Apache: Difference between revisions

From DWIKI
 
(23 intermediate revisions by the same user not shown)
Line 1: Line 1:
From the [http://httpd.apache.org/ apache homepage]:
From the [http://httpd.apache.org/ apache homepage]:
<blockquote>The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.</blockquote>
<blockquote>The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.</blockquote>
= Links =
= Links =
{| style="width:600px;" border="0"
 
{| style="width:600px" border="0"
|-
| colspan="2" | '''Documentation'''
| colspan="2" | '''Documentation'''
|-
|-
| [http://httpd.apache.org/ http://httpd.apache.org/] || Apache homepage
| [http://httpd.apache.org/ http://httpd.apache.org/]
| Apache homepage
|-
|-
| [http://httpd.apache.org/docs/2.2/ http://httpd.apache.org/docs/2.2/] || 2.2 Reference
| [http://httpd.apache.org/docs/2.2/ http://httpd.apache.org/docs/2.2/]
| 2.2 Reference
|-
|-
| [http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/] || 2.0 Reference
| [http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/]
| 2.0 Reference
|-
|-
| [http://httpd.apache.org/docs/1.3/ http://httpd.apache.org/docs/1.3/] || 1.3 Reference
| [http://httpd.apache.org/docs/1.3/ http://httpd.apache.org/docs/1.3/]
| 1.3 Reference
|-
|-
| [http://www.tuxick.net/docs/apache_ssl.html Apache and SSL]
| [http://www.tuxick.net/docs/apache_ssl.html Apache and SSL]
Line 26: Line 33:
| colspan="2" | '''Tools'''
| colspan="2" | '''Tools'''
|-
|-
| [http://awstats.sourceforge.net/ http://awstats.sourceforge.net/] || Apache log analyzer
| [http://awstats.sourceforge.net/ http://awstats.sourceforge.net/]
| Apache log analyzer
|}
|}
*[http://mod-qos.sourceforge.net/ QoS for Apache]
*[https://github.com/alecthomas/geoip/blob/master/GeoIPCountryWhois.csv GeoIPCountryWhois.csv]


=Documentation=
=Documentation=
Line 40: Line 51:
*[[webalizer]]
*[[webalizer]]
*[[urchin]]
*[[urchin]]
* zapache




Line 55: Line 67:




=FAQ=
=HOWTO=
==NameVirtualHost *:80 has no VirtualHosts==
==Log SSL protocols==
This means you're using <VirtualHost *> instead of <VirtualHost *:80>
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Or you have multiple declarations of NameVirtualHost *:80
 
 
 
= FAQ =
==Modules==
== Enable module ==
===On Debian===
a2enmod
===On RedHat===
 
=== List active modules===
apachectl -t -D DUMP_MODULES
 
 
==Enable HSTS==
a2enmod headers
and in config
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
 
 
== [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex ==
 
Check
 
ipcs -s
 
&nbsp;
 
==Check which MPM is running ( prefork or worker) ==
httpd -V | grep MPM
or more modern
apache2ctl -t -D DUMP_MODULES | grep mpm
 
== NameVirtualHost *:80 has no VirtualHosts ==
 
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80
 
== Telnet session to webserver ==


==Telnet session to webserver==
  telnet www.example.com 80
  telnet www.example.com 80
  get / HTTP/1.1
  get / HTTP/1.1
  <enter>
  <enter>
  <enter>
  <enter>
For a virtual also pass host:
For a virtual also pass host:
  get / HTTP/1.1
  get / HTTP/1.1
  host: virtual.host.com
  host: virtual.host.com
  <enter>
  <enter>


   
&nbsp;
 
== Apache memory usage ==
 
  ps aux|grep http|awk '{sum+=$4} END {print sum}'
 
&nbsp;
 
== Authentication ==


==Authentication==
Read:
Read:
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]
*http://httpd.apache.org/docs/2.2/howto/auth.html


