» Apache

Install mod_bandwidth
By admin on March 23rd, 2009 | 3 Comments

What is Mod_Bandwidth

“Mod_bandwidth” (mod bandwidth) is a module for the Apache webserver that enable the setting of server-wide or per connection bandwidth limits, based on the directory, size of files and remote IP/domain.

For Apache 1.3x. ONLY! This how-to is not compatible with old versions of apache, including but not limited to 1.3beta

How to install mod_bandwidth

1. Login to your server via SSH as root.

2. Type: mkdir /root/mod_bw

3. Type: cd /root/mod_bw

4. Type: wget ftp://ftp.cohprog.com/pub/apache/module/1.3.0/mod_bandwidth.c

5. Type: /usr/local/apache/bin/apxs -c /root/mod_bw/mod_bandwidth.c -o /usr/local/apache/libexec/mod_bandwidth.so

6. Type: mkdir /usr/local/apache/bw_limit

7. Type: mkdir /usr/local/apache/bw_limit/link

8. Type: mkdir /usr/local/apache/bw_limit/master

9. Type: pico -w /etc/httpd/conf/httpd.conf

10. Locate the following Line: LoadModule rewrite_module libexec/mod_rewrite.so

11. Before the above line add this:
LoadModule bandwidth_module libexec/mod_bandwidth.so

12. Now locate this line: AddModule mod_env.c

13. Before the above line add this:
AddModule mod_bandwidth.c

14. Now locate this line: # Document types.

15. Before the above line add this:
BandWidthDataDir “/usr/local/apache/bw_limit”
BandWidthModule On

16. To enable mod_bandwidth on a virtual host locate the virtual host entry for the specified domain/acount you wish to limit. Just before the line add the following:
BandWidthModule On
BandWidth all 512

The 512 can be replaced with whatever rate you wish to limit the acount too.

17. Save the file and exit.
CTRL-X then Y then enter.

18. Type: service httpd restart

19. Type: cd /usr/sbin

20. Type: wget ftp://ftp.cohprog.com/pub/apache/module/cleanlink.pl

What is cleanlink?
Cleanlink is a deamon that is used to clean links created by mod_bandwidth when they aren’t removed properly by the server. (When a httpd process doesn’t terminate the usual way.)

21. Type: chmod 755 cleanlink.pl

22. Type: pico -w cleanlink.pl

23. Change $LINKDIR to the following:
$LINKDIR=”/usr/local/apache/bw_limit/link”;

24. Save the file and exit.
CTRL-X then Y then enter.

25. Type: perl cleanlink.pl

26. Type: pico -w /etc/rc.d/rc.local

27. Scroll down to the very end of the file and add the following:
# The following line Launches CleanLink for Mod_Bandwidth
perl /usr/sbin/cleanlink.pl

28. Save the file and exit.
CTRL-X then Y then enter.

mod_bandwidth has many options. If you wish to modify mod_bandwidth and enable more options please visit the documentation available by the programmer here: http://www.cohprog.com/v3/bandwidth/doc-en.html
Stop Coredump file
By sps on March 23rd, 2009 | 4 Comments
Many webmasters ask me how to stop core dump files in Apache.. Now today i will tell you how to stop core dump file in apache. This is basically happens when System Crashes it makes a coredump file in the public_html Directory.

The possible reason for the core files getting generated is when a php process is killed, apache creates core files under your account .

On phpSuexec servers this may cause due to incorrect php.ini file placed in your account and if it is caused due to php/apache then you can get rid off those core files by editing the httpd startup file on the server end .

Lets start
Code:
```
root@server [~]# vi /etc/init.d/httpd
```
Search for ulimit lines .For eg : you can see these lines
Code:
```
ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
```
You need to add ulimit -c 0 at the end .Which will look like :
Code:
```
ulimit -n 1024
ulimit -n 4096
ulimit -n 8192
ulimit -n 16384
ulimit -c 0
```
root@server [~]# :wq

Save changes and quit.
Now kill / stop apache service and then start apache service on the server .
Code:
```
root@server [~]# service httpd stop
root@server [~]# service httpd stop
httpd (no pid file) not running
root@server [~]# service httpd startssl
root@server [~]# service httpd startssl
httpd (pid 21154) already running
```
Finished

It works most of the OS.

