Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

BOOK ...Man had always assumed that he was more intelligent than dolphins because he had achieved so much... the wheel, New York, wars, and so on, whilst all the dolphins had ever done was muck about in the water having a good time. But conversely the dolphins believed themselves to be more intelligent than man for precisely the same reasons.



Where will you go today?

"`This must be Thursday,' said Arthur to himself, sinking low over his beer, `I never could get the hang of Thursdays.'"

- Arthur, on what was to be his last Thursday on Earth.
computers:websites:apache-webserver

Apache Web Server

Performance Notes

Log File Options

Internal Redirect

Note that an Internal Rewrite gets the content for requested URL from a different server filepath than implied by the requested URL, while an External Redirect tells the client to ask for the requested content again using a new URL and HTTP request.

See also

The following is from http://quark.humbug.org.au/publications/apache/apache-redirect.html

mod_rewrite

Mod_rewrite is an incredibly powerful module, and can do much much more than is covered here. This example will show how to redirect requests to another URL, perhaps on another port and/or host, perhaps running under a java servlet engine.

<VirtualHost 192.168.1.1>
    ServerName demo.example.com
    DocumentRoot /var/www
    RewriteEngine on
    RewriteRule   ^/demo$ \ 
       http://java.example.com:8081/servlet/ [P]
    RewriteRule   ^/demo/$ \
       http://java.example.com:8081/servlet/ [P]
</VirtualHost>

See also…

The .htaccess notes. Hotlink protection, Time Based Redirection, Cookie Password Protection

Here's a cheat sheet or see the mod_rewrite documentation for more info

mod_publisher

This is an enhanced mod_proxy_html that is able to modify the contents of a page right before it is given to the client. See http://apache.webthing.com/mod_publisher/ for more info.

(Works, but last update for Apache 2.2 was in 2005. Emailed developers about it July 3, 2008).

mod_proxy

Mod_proxy can be used in two main ways, either as a proxy server similar to squid, or as a reverse proxy to forward http requests to another host. This example is forwarding requests for /demo off to another host, using the reverse proxy mode.

<VirtualHost 192.168.2.1>
    ServerName proxy.example.com
    ProxyPass        /demo/ http://host.example.com:8081/demo/
    ProxyPassReverse /demo/ http://host.example.com:8081/demo/
</VirtualHost>

Note that for SELinux, you will also need to either make a module(recommended), or set the following booleen (Note that this may allow an attacker to route your web server to a remote location, so a module is better since it only opens up one port).

setsebool -P httpd_can_network_connect=1

This can also be done in system-config-selinux, under Booleen > HTTPD > “Allow HTTPD to connect to the network”.

Combining the Two

This example shows how it is possible to use both mod_rewrite and mod_proxy to access a host behind a firewall without having to worry too much about having ports in the URL.

<VirtualHost 192.168.1.2>
    ServerName virtual.example.com
    ProxyPass        /internal/ http://firewall.example.com/
    ProxyPassReverse /internal/ http://firewall.example.com/
    
    RewriteEngine on
    RewriteRule   ^/$ http://virtual.example.com/internal/ [P]
</VirtualHost>

On the firewall box, you may need something like the following rules. This assumes you are running Linux 2.4, and hence using iptables.

# port forward for web from external webserver to internal
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp \
       --dport 80 -s web.example.com -j DNAT \
       --to 192.168.1.2
/sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp \
      --dport 8081 -s web.example.com -j DNAT \
      --to 192.168.1.2

Robots.txt

The Web Robots Pages

Ways to Keep Your Content Hidden from the Search Engines

Robot Control Code Generation Tool * http://www.mcanerin.com/EN/search-engine/robots-txt.asp

How do I use a robots.txt file to control access to my site? - Google Webmaster Help Center

SSL Secure Connections

Secure Redirects

When you want to make a page secure, no matter what, add this to the config. It makes the browser go to the secure page, even if it was first accessed on the normal connection.

Unsafe, but easy way. It may still be able to connect insecurely.

Redirect permanent / https://mail.nixcraft.com/

The better, more reliable way. Not only does it catch every request, but if one does get by, it denies it (and you get a nice phone call - But that's better than allowing private info to go over the web).

In your http.conf file, in your directory description.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule secure.* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

In your directory requring SSL, usually in ssl.conf, add this and any other SSL options.

SSLRequireSSL

Also make sure you have this in your config.

LoadModule rewrite_module modules/mod_rewrite.so

See also

Info

Running Name-Based SSL Virtual Hosts in Apache

SSL and Virtual Hosts

Howto

Example ssh.conf

SSL/TLS Strong Encryption: How-To

Apache SSL

http://www.geotrusteurope.com/support/install/install_apache.htm

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-on-arch-linux

Authentication

Internal

Others

There are other ways to authenticate

CAPTCHA

Keep out those spammers.

http://www.linux.com/feature/131925

Return 503 Status with Apache

Sometime you want to do some heavy work on a virtual host and don't want anyone access your page. But you can't shut down your whole server and don't want to use any redirects to avoid confusing search engine spiders. Well the correct HTTP status code to return is a 503 - Service temporary unavailable.

To do this create the following shellscript named 503.php:

<?php
header("HTTP/1.1 503 Service Temporarily Unavailable");
header("Status: 503 Service Temporarily Unavailable");
header("Retry-After: 3600");
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <title>Site upgrade in progress</title>
 <meta name="robots" content="none" />
</head>
 <body>
  <h1>Site upgrade in progress</h1>
  <p>This site is being upgraded, and can’t currently be accessed.</p>
  <p>It should be back up and running very soon. Please check back in a bit!</p>
  <hr />
 </body>
</html>

Then add this to your virtual host config and reload Apache:

  ScriptAlias /  /path/to/your/503.php/

Please note the trailing slash! It's needed!

See also http://www.cyberciti.biz/tips/howto-disable-site-for-maintenance-with-503-error.html

Security

Be sure to deny access to your system by default using

<Directory />
  Options none
  AllowOverride none
  Order deny,allow
  Deny from all
</Directory>

Multiple Installations

Sources

computers/websites/apache-webserver.txt · Last modified: Nov 2, 2015 (3 years ago) by Matt Bagley