Apache

How to Enable Deflation of Files on Apache Web Server

Posted on
To enable deflation on Apache web server can reduce the size of files that your server responded, the configuration is quite simple:Just add the following lines to httpd.conf[root@localhost ~]# vi /etc/httpd/conf/httpd.conf…<IfModule mod_deflate.c>    <filesMatch “.(js|css|html|php)$”>        SetOutputFilter DEFLATE    </filesMatch></IfModule>
Apache

How to Install Newest LAMP on CentOS 7 Minimal (2/3) – Apache

Posted on
How to Install Newest LAMP on CentOS 7 Minimal (1/3) – MySQLSince the version of Apache HTTP Server provided by CentOS 7 is pretty new (2.4.6), so we use it as our httpd version of LAMP.Check what version of httpd we can have.[root@primary01 ~]# yum info httpdLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfile * base: mirror01.idc.hinet.net * […]
Apache

How to Return 404 Not Found Just Looks Like Apache’s

Posted on
Sometimes, you may want to prevent specific users from accessing data in some conditions and return them a mild refusal 404 Not Found page instead, just looks like Apache httpd does. For example, you can do this in PHP:<?php…if (isRegistered()) { $dump = <<<_END<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL {$_SERVER[‘REQUEST_URI’]} […]
Apache

Apache Httpd Optimization on Processes and Requests

Posted on
First, check what the type of MPM we are running with:[root@web ~]# apachectl -lCompiled in modules:  core.c  prefork.c  http_core.c  mod_so.cSince we are running “prefork” rather than “worker”, we should search the section of <IfModule prefork.c> in httpd.conf, where the directives are our targets for tuning. Let’s see the original values for this module.[root@web ~]# cat […]
Apache

What are Malicious Visitors Looking For

Posted on
You might have been aware of some visitors were searching for something different on your website like the following sample log posted by someone at http://pastebin.com/LhH8rQuh , and I believe the sample log is excerpted from his /var/log/httpd/error_log.[Fri May 16 09:27:40 2014] [error] [client 37.59.41.169] File does not exist: /var/www/vhosts/default/htdocs/jmx-console[Fri May 16 09:27:42 2014] [error] [client 37.59.41.169] […]
Apache

How to Password Protect Web Directories by HTDIGEST

Posted on
HTTP Basic Authentication – htpasswd is a quite old technology which has been lasted and evolved for a long time. It’s easy to setup, but the drawback is that it sends the password from the client to the server unencrypted and seemed vulnerable. Therefore we should choose the stronger authentication type, which is HTTP Digest […]
Apache

How to Limit Access to Web Directories Based on Hosts

Posted on
If you want to limit access to a specific directory, you should consider two techniques:Authorization Based on Hosts: when the users are limited in number and sources. I will show an example in this post to demonstrate the authorization scheme.Password-Protected Directory: when the users are arbitrary or their source are very dynamic. For more details, […]
Apache

How to Redirect HTTP to HTTPS by Web Server

Posted on
Apache httpd provides several ways to force clients to use secure http, one is redirect which is recommended, the other is rewrite. Redirect is rather easy to understand by adding this line for instance to your httpd.conf Redirect permanent /login https://mysite.example.com/login But there’s a drawback, if you want to secure the whole site, this approach […]