Ubuntu/apache2
| Line 29: | Line 29: | ||
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html<br> | http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html<br> | ||
http://httpd.apache.org/docs/current/rewrite/remapping.html<br> | http://httpd.apache.org/docs/current/rewrite/remapping.html<br> | ||
| + | |||
| + | ==mod_authz_host== | ||
| + | Great tool for restricting access to a virtual site, easy to read and understand. Add options to the <Directory> settings in the site conf file. | ||
| + | <nowiki>ie. | ||
| + | <Directory /var/www/mysite.com/> | ||
| + | Order Deny,Allow | ||
| + | Deny from all | ||
| + | Allow from 10.1.1.50 | ||
| + | </Directory></nowiki> | ||
====enabling==== | ====enabling==== | ||
was not enabled by default for my ubuntu 14.04 vm. | was not enabled by default for my ubuntu 14.04 vm. | ||
| Line 85: | Line 94: | ||
Servername https://wiki.r00tedvw.com</nowiki> | Servername https://wiki.r00tedvw.com</nowiki> | ||
Apparently, it is redundant and will cause issues if you list the hostname in the VirtualHost. In this instance, I only have (1) site live on the server, so this may not be the correct solution for a multi-tenant setup. | Apparently, it is redundant and will cause issues if you list the hostname in the VirtualHost. In this instance, I only have (1) site live on the server, so this may not be the correct solution for a multi-tenant setup. | ||
| + | |||
| + | |||
| + | |||
| + | ==Hardening== | ||
Revision as of 22:25, 20 January 2016
Contents |
Basic Info
- apache2 is the most popular web hosting application on the market today
start|stop|restart apache2
sudo /etc/init.d/apache2 start|stop|restart
OR
sudo service apache2 start|stop|restart
apache2 enable site
a2ensite [site config file name] i.e. a2ensite default-ssl
apache2 disable site
a2dissite [site config file name] i.e. a2dissite default-ssl
apache2 enable module
a2enmod [module] i.e. a2enmod mod_ssl
apache2 disable module
a2dismod [module] i.e. a2dismod mod_ssl
disable indexing
~$ sudo a2dismod autoindex Module autoindex disabled. To activate the new configuration, you need to run: service apache2 restart
mod_rewrite
very power, very confusing tool.
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
http://httpd.apache.org/docs/current/rewrite/remapping.html
mod_authz_host
Great tool for restricting access to a virtual site, easy to read and understand. Add options to the <Directory> settings in the site conf file.
ie.
<Directory /var/www/mysite.com/>
Order Deny,Allow
Deny from all
Allow from 10.1.1.50
</Directory>
enabling
was not enabled by default for my ubuntu 14.04 vm.
sudo a2enmod rewrite
redirect
Request: redirect all traffic from a domain, including any subpage, to the landing/index page of another domain
Condition: mod_rewrite is enabled. virtual hosts are used
Resolution:
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/index.html$
RewriteRule .* http://newdomain.com/? [R=302,L]
ServerName olddomain1.com
ServerAlias olddomain2.com
Redirect permanent / http://newdomain.com/
</VirtualHost>
<VirtualHost *:80>
ServerName newdomain.com
ServerAdmin [email protected]
DocumentRoot /var/www/newdomain.com
TransferLog /var/log/apache2/newdomain.com-access_log
ErrorLog /var/log/apache2/newdomaincom-error_log
</VirtualHost>
Disable SSLv2/3
Add the following to your apache config. I added mine right below the other SSL Entries specifying the engine, cert file and key file.
#Disable SSLv3 SSLProtocol All -SSLv2 -SSLv3
listen on non-standard port
On ubuntu 14.04, it is done by adding this:
~$ sudo vi /etc/apache2/ports.conf Listen 80 Listen 8080
Troubleshooting
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
- Ubuntu 14.04
~$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf ~$ sudo a2enconf fqdn
SSL Error: Invalid method in request \x16\x03\x01
I only started having SSL issues after moving to CloudFlare as a proxy so that they would provide me with a free SSL cert. I found that this issue appeared to be due to the fact my Virtual Host site conf was setup as such:
(snippet)
<VirtualHost https://wiki.r00tedvw.com:443>
Servername https://wiki.r00tedvw.com
I changed it to this:
<VirtualHost *:443>
Servername https://wiki.r00tedvw.com
Apparently, it is redundant and will cause issues if you list the hostname in the VirtualHost. In this instance, I only have (1) site live on the server, so this may not be the correct solution for a multi-tenant setup.
