=============================================================== INSTALLATION AND INITIAL CONFIGURATION Source code: http://www.apache.org/ > HTTP Server (httpd.apache.org) > download httpd-2.2.6.tar.bz2 check it: md5sum htt* tar tvf htt* unzip it: tar xvjf http* build it: cd htt* ./buildconf ./configure --prefix=/usr/local/apache --with-layout=Apache --enable-modules=most --enable-mods-shared=most make su - (must be root for next step) make install RPM: rpmfind.net > search for hpptd, and select version for OS Installing Apache RPM on Linux (RH9) rpm -qa | grep hpptd (check if already installed) rpm -ihv hpptd* (to install apache rpm) rpm -ql hpptd | less (find Apache httpd.conf file) service httpd stop/start/restart apachectl start/stop/restart vi httpd.conf (ver 2.0.40-21) Basic setup: ServerRoot /etc/httpd (location of Apache) ServerAdmin root@localhost (root email) ServerName myhostname.localdomain:80 (update to correct hostname) DocumentRoot /var/www/html (location of docs to serve) To select default home page names: DirectoryIndex index.html index.html.var homepage.htm To enable user directories: #UserDir disable (comment out this line) UserDir public_html (uncomment this line) chmod 755 (all directories in path to published docs) chmod 644 (html-files doc files) =============================================================================== REMOVING APACHE source: cd /usr/local rm -rf apache rpm: rpm -e httpd httpd-suexec =============================================================================== TROUBLESHOOTING 1) Commands to set permissions: chmod 755 (all directories in path to published docs) chmod 644 (html-files doc files) 2) Firewall settings 3) Turn off secure Linux vi /etc/sysconfig/selinux or use Fedora Firewall admin tool set SELINUX=disabled =============================================================================== LOG FILE MONITORING: ErrorLog logs/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access_log combined tail -f access_log (cntr-c to end) [root@frodo1 logs]# tail -f /etc/httpd/logs/access_log 172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192 HTTP/1.1" 301 307 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192/ HTTP/1.1" 200 5159 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 172.30.4.153 - - [07/Nov/2007:17:09:52 -0800] "GET /~cis192/frodo-167x125.jpg HTTP/1.1" 200 7432 "http://172.30.4.111/~cis192/" "Mozilla/4.0 compatible; MSIE 6.0; Windows NT 5.1; SV1)" 172.30.4.153 - - [07/Nov/2007:18:17:11 -0800] "GET /~cis192/ HTTP/1.1" 304 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 172.30.4.153 - - [07/Nov/2007:18:17:11 -0800] "GET /~cis192/frodo-167x125.jpg HTTP/1.1" 304 0 "http://172.30.4.111/~cis192/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" http://www.mrunix.net/webalizer/ > download webalizer***-x86-bin.tgz > tar tzvf web* > tar xzvf web* > ./webalizer /var/log/httpd/access_log > browse to file:///usr/local/ > click on webalizer directory > click of reports # To find all the entries from Feb 2002 cd /usr/local/apache2/logs grep "Mar/2003" access_log # Can pipe results to wc (word count) program grep "Mar/2003" access_log | wc -> 418 4180 46311 # Returns number of lines, words and characters # May be many transactions per page -- why? # Can remove gif and jpg files with egrep command grep "Mar/2003" access_log | egrep -v 'gif|jpg' | wc -> 414 4140 45795 #Use cut command to extract the first field from the access log cut -d ' ' -f 1 access_log cut -d ' ' -f 1 access_log | sort -u # To get the total number of unique hosts, use the wc command cut -d ' ' -f 1 access_log | sort -u | wc # To get a count for a particular month: grep "Mar/2003" access_log | cut -d ' ' -f 1 | sort -u | wc -> 166 166 2329 ========================================================================================== VIRTUAL HOSTS # Lab 3a - virtual hosts by IP's (browse to 172.30.4.20x) # # ifconfig eth0:a 172.30.4.206 netmask 255.255.255.0 # ifconfig eth0:b 172.30.4.207 netmask 255.255.255.0 ServerName merida.localdomain:80 Listen 80 ServerName domain1 DocumentRoot /www/domain1 ServerName domain2 DocumentRoot /www/domain2 ServerName domain3 DocumentRoot /www/domain3 # # Lab 3b - virtual hosts by ports (browse to localhost:80xx) # ServerName merida.localdomain:80 Listen 8080 DocumentRoot /www/domain1 Listen 8085 DocumentRoot /www/domain2 Listen 8090 DocumentRoot /www/domain3 # # Lab 3c - virtual hosts by name (browse to domainx) # ServerName merida.localdomain:80 Listen 80 NameVirtualHost 172.30.4.206:80 ServerName default DocumentRoot /var/www/html ErrorLog logs/errlog.default CustomLog logs/accesslog.default combined ServerName domain1 DocumentRoot /www/domain1 ErrorLog logs/errlog.domain1 CustomLog logs/accesslog.domain1 combined ServerName domain2 DocumentRoot /www/domain2 ErrorLog logs/errlog.domain2 CustomLog logs/accesslog.domain2 combined ServerName domain3 DocumentRoot /www/domain3 ErrorLog logs/errlog.domain3 CustomLog logs/accesslog.domain3 combined * * Classroom server01 (with SSL and Virtual Hosts) * NameVirtualHost 172.30.1.201:80 ServerName server01.localdomain DocumentRoot /var/www/html ServerAlias server01 ServerName simms.localdomain DocumentRoot /www/simms ServerAlias simms ErrorLog /etc/httpd/logs/errlog.simms ========================================================================== DYNAMIC CONTENT # Lab 4 configuration #Enable scripts to run from cgi-bin directory ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" [root@frodo1 www]# pwd /var/www [root@frodo1 www]# ls cgi-bin error html icons [root@frodo1 www]# #!/bin/bash # CGI file to pull color from query string and set background color IFS='&' for i in $QUERY_STRING do eval $i done echo "Content-type: text/html" echo echo "

