Apache: Difference between revisions

mNo edit summary
Line 67: Line 67:

==Log SSL protocols==
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Revision as of 13:59, 16 September 2022

From the apache homepage:

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.


http://httpd.apache.org/ Apache homepage
http://httpd.apache.org/docs/2.2/ 2.2 Reference
http://httpd.apache.org/docs/2.0/ 2.0 Reference
http://httpd.apache.org/docs/1.3/ 1.3 Reference
Apache and SSL
Apache2, Debian and SSL
More Apache and SSL
vhosts explained "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003
http://awstats.sourceforge.net/ Apache log analyzer


Virtual hosts

Application & modules

Log analyzers


  • Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.

Related Items

Web-based Single Sign-On




Log SSL protocols

CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Enable module

On Debian


On RedHat

Enable HSTS

a2enmod headers

and in config

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

AH01630: client denied by server configuration

Probably using 2.2 config on 2.4, change

Order allow,deny
Allow from all


Require all granted

[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex


ipcs -s


Check which MPM is running ( prefork or worker)

httpd -V | grep MPM

NameVirtualHost *:80 has no VirtualHosts

This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80

Telnet session to webserver

telnet www.example.com 80
get / HTTP/1.1

For a virtual also pass host:

get / HTTP/1.1
host: virtual.host.com


Apache memory usage

ps aux|grep http|awk '{sum+=$4} END {print sum}'




In .htaccess or </Directory> section put:

Authtype Basic
AuthUserFile /etc/apache/htusers
Require valid-user
AuthName "Protected"

Hide directories

RedirectMatch 404 /\.svn(/|$)


<DirectoryMatch "^/.*/\.git/">
 Require all denied

Deny access to files

<FilesMatch \.(?i:gif|jpe?g|png)$>
 Require all denied


Strange hang and not restarting

ipcs -s|grep apache
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;

Get core dumps

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

On freebsd

Set apache22limits_enable="YES in /etc/rc.conf

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

Other stuff to try

sysctl kern.sugid_coredump=1
sysctl kern.coredumps=1

On Debian

sysctl fs.suid_dumpable=2 ?
ulimit -c unlimited ?

Socket is not connected: core_output_filter: writing data to the network

Bug in some versions?

Connection refused: connect to listener on

Seems a jail problem, try setting



No such file or directory: Failed to enable the 'httpready' Accept Filter

In /boot/loader.conf



sorting apache logs



unable to include potential exec

Rewriting and redirecting


redirect http to https

#this usually does the trick
Redirect permanent / https://foo.com


debugging rewrites

status codes


client denied by server configuration

That's the Deny/Allow bits in config


AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart

Needs a real restart

AH00162: server seems busy

maybe it's busy

server-status: ERROR 500: Internal Server Error