Category: Apache

Apache disable directory index
When Apache Directory Index is enabled, if you browse to a url that have no index file present, you will see list of all files. This is not good for securiy as hackers can see all files present in the directory.

One way to disable this directory listing is create a file with name index.html or index.php (whatever file name that is specified in Apache DirectoryIndex) with no content.

Another solution is to disable directory indexing for the web site in Apache virtual host configuration, for this, under Options -Indexes
Here is an example apache configuration file
```
    ServerName serverok.in
    ServerAlias www.serverok.in
    ServerAdmin info@serverok.in
    DocumentRoot /home/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    ErrorLog ${APACHE_LOG_DIR}/serverok.in-error.log
    
        Options All -Indexes
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    
```
Method 2: disable autoindex module

Directory listing is generated by apache module mod_autoindex.

You can disable this module to disable directory listing generation

On Ubuntu/Debian
```
a2dismod autoindex -f
systemctl restart apache2
```
See Apache
September 25, 2020
Enable CORS in Apache
To enable CORS in apache, add the following in VirtualHost or .htaccess
```
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS"
```
If your apache installation don’t have mod_headers installed, you need it enabled with
```
a2enmod headers
systemctl restart apache2
```
August 1, 2020

apachectl status www-browser not found

On a Ubuntu server, run i run apachectl status, i get following error.

root@server:~# apachectl status
/usr/sbin/apachectl: 113: /usr/sbin/apachectl: www-browser: not found
'www-browser -dump http://localhost:80/server-status' failed.
Maybe you need to install a package providing www-browser or you
need to adjust the APACHE_LYNX variable in /etc/apache2/envvars
root@server:~#

To fix error, install lynx text based browser.

apt install lynx

After installing lunx, apachectl status started working.

See Apache

July 28, 2020

Apache LogFormat show full domain name
To show the full domain name in the Apache access log, you can use the following log format
```
LogFormat "%h %l %u %t \"%m https://%v:%p%U%q %H\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" sok_log
```
If you want to show the port also, use
```
LogFormat "%h %l %u %t \"%m https://%v%U%q %H\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" sok_log
```
To use this LogFormat for logging, edit Apache VirtualHost, add
```
CustomLog /path/to/access.log sok_log
```
See Apache
July 22, 2020
Redirect a folder to another
To redirect a folder to another using .htaccess, create
```
RedirectMatch 301 ^/OLD_FOLDER/(.*)$ /NEW_FOLDER/$1
```
Or
```
RewriteEngine On
RewriteRule ^OLD_FOLDER/(.*)$ /NEW_FOLDER/$1 [R=301,NC,L]
```
Or
```
Redirect 301 /OLD_FOLDER /NEW_FOLDER
```
if new folder is on another domain, you can use https://new-domain.com/OLD_FOLDER

See Redirect
June 19, 2020
Password Protect Site using htaccess
To password protect a web site or a sub folder using .htaccess, create a .htaccess file in the folder.
```
vi .htaccess
```
Add following content
```
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/site-logins
Require valid-user
```
In this case, i used /etc/apache2/site-logins as AuthUserFile, this will store all user and password. You can change this file path to whatever you need. Make sure it is not accessable from public, so keep it outside of document root of your web site.

Now create a user with command
```
htpasswd -c /etc/apache2/site-logins USER_NAME_HERE
```
June 9, 2020
Apache Show Real IP Address when using CloudFlare
When using Apache web server behind cloudflare, apache logs show cloudflare IP address instead of real visitor IP address. To show actual visitor IP address, you need to install mod_cloudflare apache module.

Before you can install the module, you need to install following requirments.

On Debian/Ubuntu server,
```
apt-get install apache2-dev libtool git
```
Now install mod_cloudflare with
```
cd /usr/local/src
git clone https://github.com/cloudflare/mod_cloudflare.git; cd mod_cloudflare
apxs -a -i -c mod_cloudflare.c
```
Restart apache web server with
```
service apache2 restart
```
Verify mod_cloudflare apache module is loaded with
```
apachectl -M | grep cloudflare
```
March 27, 2020
Redirect site to HTTPS excluding a folder
On a web site, customer need to redirect all pages to HTTPS, but want to keep files in one of the folder on HTTP.

For this, i used following in .htaccess file.
```
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/auth/.*
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
```
Here any url like yourdomain.extn/auth/ will not get redirected to HTTPS.

See Redirect
March 20, 2020

Apache Performance Tuning

To optimize Apache web server, run

curl -sL https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl | sudo perl

January 13, 2020

Apache Show Real IP Behind Reverse Proxy on CentOS

When Apache web server running behind reverse proxy or load balancer, server log and scripts show IP of reverse proxy server or load balancer as IP of visitor. To fix this, you need to configure revese proxy or load balancer to forward Real IP of visitor on Header X-Forwarded-For, this most load balacner do by default.

Edit Apache configuration file

vi /etc/httpd/conf.d/remoteip.conf

Add

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy IP_OF_YOUR_PROXY_SERVER_HERE

Example

[root@localhost ~]# cat  /etc/httpd/conf.d/remoteip.conf
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 192.168.122.1
[root@localhost ~]#

Doing this will make PHP scripts show real IP of visitor. You need to restart Apache web server before the change take effect. You can verify by creating a PHP script with content


To make Apache show real IP in access log, edit
vi /etc/httpd/conf/httpd.conf

Find
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Replace with
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

Restart Apache web server
systemctl restart httpd

November 22, 2019

Apachectl
apachectl command is used to interact with Apache web server.

To see Apache status
```
apachectl status
```
To list virtualhost info, run
```
apachectl -t -D DUMP_VHOSTS
```
List VirtualHost + server config.
```
apachectl -S
```
To list loaded apache modules, run
```
apachectl -M
```
Related Posts

Apache Web Server
apachectl status www-browser not found
November 8, 2019

Apache run web site as user with mod_ruid2

mod ruid2 allow you to run web site as differnt user from the one web server is running. This is helpfull when you have multiple web sites on same Apache web server.

To install mod_ruid2 on Ubuntu/Debian server, run

apt install libapache2-mod-ruid2

Edit VirtualHost entry for the web site, add

RMode config
RUidGid USERNAME_HERE GROUP_HERE

Restart Apache

systemctl restart apache2

Now website will run as user specified in line

RUidGid USERNAME_HERE GROUP_HERE

Example

root@create:~# cat /etc/apache2/sites-enabled/serverok.in.conf 

    ServerName serverok.in
    ServerAdmin admin@serverok.in
    DocumentRoot /home/serverok.in/html
    CustomLog ${APACHE_LOG_DIR}/serverok.in.log combined
    ErrorLog ${APACHE_LOG_DIR}/serverok.in-error.log
    
        RMode config
        RUidGid serverok serverok
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    

root@create:~#

See Apache

September 25, 2019

Category: Apache

Method 2: disable autoindex module