nixCraft » Apache

HowTo: Run Network Service Per System / VM Instance To Improve Overall Security Of A Web Stacks (LAMP)

nixCraft — Fri, 22 Jun 2012 22:58:06 +0000

A web stack is nothing but collection of many open source software such as an operating system, Web server, database server, server side programming language. The most commonly known web stacks is LAMP. It is an acronym for a solution stack of free, open source software, referring to the first letters of Linux (operating system), Apache Web server, MySQL database software and PHP (or sometimes Perl or Python). All of our security related tutorials recommends running different network services on separate systems or vm instance. Naturally, this limits the number of other services that can be cracked in the event that an attacker is able to successfully exploit a software flaw in one network service. This is also one of the most requested article via email. In this guide, I will explain how to setup a solution that can serve static content, dynamic content, database, and caching by running on separate servers or vm instance.

HowTo: Configure Apache Web Server To Use NFS Shared HTML+PHP5 Files

nixCraft — Fri, 22 Jun 2012 22:50:38 +0000

The Apache web server is responsible for providing access to dynamic content via the HTTP or HTTPS protocol. In this example, I'm going to install and use the Apache 2 web server + php5 safely and set DocumentRoot to vm05:/exports/html mounted at /var/www/html. You need to type the following commands on vm02 having an IP address 192.168.1.11.
This blog post is part in the "Run Different Linux Network Services on Separate Systems/VM" series.

Create Custom URL Shortener For WordPress Based Blog In a Five Minutes

nixCraft — Thu, 03 May 2012 16:43:14 +0000

You can create URL redirection service for your blog within five minutes using nothing but web server's mod_redirect module. For example, when you type or share a url io9.in/t/5159 you will be automatically redirected to http://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html. In this quick post I will explain how to create url shortener and integrate your wordpress based blog without installing any new scripts.

HowTo: Configure Vbulletin To Use A Content Delivery Network (CDN)

nixCraft — Fri, 11 Jun 2010 14:09:01 +0000

The last time I wrote about CDN, I wrote about how to configure CDN for wordpress to speed up your wordpress blog to display content to users faster and more efficiently. However, a few regular readers like to know how to configure the Amazon CDN or other CDN network to use with Vbulletin forum software. In this quick tutorial, I will explains how to configure Vbulletin, Apache/Lighttpd webserver, Bind dns server to use a CDN to distribute your common files such as css, js, user uploaded files and lighten load on your web server.

HowTo: Configure WordPress To Use A Content Delivery Network (CDN)

nixCraft — Fri, 02 Apr 2010 09:44:39 +0000

Research shows that if your web pages take longer than 5 seconds to load, you lose 50% of your viewers and sales. You can speed up your wordpress blog by using a CDN to display content to users faster and more efficiently. You can distributes common files or content such as css, javascript, uploaded images, videos and much more through a CDN, which serves the content from the closest cdn edge server to the end-user. In this tutorial, I will explains how to configure Wordpress, Apache/Lighttpd webserver, Bind dns server to use a CDN to distribute your common files such as css, js, user uploaded files and lighten load on your web server.

Use a Linux LiveCD to Avoid Windows Malware For Netbanking

nixCraft — Thu, 15 Oct 2009 12:53:55 +0000

Internet has revolutionized the way online users can shop and avail banking services like internet Banking from anywhere, anytime without visiting bank. But, how safe is your money with online net-banking which allows to carry out money transfer? Companies and in some case individuals lost anywhere from $10,000 to $500,000 dollars because of a single malware infection. The cyber crooks are targeting innocent MS-Windows user. If you are concerned about how best to protect yourself from this type of fraud, use Linux LiveCD for online banking and avoid Microsoft Windows at all cost.

6 Tools To Find Out Website Load Speed

nixCraft — Wed, 15 Jul 2009 17:42:34 +0000

Research shows that if your web pages take longer than 5 seconds to load, you lose 50% of your viewers and sales. As a UNIX admin often end users and web developers complain about website loading speed and timings. Usually, there is nothing wrong with my servers or server farm. Fancy java script and images / flash makes site pretty slow. These tools are useful to debug performance problems for sys admins, developers and end users. Here are six tools that can analyzes web pages and tells you why they are slow. Use the following tools to:

Make your site faster.
Debug site problem, especially client side and server side stuff.
Better user experience.
Improve the web.

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

nixCraft — Sun, 21 Jun 2009 00:02:13 +0000

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.

Slowloris DoS Tool: It Can Bring Down Apache 1.x/2.x

nixCraft — Fri, 19 Jun 2009 14:50:39 +0000

Apache Security Update - a flaw In Apache can be used to carry out DoS. Slowloris is a new Apache DoS tool which can use slow Internet links to bring down Apache servers, rather than flooding networks. Most D/DoS tool requires faster net connections but this tool works with minimal bandwidth. This tool can lead to a DoS attack on Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid, while MS IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable to this attack.