$name

" exit # Simple html form calling cgi file in /cgi/bin directory
Name:
Favorite Color:

#Enable scripts to run by file extension AddHandler cgi-script .cgi Options Indexes FollowSymLinks Includes ExecCGI # Simple html form calling cgi file in same directory
Name:
Favorite Color:

# To enable SSI AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options Indexes FollowSymLinks Includes Note: xBitHack on (allows any SSI file to run if it has execute permission) # Simple html file displaying SSI variables



======================================================================= ALIASES AND REDIRECTION Alias /newurl /www/htdocs/oldurl Alias /logs /etc/httpd/logs Redirect option /foo.html http://example.com/new/foo.html option = temp | permanent | gone | seeother temp is default if you leave blank Redirect permanent /tim http://server04 ====================================================================== SPELLING CORRECTION Module mod_speling CheckSpelling directive Syntax: CheckSpelling on|off ====================================================================== HTTP Protocol (Request line, Header section, Entity body) www.rexswain.com (HTTP viewer) Client side request: ------------------- telnet hayrocket.com 80 GET / HTTP/1.1 Host: hayrocket.com [space] [CR] Server responds with page: ------------------------- HTTP/1.1 200 OK Date: Mon, 12 Nov 2007 17:33:03 GMT Server: Apache/2.0.54 (Unix) PHP/4.4.7 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi /2.4.2 DAV/2 SVN/1.4.2 Last-Modified: Fri, 26 Oct 2007 22:56:35 GMT ETag: "22336f-115f-43332ec0" Accept-Ranges: bytes Content-Length: 4447 Vary: Accept-Encoding Content-Type: text/html Rich's Home Page ========================================================================== HACKER ATTACKS 1) DOS: fill up log files with page not found To mitigate: put log files in separate partition 2) Symbolic links allow access to other parts of file system To mitigate: configure Apache not to follow symbolic links (Options FollowSymLinks)