Archive for the ‘Webserver’ Category
Apache mod-security installation on Debian 6.0 (squeeze)
Install the apache mod-security 2 module with apt from the Debian repositories
apt-get install libapache-mod-security
Create the folder for the mod-security configuration files
mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security
Download and unpack the mod-security rules
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs
Configure apache to load the activated mod-security rules
vi /etc/apache2/conf.d/mod-security.conf
Include /etc/apache2/mod-security/*.conf
To enable mod-security, edit the file
vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf
and remove the # in front of the line:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Then reload apache.
/etc/init.d/apache2 force-reload
Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.
tail /var/log/apache2/modsec_audit.log
You will see very likely some falsely blocked URL’s. To whitelist them, you can add the ID’s of the rules that should not be used in the whitelist file.
Example:
vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
SecRuleRemoveById 960015
SecRuleRemoveById 960016
nginx server error: 413 Request Entity Too Large
The nginx webserver has a max. body size limit of 1 MB for requests as default. This might be too low for file uploads in scripts and you will see the following error message when you try to upload a file:
413 Request Entity Too Large
The configuration variable for this option is “client_max_body_size” and it can be set in the http, server and location sections of the nginx configuration file. To set the Limit globally to 25 MB, edit the nginx.conf file and add:
client_max_body_size 20M;
in the http section.
Example for Ubuntu Linux:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048; client_max_body_size 20M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}Webalizer: Error Opening file /usr/share/GeoIP/GeoIP.dat on Debian Linux
The webalizer package in Debain 6 has currently small bug as the required package for the GeoIP database is not installed automatically when webalizer is isntalled. The symptoms are that webalizer statistics are not created and this error message is displayed when webalizer is run:
Error Opening file /usr/share/GeoIP/GeoIP.dat
The solution is to install the missing package manually:
apt-get install geoip-database
Redirect http requests to a new folder with apache rewrite rules
When you reorganize the structure of a website, you might want to redirect requests to files in a old folder to a new one without loosing the pagerank. In this example, I will redirect all requests from directory “olddir” to directory “newdir”, so that requests like http://www.yourdomain.tld/olddir/page.htm get redirected to http://www.yourdomain.tld/newdir/page.htm without loosing the Google pagerank of the pages.
The following rewrite rules can be added into a .htaccess file in the website directory or in the vhost configuration.
RewriteEngine on
RewriteRule ^olddir/(.*)$ newdir/$1 [R=301,L]
This rewrite rule redirects automatically all requests to pages or subdirectorys of “olddir” to the same page or subdirectory in “newdir”.
Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive
The following guide explains the installation of the apache module “mod_evasive”. Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.
Installation
apt-get install libapache2-mod-evasive
Create the log directory for mod_evasive
mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive
Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load
vi /etc/apache2/mods-available/mod-evasive.load
so that it looks like this:
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 5
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir “/var/log/apache2/evasive”
and restart apache:
/etc/init.d/apache2 restart
How to change the language of AWStats statistics on Debian Linux (ISPConfig 3)
To change the language of the website statistics generated by AWStats on a Debian Linux server to e.g. german (de), edit the /etc/awstats/awstats.conf file:
nano /etc/awstats/awstats.conf
and change the value of the “Lang” variable. To change the languge to e.g. German, cahnge:
Lang=”auto”
to
Lang=”de”
The website statistics are generated nightly on a ISPConfig 3 server, so it may take up to 24 hours until the statistics will show up in German language.
Thanks to PlaNet Fox for this FAQ.
How to solve the PHP XCache error: /dev/zero: No space left on device
If you get the error “/dev/zero: No space left on device” in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.
Edit the file /etc/php5/conf.d/xcache.ini
vi /etc/php5/conf.d/xcache.ini
and check the mm_path. On a OpenVZ virtual machine it should be set to “/tmp/xcache” as /dev/zero might not work correctly in a virtual machine:
xcache.mmap_path = “/tmp/xcache”
Then restart apache2:
/etc/init.d/apache2 restart
and check if the error has been resolved.
If the roor still occurs after some time, you will have to reduce the xcache.size.
Edite the xcache.ini file:
vi /etc/php5/conf.d/xcache.ini
and set xcache.size to e.g. 8 MB
xcache.size = 8M
Then restart apache2:
/etc/init.d/apache2 restart
How to enable the new multisite feature in WordPress 3.0
If you recently updated to or installed WordPress 3.0, you might wonder where the menu for Multisite feature is. By default, these new functions are disabled after a WordPress update, to enable them, edit the file wp-config.php and add the line
define(‘WP_ALLOW_MULTISITE’, true);
On your next login, you will see a new menu labeled “Super Admin” which contains the functions to add new sites to wordpress.
Apache webserver: redirect requests for domain.com to www.domain.com
Many webmasters want to redirect users that access their websites with “domain.tld” automatically to “www.domain.tld”. If you use the Apache web server, you can do this by using Apache rewrite rules.
Add a .htaccess file with the following content in the root directory of the website:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.domain\.com
RewriteRule (.*) http://www.domain.com/$1 [L,R=301]
If you use ISPConfig as hosting control panel, you can add these rules also in the Apache directives field of the website instead of a .htaccess file
Get a list of all virtual hosts which are defined in all apache configuration files
Have you ever searched where the virtual host of a website is defined in the apache config files? There is a handy option of the apache2ctl script which might help then. When you run the command:
apache2ctl -S
on the shell, you will get a list of all virtual hosts and default servers incl. the line number where it is defined. Example:
~# apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:8080 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10)
port 8080 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10)
*:8081 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10)
port 8081 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10)
*:80 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.vhost:7)
Syntax OK
Thanks to Planetfox for this tipp.