Apache: Difference between revisions
From DWIKI
m (→FAQ) |
mNo edit summary |
||
| Line 56: | Line 56: | ||
=FAQ= | |||
==AH01630: client denied by server configuration== | = FAQ = | ||
== AH01630: client denied by server configuration == | |||
Probably using 2.2 config on 2.4, change | Probably using 2.2 config on 2.4, change | ||
Order allow,deny | Order allow,deny | ||
Allow from all | Allow from all | ||
to | to | ||
Require all granted | Require all granted | ||
==NameVirtualHost *:80 has no VirtualHosts== | == [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex == | ||
This means you're using <VirtualHost *> instead of <VirtualHost *:80> | Check | ||
Or you have multiple declarations of NameVirtualHost *:80 | ipcs -s | ||
== NameVirtualHost *:80 has no VirtualHosts == | |||
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80 | |||
== Telnet session to webserver == | |||
telnet www.example.com 80 | telnet www.example.com 80 | ||
get / HTTP/1.1 | get / HTTP/1.1 | ||
<enter> | <enter> | ||
<enter> | <enter> | ||
For a virtual also pass host: | For a virtual also pass host: | ||
get / HTTP/1.1 | get / HTTP/1.1 | ||
host: virtual.host.com | host: virtual.host.com | ||
<enter> | <enter> | ||
| |||
==Apache memory usage== | |||
== Apache memory usage == | |||
ps aux|grep http|awk '{sum+=$4} END {print sum}' | ps aux|grep http|awk '{sum+=$4} END {print sum}' | ||
| |||
== Authentication == | |||
Read: | Read: | ||
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess] | |||
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd] | *[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess] | ||
*http://httpd.apache.org/docs/2.2/howto/auth.html | *[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd] | ||
*https://httpd.apache.org/docs/2.4/howto/auth.html | *[http://httpd.apache.org/docs/2.2/howto/auth.html http://httpd.apache.org/docs/2.2/howto/auth.html] | ||
*[https://httpd.apache.org/docs/2.4/howto/auth.html https://httpd.apache.org/docs/2.4/howto/auth.html] | |||
In .htaccess or </Directory> section put: | In .htaccess or </Directory> section put: | ||
Authtype Basic | Authtype Basic | ||
AuthUserFile /etc/apache/htusers | AuthUserFile /etc/apache/htusers | ||
| Line 97: | Line 117: | ||
AuthName "Protected" | AuthName "Protected" | ||
==Hide directories== | == Hide directories == | ||
RedirectMatch 404 /\.svn(/|$) | RedirectMatch 404 /\.svn(/|$) | ||
<FilesMatch \.(?i:gif|jpe?g|png)$> | <FilesMatch \.(?i:gif|jpe?g|png)$> | ||
| |||
==Strange hang and not restarting== | == Strange hang and not restarting == | ||
ipcs -s|grep apache | ipcs -s|grep apache | ||
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done; | for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done; | ||
==Get core dumps== | == Get core dumps == | ||
*http:// | *[http://wiki.apache.org/httpd/CoreDump http://wiki.apache.org/httpd/CoreDump] | ||
*/usr/share/doc/apache2.2-common/README.backtrace | |||
*[http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html] | |||
In apache configuration: | In apache configuration: | ||
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights) | CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights) | ||
===On freebsd=== | === On freebsd === | ||
Set apache22limits_enable="YES in /etc/rc.conf | Set apache22limits_enable="YES in /etc/rc.conf | ||
In apache configuration: | In apache configuration: | ||
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights) | CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights) | ||
| Line 130: | Line 154: | ||
sysctl kern.coredumps=1 | sysctl kern.coredumps=1 | ||
===On Debian=== | === On Debian === | ||
sysctl fs.suid_dumpable=2 ? | |||
ulimit -c unlimited ? | sysctl fs.suid_dumpable=2 ? | ||
ulimit -c unlimited ? | |||
== Socket is not connected: core_output_filter: writing data to the network == | |||
Bug in some versions? | Bug in some versions? | ||
==Connection refused: connect to listener on 0.0.0.0:80== | == Connection refused: connect to listener on 0.0.0.0:80 == | ||
Seems a jail problem, try setting | |||
Seems a jail problem, try setting | |||
Listen 12.33.44.55:80 | Listen 12.33.44.55:80 | ||
| |||
== No such file or directory: Failed to enable the 'httpready' Accept Filter == | |||
In /boot/loader.conf | In /boot/loader.conf | ||
accf_data_load="YES" | accf_data_load="YES" | ||
accf_http_load="YES" | accf_http_load="YES" | ||
| |||
==sorting apache logs== | == sorting apache logs == | ||
