Category: Apache

How To Set Up Password Authentication in Apache2

sudo apt-get install apache2-utils ( FIRST USER only ( -c ) option to create file, or you will wipe all your existing logins !!! ) sudo htpasswd -c /etc/apache2/.htpasswd username1only sudo htpasswd /etc/apache2/.htpasswd username2etc Conventional setup sudo vi /etc/apache2/sites-enabled/000-default.conf ( In which case you must specify the Directory to be protected ) <Directory “/var/www/www.example.com/administrator”> AuthType Basic AuthName “Restricted Content” AuthUserFile...

Apache2 Custom 404 Page

Create a html page sudo vi /var/www/missing.html whateveryouwanttosay sudo chown www-data:www-data /var/www/missing.html sudo vi /etc/apache2/conf.d/localized-error-pages Uncomment #ErrorDocument 404 /missing.html sudo service apache2 restart

Harden Apache 2.2

sudo vi /etc/apache2/conf.d/security ServerTokens Prod ServerSignature Off sudo vi /etc/apache2/sites-available/default Directory /var/www/html> Options -Indexes /Directory> https://www.linuxquestions.org/questions/blog/rearden888-507430/howto-set-up-modsecurity-on-debian-7-35569/

Disable RC4 and SSL3

sudo vi /etc/apache2/mods-available/ssl.conf SSLHonorCipherOrder on SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS” SSLProtocol All -SSLv2 -SSLv3 SSLCompression Off

Force WordPress SSL HTTPS on Only One Page

RewriteEngine On Options -Indexes Options +FollowSymLinks RewriteBase / # force https for all URLs matching “subscribe.* # otherwise normal http request are unmolested # other methods that force ssl cause 301 redirects on # all pages RewriteCond %{HTTPS} =off RewriteRule ^subscribe https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d ## standard rule but causes redirect loops #RewriteRule . /index.php [L]...

WordPress Draft Crawl by Baiduspider

An interesting log in Apache hosts log (below) surprised me. I saw this URL crawl attempt by what is supposed to be Baidu – I checked – it was. What is so surprising is that the URL is a sentence of a DRAFT I was working on at the moment (screenshot below – notice the draft status bottom right). This...

unable to resolve host – not found or unable to stat

Debian 7 Apache 2.2.22 Virtualhost with only one website using ssl – ssl certificate is for www.example.com (not example.com) The following setup resolves the “unable to resolve host” error /etc/hosts 127.0.0.1 localhost 127.0.1.1 www.example.com /etc/hostname www.example.com However, now we have a new apache error [error] [client 127.0.0.1] script ‘/var/www/wp-cron.php’ not found or unable to stat Change hosts to /etc/hosts 127.0.0.1...

script /var/www/wp-cron.php not found or unable to stat

[error] [client 127.0.0.1] script /var/www/wp-cron.php not found or unable to stat http://serverfault.com/questions/185954/hosts-file-entries-for-multiple-domains-on-vps 127.0.0.1 localhost localhost.localdomain xxx.xxx.xxx.xxx yourdomain1.com yourdomain1 yourdomain2.com yourdomain2 And those lines must have a few blank lines above the in the hosts file, or they will get overwritten each reboot.

htaccess force SSL for WordPress

This works for me on Apache 2.2 with VirturalHosts. Plus other useful stuff here. <IfModule mod_rewrite.c> RewriteEngine On Options -Indexes Options +FollowSymLinks RewriteBase / # Force HTTPS RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}/$1 [L] # Deny access by your most hated visitors and bad bots RewriteCond %{HTTP_USER_AGENT} mechanize [NC,OR] # Protect against SQL INJECTION RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [OR] RewriteCond %{QUERY_STRING}...

How To Solve Swappiness (Apache) Problem

Swappiness is a Linux kernel parameter that controls the relative weight given to swapping out runtime memory, as opposed to dropping pages from the system page cache. Swappiness can be set to values between 0 and 100 inclusive. A low value causes the kernel to avoid swapping, a higher value causes the kernel to try to use swap space. The...

Setup a LAMP Server on Debian or Ubuntu

  SSH to your server ssh root@IP Update Debian/Ubuntu apt-get update && apt-get upgrade –show-upgraded -y Create User How To Create a User in Linux Setup SSH for Remote Access With GPG Keys – No Password How To Setup SSH for Remote Access IMPORANT – Block All Traffic to your Server While You Set it Up Block All Traffic (but...

Install Apache on Debian and Ubuntu

Install Apache sudo apt-get install apache2 sudo vi /etc/apache2/sites-available/default change AllowOverride None > AllowOverride All in line 11 Enable Apache rewrite and restart Achtung! Don’t forget or things will not work and you’ll waste hours trying to find out why sudo a2enmod rewrite Restart Apache sudo service apache2 restart If no error, its working Optional: The following “example” is used...

Apache2 Invalid method in request \x16\x03\x01

Apache2 reports an error “Invalid method in request \x16\x03\x01” Check that the IP address is correct in line #8 of /etc/apache2/sites-available/www.example.com <VirtualHost *:80> ServerAdmin webmaster@seleads.com ServerName www.example.com ServerAlias example.com Redirect 301 http://example.com http://www.example.com/ DocumentRoot /var/www/www.example.com/ </VirtualHost> <VirtualHost 199.199.199.199:443> SSLEngine on ServerName example.com SSLCACertificateFile /etc/apache2/ssl/PrimaryRootCA.crt SSLCertificateChainFile /etc/apache2/ssl/Thawte_DV_SSL_CA_Bundle.crt SSLCertificateFile /etc/apache2/ssl/example.crt SSLCertificateKeyFile /etc/apache2/ssl/private/example.key DocumentRoot /var/www/www.example.com/ </VirtualHost>

How to Customize Apache Log Format for Fail2ban

Customize apache2 other_vhosts_access.log format so fail2ban can use it. sudo vi /etc/apache2/apache2.conf On line 255 insert LogFormat “%t %v:%p %h %l %u \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” fail2ban Comment out the following line #LogFormat “%v:%p %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” vhost_combined sudo vi /etc/apache2/conf.d/other-vhosts-access-log change the end of the line (or duplicate and comment out) as...

Fail2ban Apache2 Access Log Regex Fails

Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found 2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-” ‘ using ‘‘ [apache-phpmyadmin-access] enabled = true #banaction = iptables-allports banaction = route port = http,https filter = apache-phpmyadmin-access logpath = /var/log/apache2/access.log maxretry = 0 #...