Enable image caching in apache for better Google Page Speed results

High page speed and short page load times of your website are essential for good search engine rankings today. In this FAQ, I will show you how to enable caching of graphic and CSS files in apache on Ubuntu and Debian.

The first step is to enable the expires module in apache:

a2enmod headers expires

This module allows the apache web server to set HTTP headers, in this case, to set the modification header for static assets like image and CSS files that don't change often.

Add the following config snippet inside the vhost file of the web site or at the end of the file /etc/apache2/apache2.conf to enable it globally.

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=3024000, public"

Finally reload apache to apply the configuration change.

service apache2 reload

On ISPConfig 3 servers, the snippet can be added in the "Apache Directives" field of the website instead. There is no apache reload required as ISPConfig takes care about that.

Apache mod_security settings for WordPress and ModX

If you use the apache mod_security module on your apache server, you might encounter wrong 403 errors for several URL's of the cms systems. Here are some exception rules to avoid that:

For WordPress Blogs

<locationmatch "/wp-admin/admin-ajax.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

<locationmatch "/wp-admin/page.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

<locationmatch "/wp-admin/post.php">
SecRuleRemoveById 300013
SecRuleRemoveById 300015
SecRuleRemoveById 300016
SecRuleRemoveById 300017

For the ModX CMS

<LocationMatch "/manager/index.php">
SecRuleRemoveById 300016

<LocationMatch "/connectors/resource/index.php">
SecRuleRemoveById 300013 300014 300015 300016

<LocationMatch "/connectors/element/tv.php">
SecRuleRemoveById 300013 300016

Add these rules inside the vhost file of the website. If you use ISPConfig to manage the server, then add the rules in the apache directives field of the website settings in ispconfig.

Many thanks to PlanetFox for providing the rules.

Fix “HTTP request length 134926 (so far) exceeds MaxRequestLen” error on Debian Linux

When you get a 500 error in a webpage hosted on Debian Linux (6.0) with apache webserver and fastcgi, take a look into the apache error.log file. This can either be the global error.log or the error.log of the website where you got the error. If you find a error similar to this one:

[Fri Apr 10 15:18:05 2012] [warn] [client] mod_fcgid: HTTP request length 134926 (so far) exceeds MaxRequestLen (131072), referer: http://www.example.tld/administrator/index.php?option=com_installer

then the MaxRequestLen setting of mod_fccgid is too low. To fix that, edit the file /etc/apache2/mods-available/fcgid.conf

vi /etc/apache2/mods-available/fcgid.conf

and add or edit the line "MaxRequestLen 15728640" to set the Request Limit to 15MB. The resulting file should contain these settings:

 AddHandler fcgid-script .fcgi
 FcgidConnectTimeout 20
 MaxRequestLen 15728640

Save the changes and restart apache:

/etc/init.d/apache2 restart

Apache mod-security installation on Debian 6.0 (squeeze)

Install the apache mod-security 2 module with apt from the Debian repositories

apt-get install libapache-mod-security

Create the folder for the mod-security configuration files

mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security

Download and unpack the mod-security rules

cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs

Configure apache to load the activated mod-security rules

vi /etc/apache2/conf.d/mod-security.conf

Include /etc/apache2/mod-security/*.conf

To enable mod-security, edit the file

vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf

and remove the # in front of the line:

SecDefaultAction "phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"

Then reload apache.

/etc/init.d/apache2 force-reload

Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.

tail /var/log/apache2/modsec_audit.log

You will see very likely some falsely blocked URL's. To whitelist them, you can add the ID's of the rules that should not be used in the whitelist file.


vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf

SecRuleRemoveById 960015
SecRuleRemoveById 960016

nginx server error: 413 Request Entity Too Large

The nginx webserver has a max. body size limit of 1 MB for requests as default. This might be too low for file uploads in scripts and you will see the following error message when you try to upload a file:

 413 Request Entity Too Large

The configuration variable for this option is "client_max_body_size" and it can be set in the http, server and location sections of the nginx configuration file. To set the Limit globally to 25 MB, edit the nginx.conf file and add:

client_max_body_size 20M;

in the http section.

Example for Ubuntu Linux:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;

http {
        geoip_country  /etc/nginx/geoip/GeoIP.dat; # the country IP database
        geoip_city     /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
        # Basic Settings

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        client_max_body_size 20M;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # Logging Settings

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        # Gzip Settings

        gzip on;
        gzip_disable "msie6";

        # Virtual Host Configs

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

Webalizer: Error Opening file /usr/share/GeoIP/GeoIP.dat on Debian Linux

The Webalizer package in Debian 6 has currently small bug as the required package for the  GeoIP database is not installed automatically when Webalizer is installed. The symptoms are that Webalizer statistics was not created and this error message is displayed when Webalizer is run:

Error Opening file /usr/share/GeoIP/GeoIP.dat

The solution is to install the missing package manually:

apt-get install geoip-database

Redirect http requests to a new folder with apache rewrite rules

When you reorganize the structure of a website, you might want to redirect requests to files in a old folder to a new one without loosing the pagerank. In this example, I will redirect all requests from directory "olddir" to directory "newdir", so that requests like http://www.yourdomain.tld/olddir/page.htm get redirected to http://www.yourdomain.tld/newdir/page.htm without loosing the Google pagerank of the pages.

The following rewrite rules can be added into a .htaccess file in the website directory or in the vhost configuration.

RewriteEngine on
RewriteRule ^olddir/(.*)$ newdir/$1 [R=301,L]

This rewrite rule redirects automatically all requests to pages or subdirectorys of "olddir" to the same page or subdirectory in "newdir".

Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive

The following guide explains the installation of the apache module "mod_evasive". Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.


apt-get install libapache2-mod-evasive

Create the log directory for mod_evasive

mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive

Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load

vi /etc/apache2/mods-available/mod-evasive.load

so that it looks like this:

LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 5
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir "/var/log/apache2/evasive"

and restart apache:

/etc/init.d/apache2 restart

How to change the language of AWStats statistics on Debian Linux (ISPConfig 3)

To change the language of the website statistics generated by AWStats on a Debian Linux server to e.g. german (de), edit the /etc/awstats/awstats.conf file:

nano /etc/awstats/awstats.conf

and change the value of the "Lang" variable. To change the languge to e.g. German, cahnge:




The website statistics are generated nightly on a ISPConfig 3 server, so it may take up to 24 hours until the statistics will show up in German language.

Thanks to PlaNet Fox for this FAQ.

How to solve the PHP XCache error: /dev/zero: No space left on device

If you get the error "/dev/zero: No space left on device" in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.

Edit the file /etc/php5/conf.d/xcache.ini

vi /etc/php5/conf.d/xcache.ini

and check the mm_path. On a OpenVZ virtual machine it should be set to "/tmp/xcache" as /dev/zero might not work correctly in a virtual machine:

xcache.mmap_path = "/tmp/xcache"

Then restart apache2:

/etc/init.d/apache2 restart

and check if the error has been resolved.

If the roor still occurs after some time, you will have to reduce the xcache.size.

Edite the xcache.ini file:

vi /etc/php5/conf.d/xcache.ini

and set xcache.size to e.g. 8 MB

xcache.size  =                8M

Then restart apache2:

/etc/init.d/apache2 restart