[http://jehiah.cz/archive/sorting-apache-logs http://jehiah.cz/archive/sorting-apache-logs] | |||
| |||
==Rewriting and redirecting== | == unable to include potential exec == | ||
http://www.aitechsolutions.net/apacheredirect.html | |||
== Rewriting and redirecting == | |||
[http://www.aitechsolutions.net/apacheredirect.html http://www.aitechsolutions.net/apacheredirect.html] | |||
=== redirect http to https === | |||
#this usually does the trick | #this usually does the trick | ||
Redirect permanent / https://foo.com | Redirect permanent / [https://foo.com https://foo.com] | ||
*http://www.whoopis.com/howtos/apache-rewrite.html | *[http://www.whoopis.com/howtos/apache-rewrite.html http://www.whoopis.com/howtos/apache-rewrite.html] | ||
| |||
== debugging rewrites == | |||
== | == status codes == | ||
*[http://www.w3.org/Protocols/HTTP/HTRESP.html http://www.w3.org/Protocols/HTTP/HTRESP.html] | |||
| |||
== client denied by server configuration == | |||
That's the Deny/Allow bits in config | That's the Deny/Allow bits in config | ||
| |||
=== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart === | |||
Needs a real restart | Needs a real restart | ||
Revision as of 10:08, 19 October 2020
From the apache homepage:
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Links
| Documentation | |
| http://httpd.apache.org/ | Apache homepage |
| http://httpd.apache.org/docs/2.2/ | 2.2 Reference |
| http://httpd.apache.org/docs/2.0/ | 2.0 Reference |
| http://httpd.apache.org/docs/1.3/ | 1.3 Reference |
| Apache and SSL | |
| Apache2, Debian and SSL | |
| More Apache and SSL | |
| Articles | |
| vhosts explained | "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003 |
| Tools | |
| http://awstats.sourceforge.net/ | Apache log analyzer |
Documentation
Virtual hosts
Application & modules
Log analyzers
Notes
- Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.
Related Items
Web-based Single Sign-On
Applications
Comparisons
- http://www.jisc.ac.uk/uploaded_documents/CMSS-Gilmore.pdf
- http://www.umich.edu/~umweb/downloads/WebSSOImplementationComparision.pdf
FAQ
AH01630: client denied by server configuration
Probably using 2.2 config on 2.4, change
Order allow,deny Allow from all
to
Require all granted
[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex
Check
ipcs -s
NameVirtualHost *:80 has no VirtualHosts
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80
Telnet session to webserver
telnet www.example.com 80 get / HTTP/1.1 <enter> <enter>
For a virtual also pass host:
get / HTTP/1.1 host: virtual.host.com <enter>
Apache memory usage
ps aux|grep http|awk '{sum+=$4} END {print sum}'
Authentication
Read:
- Apache Authentication in htaccess
- Password Protection with .htaccess & .htpasswd
- http://httpd.apache.org/docs/2.2/howto/auth.html
- https://httpd.apache.org/docs/2.4/howto/auth.html
In .htaccess or </Directory> section put:
Authtype Basic AuthUserFile /etc/apache/htusers Require valid-user AuthName "Protected"
Hide directories
RedirectMatch 404 /\.svn(/|$)
<FilesMatch \.(?i:gif|jpe?g|png)$>
Strange hang and not restarting
ipcs -s|grep apache
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;
Get core dumps
- http://wiki.apache.org/httpd/CoreDump
- /usr/share/doc/apache2.2-common/README.backtrace
In apache configuration:
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
On freebsd
Set apache22limits_enable="YES in /etc/rc.conf
In apache configuration:
CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
Other stuff to try
sysctl kern.sugid_coredump=1 sysctl kern.coredumps=1
On Debian
sysctl fs.suid_dumpable=2 ? ulimit -c unlimited ?
Socket is not connected: core_output_filter: writing data to the network
Bug in some versions?
Connection refused: connect to listener on 0.0.0.0:80
Seems a jail problem, try setting
Listen 12.33.44.55:80
No such file or directory: Failed to enable the 'httpready' Accept Filter
In /boot/loader.conf
accf_data_load="YES" accf_http_load="YES"
sorting apache logs
http://jehiah.cz/archive/sorting-apache-logs
unable to include potential exec
Rewriting and redirecting
http://www.aitechsolutions.net/apacheredirect.html
redirect http to https
#this usually does the trick Redirect permanent / https://foo.com
*http://www.whoopis.com/howtos/apache-rewrite.html
debugging rewrites
status codes
client denied by server configuration
That's the Deny/Allow bits in config
AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart
Needs a real restart
