an incredibly powerful module, and can do much much more than is covered here. This example will show how to redirect requests to another URL, perhaps on another port and/or host, perhaps running under a java servlet engine.

    DocumentRoot /var/www
    RewriteEngine on
    RewriteRule   ^/demo$ \ [P]
    RewriteRule   ^/demo/$ \ [P]

See also…

The .htaccess notes. Hotlink protection, Time Based Redirection, Cookie Password Protection

Here's a cheat sheet or see the mod_rewrite documentation for more info


This is an enhanced mod_proxy_html that is able to modify the contents of a page right before it is given to the client. See for more info.

(Works, but last update for Apache 2.2 was in 2005. Emailed developers about it July 3, 2008).


Mod_proxy can be used in two main ways, either as a proxy server similar to squid, or as a reverse proxy to forward http requests to another host. This example is forwarding requests for /demo off to another host, using the reverse proxy mode.

    ProxyPass        /demo/
    ProxyPassReverse /demo/

Note that for SELinux, you will also need to either make a module(recommended), or set the following booleen (Note that this may allow an attacker to route your web server to a remote location, so a module is better since it only opens up one port).

setsebool -P httpd_can_network_connect=1

This can also be done in system-config-selinux, under Booleen > HTTPD > “Allow HTTPD to connect to the network”.

Combining the Two

This example shows how it is possible to use both mod_rewrite and mod_proxy to access a host behind a firewall without having to worry too much about having ports in the URL.

    ProxyPass        /internal/
    ProxyPassReverse /internal/
    RewriteEngine on
    RewriteRule   ^/$ [P]

On the firewall box, you may need something like the following rules. This assumes you are running Linux 2.4, and hence using iptables.

# port forward for web from external webserver to internal
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp \
       --dport 80 -s -j DNAT \
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp \
      --dport 8081 -s -j DNAT \


The Web Robots Pages

Ways to Keep Your Content Hidden from the Search Engines

Robot Control Code Generation Tool *

How do I use a robots.txt file to control access to my site? - Google Webmaster Help Center

SSL Secure Connections

Secure Redirects

When you want to make a page secure, no matter what, add this to the config. It makes the browser go to the secure page, even if it was first accessed on the normal connection.

Unsafe, but easy way. It may still be able to connect insecurely.

Redirect permanent /

The better, more reliable way. Not only does it catch every request, but if one does get by, it denies it (and you get a nice phone call - But that's better than allowing private info to go over the web).

In your http.conf file, in your directory description.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule secure.* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

In your directory requring SSL, usually in ssl.conf, add this and any other SSL options.


Also make sure you have this in your config.

LoadModule rewrite_module modules/

See also


Running Name-Based SSL Virtual Hosts in Apache

SSL and Virtual Hosts


Example ssh.conf

SSL/TLS Strong Encryption: How-To

Apache SSL




There are other ways to authenticate


Keep out those spammers.

Return 503 Status with Apache

Sometime you want to do some heavy work on a virtual host and don't want anyone access your page. But you can't shut down your whole server and don't want to use any redirects to avoid confusing search engine spiders. Well the correct HTTP status code to return is a 503 - Service temporary unavailable.

To do this create the following shellscript named 503.php:

header("HTTP/1.1 503 Service Temporarily Unavailable");
header("Status: 503 Service Temporarily Unavailable");
header("Retry-After: 3600");
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
<html xml:lang="en" lang="en" xmlns="">
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <title>Site upgrade in progress</title>
 <meta name="robots" content="none" />
  <h1>Site upgrade in progress</h1>
  <p>This site is being upgraded, and can’t currently be accessed.</p>
  <p>It should be back up and running very soon. Please check back in a bit!</p>
  <hr />

Then add this to your virtual host config and reload Apache:

  ScriptAlias /  /path/to/your/503.php/

Please note the trailing slash! It's needed!

See also


Be sure to deny access to your system by default using

<Directory />
  Options none
  AllowOverride none
  Order deny,allow
  Deny from all

Multiple Installations


computers/websites/apache-webserver.txt · Last modified: Nov 2, 2015 (3 years ago) by Matt Bagley