Apache2 mod_fastcgi: Connect to External PHP via UNIX Socket or TCP/IP Port

nixCraft — Tue, 30 Dec 2008 12:49:34 +0000

Now, mod_fastcgi is configured and running. FastCGI supports connection via UNIX sockets or TCP/IP networking. This is useful to spread load among various backends. For example, php will be severed from 192.168.1.10 and python / ruby on rails will be severed from 192.168.1.11. This is only possible with mod_fastcgi.

Red Hat / CentOS Apache 2 FastCGI PHP Configuration

nixCraft — Tue, 30 Dec 2008 10:31:32 +0000

FastCGI is a protocol for interfacing interactive programs with a web server. FastCGI's main aim is to reduce the overhead associated with interfacing the web server and CGI programs, allowing a server to handle more web page requests at once.

Also, PHP is not recommended with multithreaded Apache2 (worker MPM) because of performance and some 3rd party PHP extensions are not not guaranteed thread-safe.

nginx and lighttpd has inbuilt support for FastCGI. For Apache web server you need to use either mod_fastcgi or mod_fcgid.

mod_fastcgi allows server and application processes to be restarted independently -- an important consideration for busy web sites. It also facilitates per-application security policies -- important for ISPs and web hosting companies.

In this quick tutorial, you will learn about Apache 2 + mod_fastcgi + PHP installation and configuration under Red Hat Enterprise Linux / CentOS Linux version 5.x+.

Test and Troubleshoot Chrooted Apache Jail

nixCraft — Mon, 22 Dec 2008 13:30:36 +0000

This is 3rd and the final installment for Apache Chroot Jail for CentOS / RHEL series. Once Apache is configured with mod_chroot, you may need to test and debug problems. This article will provide a few troubleshooting tips.

Apache Chroot Jail: Virtual Hosting

nixCraft — Mon, 22 Dec 2008 12:49:30 +0000

In this second part you will learn about creating user accounts, SKEL directory and virtual hosting configuration under chrooted Apache jail.

Red Hat / CentOS: Chroot Apache 2 Web Server

nixCraft — Mon, 22 Dec 2008 05:55:52 +0000

A chroot on Red Hat / CentOS / Fedora Linux operating changes the apparent disk root directory for the Apache process and its children. Once this is done attacker or other php / perl / python scripts cannot access or name files outside that directory. This is called a "chroot jail" for Apache. You should never ever run a web server without jail. There should be privilege separation between web server and rest of the system. In this exclusive series, you will learn more about:

Securing an Apache 2 web server under Red Hat Enterprise Linux / CentOS Linux using mod_chroot
Virtual hosting configuration
Troubleshooting Chrooted Apache jail problem.

Debian PHP 5 Security Issues

nixCraft — Thu, 27 Nov 2008 04:49:16 +0000

Debian 5 php5 package has serious security issues as follows: To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.

CentOS / Red Hat Enterprise Linux 5.2 Poor NFS Performance and Solution

nixCraft — Fri, 22 Aug 2008 09:41:58 +0000

A few days ago I noticed that NFS performance between a web server node and NFS server went down by 50%. NFS was optimized and the only thing was updated Red Hat kernel v5.2. I also noticed same trend on CentOS 5.2 64 bit edition.

How To Configuring Urchin 6 Tracking To Analyze Website Logs

nixCraft — Wed, 20 Aug 2008 18:37:02 +0000

This is 3rd and the final installment for Urchin 6 web analytics software series. Once Urchin is installed, you need to configure tracking on your website. You need to install Urchin sensors - a small piece of javascript tracking code on each of your website's pages.

Exploring Urchin Web Analytics Software

nixCraft — Tue, 19 Aug 2008 16:21:04 +0000

Urchin software comes with a number of utility programs that are used for diagnostic and configuration purposes. Let us see how to Linux tools to configure basic options.

Linux: Install Urchin 6 Web Analytics Software

nixCraft — Tue, 19 Aug 2008 15:40:24 +0000

Web analytics is the study of online behaviour in order to improve it. There are two categories; off-site and on-site web analytics. Google's Urchin 6 can be installed under Linux kernel 2.6 or 2.4 for Apache web log analysis. Urchin 6 is just like Google Analytics the most widely used hosted web analytics system. It is targeted at ecommerce web sites or enterprise users behind firewalls. In this mini series you will learn about installing and using web log analysis software called Google Urchin 6 under Red Hat Enterprise Linux 5.x.

Microsoft Backs Apache and Open Source

nixCraft — Mon, 28 Jul 2008 17:17:30 +0000

In the past Microsoft has been hostile to the open source movement. But At OSCON, Microsoft announced their sponsorship of "The Apache Software Foundation", joining Google and Yahoo! at Platinum level.