≡ Menu

web server

Slowloris DoS Tool: It Can Bring Down Apache 1.x/2.x

Web server that use threaded processes such as Apache and others can be targeted using interesting HTTP DoS tool that has been released in wild. Tool can eat up all resources while it holds the connection open to server and keep sending incomplete HTTP requests. End result Apache run out of memory and comes under DoS attack.
[click to continue…]

HowTo: Creating Firewall and Cluster Objects In Firewall Builder

Here I present an abbreviated explanation of the process of creating firewall and cluster objects. More detailed step-by-step guides are available in sections "Firewall Object" and "Cluster Object" of the Firewall Builder Users Guide.
[click to continue…]

Debian PHP 5 Security Issues

Debian 5 php5 package has serious security issues as follows:

To prevent Denial of Service attacks by exhausting the number of available temporary file names, the max_file_uploads option introduced in PHP 5.3.1 has been backported.
[click to continue…]

CentOS / Red Hat Enterprise Linux 5.2 Poor NFS Performance and Solution

A few days ago I noticed that NFS performance between a web server node and NFS server went down by 50%. NFS was optimized and the only thing was updated Red Hat kernel v5.2. I also noticed same trend on CentOS 5.2 64 bit edition.

NFS server crashed each and every time web server node tried to store a large file 20-100 MB each. Read performance was fine but write performance went to hell. Finally, I had to rollback the updates. Recently, while reading Red Hat site I came across the solution.

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5:

* a 50-75% drop in NFS server rewrite performance, compared to Red Hat
Enterprise Linux 4.6, has been resolved.

After upgrading kernel on both server and client my issue resolved:
# yum update

Lighttpd Drupal CMS Clean URL ( SEO ) Rules Set Configuration

Drupal is modular framework and content management system (CMS) and works under Lighttpd too. By default, Drupal passes path arguments to itself via its internally generated URLs. This results in URLs that look like the following: "http://www.example.com/?q=node/83." This can make URLs hard to read and it also stops many search engines, like Google, from indexing the pages with these URLs.

You can tell Drupal to use "clean URLs", eliminating the "?q=" in internal URLs. Assuming that your site hosted in rootdirectory itself, open your lighttpd.conf file or domain configuration file:
# vi lighttpd.conf
Make sure mod_rewrite is enabled:
server.modules += ( "mod_rewrite" )
Append following configuration directives:

url.rewrite-final = (
  "^/system/test/(.*)$" => "/index.php?q=system/test/$1",
  "^/system/test-clean-url/(.*)$" => "/index.php?q=system/test-clean-url/$1",
  "/rss.xml$" => "/index.php?q=rss.xml",
  "^/search/(.*)$" => "/index.php?q=search/$1",
  "^/([^.?]*)\?(.*)$" => "/index.php?q=$1&$2",
  "^/([^.?]*)$" => "/index.php?q=$1",
# Error 404
server.error-handler-404  = "/index.php"
# stop these
url.access-deny = ( "~", ".inc", ".engine", ".install", ".module", ".sh", "sql", ".theme", ".tpl.php", ".xtmpl", "Entries", "Repository", "Root" )

Save and close the file. Restart lighttpd, enter:
# /etc/init.d/lighttpd restart
Feel free to adjust rules as per your setup.

Further readings:

mod_compress: Lighttpd Gzip Compression To Improve Download and Browsing Speed

Gzip is the most popular and effective compression method. Most modern web browser supports and accepts compressed data transfer. By gziping response time can reduced by 60-70% as compare to normal web page. The end result is faster web site experience for both dial up (they're not dead yet - I've dial up account for backup purpose) and broadband user. I've already written about speeding up Apache 2.x web access or downloads with mod_deflate.

mod_compress for Lighttpd 1.4.xx

Lighttpd 1.4.xx supports gzip compression using mod_compress. This module can reduces the network load and can improve the overall throughput of the webserver. All major http-clients support compression by announcing it in the Accept-Encoding header as follows:

Accept-Encoding: gzip, deflate

If lighttpd sees this header in the request, it can compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding header in the response:

Content-Encoding: gzip

This is used to negotiate the most suitable compression method. Lighttpd support deflate, gzip and bzip2.

Configure mod_compress

Open your lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append mod_compress to server.modules directive:
server.modules += ( "mod_compress" )
Setup compress.cache-dir to stored all cached file:
compress.cache-dir = "/tmp/lighttpdcompress/"
Finally, define mimetypes to get compressed. Following will allow to compress javascript, plain text files, css file,xml file etc:

compress.filetype           = ("text/plain","text/css", "text/xml", "text/javascript" )

Save and close the file. Create /tmp/lighttpdcompress/ file:
# mkdir -p /tmp/lighttpdcompress/
# chown lighttpd:lighttpd /tmp/lighttpdcompress/

Restart lighttpd:
# /etc/init.d/lighttpd restart

How do I enable mod_compress per virtual host?

Use conditional $HTTP host directive, for example turn on compression for theos.in:

$HTTP["host"] =~ "theos\.in" {
  compress.cache-dir = "/var/www/cache/theos.in/"

PHP dynamic compression

Open php.in file:
# vi /etc/php.ini
To compress dynamic content with PHP please enable following two directives:
zlib.output_compression = On
zlib.output_handler = On

Save and close the file. Restart lighttpd:
# service lighttpd restart

Cleaning cache directory

You need to run a shell script for cleaning out cache directory.

See also:

Lighttpd Control a Directory Listing With mod_dirlisting

Lighttpd web server will generate a directory listing if a directory is requested and no index-file was found in that directory. mod_dirlisting is one of the modules that is loaded by default and doesn't have to be specified on server.modules to work.

Task: Enable Directory Listings Globally

Open lighttpd configuration file:
# vi /etc/lighttpd/lighttpd.conf
Append / modify
server.dir-listing = "enable"
dir-listing.activate = "enable"
Save and close the file. Restart lighttpd:
# /etc/init.d/lighttpd restart
To disable directory listing, use:
dir-listing.activate = "disable"

Enable directory listing only for a directory

You can also enable or disable listing on selected url / directory combination. For example, display directory listing only for /files/:
$HTTP["url"] =~ "^/files($|/)" { server.dir-listing = "enable" }
$HTTP["url"] =~ "^/files($|/)" { dir-listing.activate = "enable" }

Further readings: