Apache: Difference between revisions

From DWIKI
mNo edit summary
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
From the [http://httpd.apache.org/ apache homepage]:
From the [http://httpd.apache.org/ apache homepage]:
<blockquote>The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.</blockquote>
<blockquote>The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.</blockquote>
= Links =
= Links =
{| style="width:600px;" border="0"
 
{| style="width:600px" border="0"
|-
| colspan="2" | '''Documentation'''
| colspan="2" | '''Documentation'''
|-
|-
| [http://httpd.apache.org/ http://httpd.apache.org/] || Apache homepage
| [http://httpd.apache.org/ http://httpd.apache.org/]
| Apache homepage
|-
|-
| [http://httpd.apache.org/docs/2.2/ http://httpd.apache.org/docs/2.2/] || 2.2 Reference
| [http://httpd.apache.org/docs/2.2/ http://httpd.apache.org/docs/2.2/]
| 2.2 Reference
|-
|-
| [http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/] || 2.0 Reference
| [http://httpd.apache.org/docs/2.0/ http://httpd.apache.org/docs/2.0/]
| 2.0 Reference
|-
|-
| [http://httpd.apache.org/docs/1.3/ http://httpd.apache.org/docs/1.3/] || 1.3 Reference
| [http://httpd.apache.org/docs/1.3/ http://httpd.apache.org/docs/1.3/]
| 1.3 Reference
|-
|-
| [http://www.tuxick.net/docs/apache_ssl.html Apache and SSL]
| [http://www.tuxick.net/docs/apache_ssl.html Apache and SSL]
Line 26: Line 33:
| colspan="2" | '''Tools'''
| colspan="2" | '''Tools'''
|-
|-
| [http://awstats.sourceforge.net/ http://awstats.sourceforge.net/] || Apache log analyzer
| [http://awstats.sourceforge.net/ http://awstats.sourceforge.net/]
| Apache log analyzer
|}
|}
*[http://mod-qos.sourceforge.net/ QoS for Apache]
*[https://github.com/alecthomas/geoip/blob/master/GeoIPCountryWhois.csv GeoIPCountryWhois.csv]


=Documentation=
=Documentation=
Line 56: Line 67:




=FAQ=
=HOWTO=
==AH01630: client denied by server configuration==
==Log SSL protocols==
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
 
 
= FAQ =
 
==Enable module==
===On Debian===
a2enmod
===On RedHat===
 
 
 
==Enable HSTS==
a2enmod headers
and in config
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
 
== AH01630: client denied by server configuration ==
 
Probably using 2.2 config on 2.4, change
Probably using 2.2 config on 2.4, change
  Order allow,deny
  Order allow,deny
  Allow from all
  Allow from all


to
to
  Require all granted
  Require all granted


==NameVirtualHost *:80 has no VirtualHosts==
== [core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex ==
This means you're using <VirtualHost *> instead of <VirtualHost *:80>
 
Or you have multiple declarations of NameVirtualHost *:80
Check
 
ipcs -s
 
&nbsp;
 
==Check which MPM is running ( prefork or worker) ==
httpd -V | grep MPM
 
 
== NameVirtualHost *:80 has no VirtualHosts ==
 
This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80
 
== Telnet session to webserver ==


==Telnet session to webserver==
  telnet www.example.com 80
  telnet www.example.com 80
  get / HTTP/1.1
  get / HTTP/1.1
  <enter>
  <enter>
  <enter>
  <enter>
For a virtual also pass host:
For a virtual also pass host:
  get / HTTP/1.1
  get / HTTP/1.1
  host: virtual.host.com
  host: virtual.host.com
  <enter>
  <enter>


   
&nbsp;
 
== Apache memory usage ==
 
  ps aux|grep http|awk '{sum+=$4} END {print sum}'
 
&nbsp;
 
== Authentication ==


==Authentication==
Read:
Read:
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]
 
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]
*[http://www.askapache.com/htaccess/apache-authentication-in-htaccess.html Apache Authentication in htaccess]  
*http://httpd.apache.org/docs/2.2/howto/auth.html
*[http://weavervsworld.com/docs/other/passprotect.html Password Protection with .htaccess & .htpasswd]  
*https://httpd.apache.org/docs/2.4/howto/auth.html
*[http://httpd.apache.org/docs/2.2/howto/auth.html http://httpd.apache.org/docs/2.2/howto/auth.html]
*[https://httpd.apache.org/docs/2.4/howto/auth.html https://httpd.apache.org/docs/2.4/howto/auth.html]