In .htaccess put:
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]
*[http://httpd.apache.org/docs/2.2/howto/auth.html http://httpd.apache.org/docs/2.2/howto/auth.html]
*[https://httpd.apache.org/docs/2.4/howto/auth.html https://httpd.apache.org/docs/2.4/howto/auth.html]
 
In .htaccess or </Directory> section put:
 
  Authtype Basic
  Authtype Basic
  AuthUserFile /etc/apache/htusers
  AuthUserFile /etc/apache/htusers
Line 84: Line 144:
  AuthName "Protected"
  AuthName "Protected"


==Hide directories==
== Hide directories ==
 
  RedirectMatch 404 /\.svn(/|$)
  RedirectMatch 404 /\.svn(/|$)


or
<DirectoryMatch "^/.*/\.git/">
  Require all denied
</DirectoryMatch>
== Deny access to files ==
  <FilesMatch \.(?i:gif|jpe?g|png)$>
  <FilesMatch \.(?i:gif|jpe?g|png)$>
  Require all denied
</FilesMatch>


&nbsp;


==Strange hang and not restarting==
== Strange hang and not restarting ==


  ipcs -s|grep apache
  ipcs -s|grep apache
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;


==Get core dumps==
== Get core dumps ==
*/usr/share/doc/apache2.2-common/README.backtrace
 
*http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html
*[http://wiki.apache.org/httpd/CoreDump http://wiki.apache.org/httpd/CoreDump]
*/usr/share/doc/apache2.2-common/README.backtrace  
 
*[http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html]
 
In apache configuration:
 
  CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
 
=== On freebsd ===
 
Set apache22limits_enable="YES in /etc/rc.conf
 
In apache configuration:


===on freebsd===
  CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)


See http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html
Other stuff to try


  sysctl kern.sugid_coredump=1
  sysctl kern.sugid_coredump=1
  sysctl kern.coredumps=1  
  sysctl kern.coredumps=1
  CoreDumpDirectory /tmp/apache2-gdb-dump
 
=== On Debian ===
 
  sysctl fs.suid_dumpable=2&nbsp;?
ulimit -c unlimited&nbsp;?


but still not working :)
== Socket is not connected: core_output_filter: writing data to the network ==


==Socket is not connected: core_output_filter: writing data to the network==
Bug in some versions?
Bug in some versions?


==Connection refused: connect to listener on 0.0.0.0:80==
== Connection refused: connect to listener on 0.0.0.0:80 ==
Seems a jail problem, try setting  
 
Seems a jail problem, try setting
 
  Listen 12.33.44.55:80
  Listen 12.33.44.55:80


&nbsp;


== No such file or directory: Failed to enable the 'httpready' Accept Filter ==


==No such file or directory: Failed to enable the 'httpready' Accept Filter==
In /boot/loader.conf
In /boot/loader.conf
  accf_data_load="YES"
  accf_data_load="YES"
  accf_http_load="YES"
  accf_http_load="YES"


&nbsp;
== sorting apache logs ==
[http://jehiah.cz/archive/sorting-apache-logs http://jehiah.cz/archive/sorting-apache-logs]
&nbsp;


==sorting apache logs==
== unable to include potential exec ==
http://jehiah.cz/archive/sorting-apache-logs


== Rewriting and redirecting ==


==unable to include potential exec==
[http://www.aitechsolutions.net/apacheredirect.html http://www.aitechsolutions.net/apacheredirect.html]


==Rewriting and redirecting==
=== redirect http to https ===
http://www.aitechsolutions.net/apacheredirect.html


===redirect http to https===
  #this usually does the trick
  #this usually does the trick
  Redirect permanent / https://foo.com
  Redirect permanent / [https://foo.com https://foo.com]
 
*[https://httpd.apache.org/docs/current/rewrite/avoid.html#redirect Use redirect instead of rewrite]
 
== debugging rewrites ==
 
== status codes ==
 
*[http://www.w3.org/Protocols/HTTP/HTRESP.html http://www.w3.org/Protocols/HTTP/HTRESP.html]
 
&nbsp;
 
== client denied by server configuration ==
 
That's the Deny/Allow bits in config
 
&nbsp;
 
 
 
 
== server-status: ERROR 500: Internal Server Error==
??
 
