≡ Menu


You can create URL redirection service for your blog within five minutes using nothing but web server's mod_redirect module. For example, when you type or share a url io9.in/t/5159 you will be automatically redirected to http://www.cyberciti.biz/tips/my-10-unix-command-line-mistakes.html. In this quick post I will explain how to create url shortener and integrate your wordpress based blog without installing any new scripts.
[click to continue…]

Core dumps are often used to diagnose or debug errors in Linux or UNIX programs. Core dumps can serve as useful debugging aids for sys admins to find out why Application like Lighttpd, Apache, PHP-CGI or any other program crashed. Many vendors and open source project author requests a core file to troubleshoot a program. A core file is generated when an application program abnormally terminates due to bug, operating system security protection schema, or program simply try to write beyond the area of memory it has allocated, and so on. This article explains how to turn on core file support and track down bugs in programs.
[click to continue…]

Web server that use threaded processes such as Apache and others can be targeted using interesting HTTP DoS tool that has been released in wild. Tool can eat up all resources while it holds the connection open to server and keep sending incomplete HTTP requests. End result Apache run out of memory and comes under DoS attack.
[click to continue…]

The round-robin database tool aims to handle time-series data like network bandwidth, temperatures, CPU load etc. The data gets stored in round-robin database so that system storage footprint remains constant over time. Lighttpd comes with mod_rrdtool to monitor the server load and other details. This is useful for debugging and tuning lighttpd / fastcgi server performance.
[click to continue…]

Lighttpd: Enable IPv6 Support

Lighttpd supports both IPv6 and IPv4 protocol out of box. You need to compile lighttpd with IPv6 support. The server.use-ipv6 option bind to the IPv6 socket. You need to bind to both IPv6 and IPv4 using the following syntax.

First, see compile-time features (find out if IPv6 is enabled or not), enter:
# lighttpd -V
Sample output:

Build-Date: Sep 30 2008 06:18:08
Event Handlers:
	+ select (generic)
	+ poll (Unix)
	+ rt-signals (Linux 2.4+)
	+ epoll (Linux 2.6)
	- /dev/poll (Solaris)
	- kqueue (FreeBSD)
Network handler:
	+ sendfile
	+ IPv6 support
	+ zlib support
	+ bzip2 support
	+ crypt support
	+ SSL Support
	+ PCRE support
	- mySQL support
	- LDAP support
	- memcached support
	- FAM support
	- LUA support
	- xml support
	- SQLite support
	- GDBM support

You must see + IPv6 support enabled. If not recompile lighttpd with IPv6 support. Once compiled open lighttpd.conf file:
# vi lighttpd.conf
To enable IPV6 and IPV4 together, enter:

server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "" {
# add your stuff

Save and close the file. Restart lighttpd:
# service lighttpd restart

Above config is only useful if you want to use all available IPv4 and IPv6 address. Following configuration will bind IPv4 to and IPv6 to address:
Open lighttpd.conf setup main server IP address as follows:

server.port = 80 
server.bind = ""

Below that add IPv6 config as follows:

$SERVER["socket"] == "[2001:470:1f04:55a::2]:80" {
   # ...
   # your rest of config for ipv6 host
   # ...

Here is my sample config file with IPv4 and IPv6 dual stack enabled:

server.modules              = (
server.errorlog            = "/var/log/lighttpd/error.log"
accesslog.filename         = "/var/log/lighttpd/access.log"
index-file.names            = ( "index.php", "index.html", "index.htm", "default.htm" )
server.tag                 = "lighttpd"
# FastCGI php5
fastcgi.map-extensions = ( ".html" => ".php" )
fastcgi.server    = ( ".php" =>
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/tmp/php-cgi.socket",
                "max-procs" => 4,
                "idle-timeout" => 30,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "10",
                        "PHP_FCGI_MAX_REQUESTS" => "20000"
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                "broken-scriptfilename" => "enable"
include "mimetype.conf"
server.document-root = "/home/lighttpd/example.com/http"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
# Turn on IPv4 config
server.port = 80 
server.bind = ""
server.error-handler-404 = "/index.php?error=404"
### IPv6 Config ###
# Note only log file name changed
$SERVER["socket"] == "[2607:f0d0:1002:11::5]:80" {
	accesslog.filename         = "/var/log/lighttpd/ipv6.access.log"
	server.document-root = "/home/lighttpd/example.com/http"
	server.error-handler-404 = "/index.php?error=404"

Drupal is modular framework and content management system (CMS) and works under Lighttpd too. By default, Drupal passes path arguments to itself via its internally generated URLs. This results in URLs that look like the following: "http://www.example.com/?q=node/83." This can make URLs hard to read and it also stops many search engines, like Google, from indexing the pages with these URLs.

You can tell Drupal to use "clean URLs", eliminating the "?q=" in internal URLs. Assuming that your site hosted in rootdirectory itself, open your lighttpd.conf file or domain configuration file:
# vi lighttpd.conf
Make sure mod_rewrite is enabled:
server.modules += ( "mod_rewrite" )
Append following configuration directives:

url.rewrite-final = (
  "^/system/test/(.*)$" => "/index.php?q=system/test/$1",
  "^/system/test-clean-url/(.*)$" => "/index.php?q=system/test-clean-url/$1",
  "/rss.xml$" => "/index.php?q=rss.xml",
  "^/search/(.*)$" => "/index.php?q=search/$1",
  "^/([^.?]*)\?(.*)$" => "/index.php?q=$1&$2",
  "^/([^.?]*)$" => "/index.php?q=$1",
# Error 404
server.error-handler-404  = "/index.php"
# stop these
url.access-deny = ( "~", ".inc", ".engine", ".install", ".module", ".sh", "sql", ".theme", ".tpl.php", ".xtmpl", "Entries", "Repository", "Root" )

Save and close the file. Restart lighttpd, enter:
# /etc/init.d/lighttpd restart
Feel free to adjust rules as per your setup.

Further readings:

Debian Linux project released today bug fixes for lighttpd and gaim package.

Gaim packages fix execution of arbitrary code

It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.

lighttpd packages fix multiple DOS issues

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.

a) lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

b) connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.

How do I fix lighttpd and gaim security issues?

First, update the internal database, enter:
# apt-get update
Install corrected packages, enter:
# apt-get upgrade