In .htaccess or </Directory> section put:
In .htaccess or </Directory> section put:
  Authtype Basic
  Authtype Basic
  AuthUserFile /etc/apache/htusers
  AuthUserFile /etc/apache/htusers
Line 94: Line 151:
  AuthName "Protected"
  AuthName "Protected"


==Hide directories==
== Hide directories ==
 
  RedirectMatch 404 /\.svn(/|$)
  RedirectMatch 404 /\.svn(/|$)


or
<DirectoryMatch "^/.*/\.git/">
  Require all denied
</DirectoryMatch>
== Deny access to files ==
  <FilesMatch \.(?i:gif|jpe?g|png)$>
  <FilesMatch \.(?i:gif|jpe?g|png)$>
  Require all denied
</FilesMatch>




==Strange hang and not restarting==
&nbsp;
 
== Strange hang and not restarting ==


  ipcs -s|grep apache
  ipcs -s|grep apache
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;
  for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;


==Get core dumps==
== Get core dumps ==
*http://wiki.apache.org/httpd/CoreDump
*/usr/share/doc/apache2.2-common/README.backtrace


*http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html
*[http://wiki.apache.org/httpd/CoreDump http://wiki.apache.org/httpd/CoreDump]
*/usr/share/doc/apache2.2-common/README.backtrace


*[http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html http://www.cyberciti.biz/tips/configure-apache-web-server-for-core-dump.html]


In apache configuration:
In apache configuration:
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)


===On freebsd===
=== On freebsd ===


Set apache22limits_enable="YES in /etc/rc.conf
Set apache22limits_enable="YES in /etc/rc.conf


In apache configuration:
In apache configuration:
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)
   CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)


Line 127: Line 197:
  sysctl kern.coredumps=1
  sysctl kern.coredumps=1


===On Debian===
=== On Debian ===
  sysctl fs.suid_dumpable=2 ?
 
  ulimit -c unlimited ?
  sysctl fs.suid_dumpable=2&nbsp;?
  ulimit -c unlimited&nbsp;?
 
== Socket is not connected: core_output_filter: writing data to the network ==


==Socket is not connected: core_output_filter: writing data to the network==
Bug in some versions?
Bug in some versions?


==Connection refused: connect to listener on 0.0.0.0:80==
== Connection refused: connect to listener on 0.0.0.0:80 ==
Seems a jail problem, try setting  
 
Seems a jail problem, try setting
 
  Listen 12.33.44.55:80
  Listen 12.33.44.55:80


&nbsp;


== No such file or directory: Failed to enable the 'httpready' Accept Filter ==


==No such file or directory: Failed to enable the 'httpready' Accept Filter==
In /boot/loader.conf
In /boot/loader.conf
  accf_data_load="YES"
  accf_data_load="YES"
  accf_http_load="YES"
  accf_http_load="YES"


&nbsp;


==sorting apache logs==
== sorting apache logs ==
http://jehiah.cz/archive/sorting-apache-logs


[http://jehiah.cz/archive/sorting-apache-logs http://jehiah.cz/archive/sorting-apache-logs]


==unable to include potential exec==
&nbsp;


==Rewriting and redirecting==
== unable to include potential exec ==
http://www.aitechsolutions.net/apacheredirect.html
 
== Rewriting and redirecting ==
 
[http://www.aitechsolutions.net/apacheredirect.html http://www.aitechsolutions.net/apacheredirect.html]
 
=== redirect http to https ===


===redirect http to https===
  #this usually does the trick
  #this usually does the trick
  Redirect permanent / https://foo.com
  Redirect permanent / [https://foo.com https://foo.com]


  *http://www.whoopis.com/howtos/apache-rewrite.html
  *[http://www.whoopis.com/howtos/apache-rewrite.html http://www.whoopis.com/howtos/apache-rewrite.html]


&nbsp;


== debugging rewrites ==


==debugging rewrites==
== status codes ==


*[http://www.w3.org/Protocols/HTTP/HTRESP.html http://www.w3.org/Protocols/HTTP/HTRESP.html]


==status codes==
&nbsp;
*http://www.w3.org/Protocols/HTTP/HTRESP.html


== client denied by server configuration ==


==client denied by server configuration==
That's the Deny/Allow bits in config
That's the Deny/Allow bits in config
&nbsp;
== AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart ==
Needs a real restart
== AH00162: server seems busy ==
maybe it's busy
== server-status: ERROR 500: Internal Server Error==
??

