Kategorie:Apache

prevent hotlinking

• http://www.rebeccablood.net/archive/2006/07/prevent_hotlinking_without_mod.html

mpm-itk

• http://blog.stuartherbert.com/php/2008/04/19/using-mpm-itk-to-secure-a-shared-server/

log ips behind reverse proxy

There are two possibilities, the first is to redefine the logformat, so other modules in the apache are still only aware of the proxy ip, the second one is to use a module, which then makes the ip aware for all other modules (php-apps, mod_security etc.) as well.

Note: With both versions the reverse proxy has to set the x-forwarded-for header.

logrewrite

If you are using a reverse proxy (like sysop:Squid to protect your webserver or doing a loadbalancing, you can still log the real ip. Just define a LogFormat

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ip

and then use this (combined_ip) as the CustomLog.

mod_extract_forwarded2

Attention: There seems to be a lot better module here: http://www.openinfo.co.uk/apache/

There are even rpms for that one.

For apache 2.0.x as well 2.2.x you can user mod_extract_forwarded2 from http://www.cotds.org/mod_extract_forwarded2/

Installation (gentoo system, apache 2.2.x)

• download the tar
• unpack it, cd to the dir
• ln -s /etc/apache2/httpd.conf /etc/apache2/apache2.conf
• apxs2 -c -i -a mod_extract_forwarded2.c
• rm /etc/apache2/apache2.conf
• vi /etc/apache2/httpd.conf (correct the module path, which has been set wrong by apxs2)
  • LoadModule extract_forwarded_module modules/mod_extract_forwarded2.so
• printf "<IfModule extract_forwarded_module>\n\tAddAcceptForwarder $yourProxyIP(s)\n</IfModule>" > /etc/apache2/modules.d/99_mod_extract.conf
• /etc/init.d/apache2 restart

problems with shared files

If you see:

Cannot allocate shared memory: (17)File exists

maybe it's: /var/run/apache2/ssl_scache

Please remove SSL apache cache file:
rm -rf /var/cache/mod_ssl/scache

maybe it's under:

/var/log/apache2/ssl_cache

remove and problem should be fixed...

Putting a Site into maintenance Mode

• http://www.techiecorner.com/97/redirect-to-maintenance-page-during-upgrade-using-htaccess/

echo "This site is unter maintenance. Please come back later" > WEBHOME/maintenance.html

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_HOST} !^888\.888\.888\.888

RewriteRule $ /maintenance.html [R=302,L]