 
==Error messages==
=== AH00162: server seems busy ===
 
maybe it's busy
 
 
=== AH01630: client denied by server configuration ===


*http://www.whoopis.com/howtos/apache-rewrite.html
Probably using 2.2 config on 2.4, change


Order allow,deny
Allow from all


to


==debugging rewrites==
Require all granted


=== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart ===


==status codes==
Needs a real restart
*http://www.w3.org/Protocols/HTTP/HTRESP.html


===AH02282: No slotmem from mod_heartmonitor===


==client denied by server configuration==
??
That's the Deny/Allow bits in config

Latest revision as of 13:55, 9 August 2024

From the apache homepage:

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Links

Documentation
http://httpd.apache.org/ Apache homepage
http://httpd.apache.org/docs/2.2/ 2.2 Reference
http://httpd.apache.org/docs/2.0/ 2.0 Reference
http://httpd.apache.org/docs/1.3/ 1.3 Reference
Apache and SSL
Apache2, Debian and SSL
More Apache and SSL
Articles
vhosts explained "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003
Tools
http://awstats.sourceforge.net/ Apache log analyzer

Documentation

Virtual hosts

Application & modules

Log analyzers


Notes

  • Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.

Related Items

Web-based Single Sign-On

Applications

Comparisons


HOWTO

Log SSL protocols

CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


FAQ

Modules

Enable module

On Debian

a2enmod

On RedHat

List active modules

apachectl -t -D DUMP_MODULES


Enable HSTS

a2enmod headers

and in config

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"


[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex

Check

ipcs -s

 

Check which MPM is running ( prefork or worker)

httpd -V | grep MPM

or more modern

apache2ctl -t -D DUMP_MODULES | grep mpm

NameVirtualHost *:80 has no VirtualHosts

This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80

Telnet session to webserver

telnet www.example.com 80
get / HTTP/1.1
<enter>
<enter>

For a virtual also pass host:

get / HTTP/1.1
host: virtual.host.com
<enter>

 

Apache memory usage

ps aux|grep http|awk '{sum+=$4} END {print sum}'

 

Authentication

Read:

In .htaccess or </Directory> section put:

Authtype Basic
AuthUserFile /etc/apache/htusers
Require valid-user
AuthName "Protected"

Hide directories

RedirectMatch 404 /\.svn(/|$)

or

<DirectoryMatch "^/.*/\.git/">
 Require all denied
</DirectoryMatch>

Deny access to files

<FilesMatch \.(?i:gif|jpe?g|png)$>
 Require all denied
</FilesMatch>


 

Strange hang and not restarting

ipcs -s|grep apache
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;

Get core dumps

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

On freebsd

Set apache22limits_enable="YES in /etc/rc.conf

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

Other stuff to try

sysctl kern.sugid_coredump=1
sysctl kern.coredumps=1

On Debian

sysctl fs.suid_dumpable=2 ?
ulimit -c unlimited ?

Socket is not connected: core_output_filter: writing data to the network

Bug in some versions?

Connection refused: connect to listener on 0.0.0.0:80

Seems a jail problem, try setting

Listen 12.33.44.55:80

 

No such file or directory: Failed to enable the 'httpready' Accept Filter

In /boot/loader.conf

accf_data_load="YES"
accf_http_load="YES"

 

sorting apache logs

http://jehiah.cz/archive/sorting-apache-logs

 

unable to include potential exec

Rewriting and redirecting

http://www.aitechsolutions.net/apacheredirect.html

redirect http to https

#this usually does the trick
Redirect permanent / https://foo.com

debugging rewrites

status codes

 

client denied by server configuration

That's the Deny/Allow bits in config

 



server-status: ERROR 500: Internal Server Error

??


Error messages

AH00162: server seems busy

maybe it's busy


AH01630: client denied by server configuration

Probably using 2.2 config on 2.4, change

Order allow,deny
Allow from all

to

Require all granted

AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart

Needs a real restart

AH02282: No slotmem from mod_heartmonitor

??