Revision as of 13:59, 16 September 2022

From the apache homepage:

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Links

Documentation
http://httpd.apache.org/ Apache homepage
http://httpd.apache.org/docs/2.2/ 2.2 Reference
http://httpd.apache.org/docs/2.0/ 2.0 Reference
http://httpd.apache.org/docs/1.3/ 1.3 Reference
Apache and SSL
Apache2, Debian and SSL
More Apache and SSL
Articles
vhosts explained "Simplify Your Life with Apache Virtual Hosts" Russell Dyer 07/24/2003
Tools
http://awstats.sourceforge.net/ Apache log analyzer

Documentation

Virtual hosts

Application & modules

Log analyzers


Notes

  • Don't use the CGI to present the data unless it is protected. Best use awstats_buildstaticpages.pl to build the static pages and present those. Save resources and is more secure.

Related Items

Web-based Single Sign-On

Applications

Comparisons


HOWTO

Log SSL protocols

CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


FAQ

Enable module

On Debian

a2enmod

On RedHat

Enable HSTS

a2enmod headers

and in config

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"

AH01630: client denied by server configuration

Probably using 2.2 config on 2.4, change

Order allow,deny
Allow from all

to

Require all granted

[core:emerg] [pid 3317] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex

Check

ipcs -s

 

Check which MPM is running ( prefork or worker)

httpd -V | grep MPM


NameVirtualHost *:80 has no VirtualHosts

This means you're using <VirtualHost *> instead of <VirtualHost *:80> Or you have multiple declarations of NameVirtualHost *:80

Telnet session to webserver

telnet www.example.com 80
get / HTTP/1.1
<enter>
<enter>

For a virtual also pass host:

get / HTTP/1.1
host: virtual.host.com
<enter>

 

Apache memory usage

ps aux|grep http|awk '{sum+=$4} END {print sum}'

 

Authentication

Read:

In .htaccess or </Directory> section put:

Authtype Basic
AuthUserFile /etc/apache/htusers
Require valid-user
AuthName "Protected"

Hide directories

RedirectMatch 404 /\.svn(/|$)

or

<DirectoryMatch "^/.*/\.git/">
 Require all denied
</DirectoryMatch>

Deny access to files

<FilesMatch \.(?i:gif|jpe?g|png)$>
 Require all denied
</FilesMatch>


 

Strange hang and not restarting

ipcs -s|grep apache
for i in `ipcs -s|grep apache|awk {'print $2'}`;do ipcrm sem $i;done;

Get core dumps

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

On freebsd

Set apache22limits_enable="YES in /etc/rc.conf

In apache configuration:

 CoreDumpDirectory /tmp/apache2-gdb-dump (make sure to have proper rights)

Other stuff to try

sysctl kern.sugid_coredump=1
sysctl kern.coredumps=1

On Debian

sysctl fs.suid_dumpable=2 ?
ulimit -c unlimited ?

Socket is not connected: core_output_filter: writing data to the network

Bug in some versions?

Connection refused: connect to listener on 0.0.0.0:80

Seems a jail problem, try setting

Listen 12.33.44.55:80

 

No such file or directory: Failed to enable the 'httpready' Accept Filter

In /boot/loader.conf

accf_data_load="YES"
accf_http_load="YES"

 

sorting apache logs

http://jehiah.cz/archive/sorting-apache-logs

 

unable to include potential exec

Rewriting and redirecting

http://www.aitechsolutions.net/apacheredirect.html

redirect http to https

#this usually does the trick
Redirect permanent / https://foo.com
*http://www.whoopis.com/howtos/apache-rewrite.html

 

debugging rewrites

status codes

 

client denied by server configuration

That's the Deny/Allow bits in config

 

AH00179: changing ServerLimit to 700 from original value of 512 not allowed during restart

Needs a real restart

AH00162: server seems busy

maybe it's busy

server-status: ERROR 500: Internal Server Error

??