Self tested on CENTOS 5.2 i686 on standard
Exim Failed – Exim is not running
By sps on February 27th, 2009 | 6 Comments

A restart was attempted automagically.
Service Check Method: [check command]

Cmd Service Check Raw Output: Exim is not running

This is a bug in Exim
here are the steps how i fix this problem

Hello friends
you can doit by SSH
I first ran:

/scripts/eximup –force –source

I then removed the old exim RPM, which was preventing the correct one from

being updated.

I then ran:

/scripts/eximup –force

Exim is now up well.

Thank you.
Install mod_limitipconn For Apache
By admin on February 2nd, 2009 | No Comments

Installing mod_limitipconn.c

This is the distribution page for the Apache module mod_limitipconn.c, which
allows web server administrators to limit the number of simultaneous
downloads permitted from a single IP address.

Why did I write this module? Well, I run an mp3 server which since its
inception was being constantly hosed by people who were trying to download
dozens of files at once. For months I scoured the Internet looking for a
code snippet that would solve this problem. The closest thing I found was this
patch against an old version of Apache, and it didn’t run properly on my Linux box
(that was back then; nowadays, the patch doesn’t even apply cleanly to the
Apache source tree).

Finally I gave up and decided to write something to do the job myself, and
here’s the result.
=================
Log into ssh

(Apache 1.3.x) -
cd /usr/src
http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
tar xzvf mod_limitipconn-0.04.tar.gz
cd mod_limitipconn-0.04

(Apache 2.0.x)
cd /usr/src
http://dominia.org/djao/limit/mod_limitipconn-0.22.tar.gz
tar xzvf mod_limitipconn-0.22.tar.gz
cd mod_limitipconn-0.22

pico Makefile
find the line that reads APXS=apxs
change that to
APXS=/usr/local/apache/bin/apxs

press cntrl O to save
then cntrl X

// if your locations to apxs is different
locate apxs and copy the path
then paste that in
//

make
make install

service httpd restart

pico -w /etc/httpd/conf/httpd.conf

locate ExtendedStatus
Make sure ExtendedStatus is on and without the comment at the start

and add this line to every virtual directory you want to limit
or add it once to the main directory to limit all

MaxConnPerIP 3
# exempting images from the connection limit is often a good
# idea if your web page has lots of inline images, since these
# pages often generate a flurry of concurrent image requests
NoIPLimit image/*

MaxConnPerIP 1
# In this case, all MIME types other than audio/mpeg and video*
# are exempt from the limit check
OnlyIPLimit audio/mpeg video

press cntrl O to save
then cntrl X
then service

httpd restart
When i try it i have limit /download location and works really good. so dude enjoy
PHP Spam Injection Protect it with Apache ModSecurity
By vinod on February 2nd, 2009 | No Comments

From my old experience with my server From time to time we work with clients who would like to upgrade their web sites. Often their site is composed of various one-off applications — typically PHP-based — that someone built for them. More often than not, these applications were not developed with security in mind.

Our first reaction is to pull the plug, analyze, and rebuild a secure and scalable solution. But pulling the plug is usually not an option. If a company relies on an application for leads or sales, they probably can’t afford to shut it down for any length of time. Under these circumstances, triage is usually the best one can hope for.

Fortunately, there are a few things one can do to stem the bleeding. One of the more common problems with PHP-based applications is that they can allow the injection of malicious content, such as SQL or email spam. In some cases we find that over 95% of a client’s ISP traffic is coming from spam injection. The solution? Grab an industrial size helping of Apache mod_security.

What is it? From the ModSecurity home page:

ModSecurityTM is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

Essentially, it inspects web traffic passing through the web server for suspicious content as well as attempts to trigger buffer overflows, etc. When it finds such content, it can stop the traffic and/or log the incident.

To put mod_security to work for you, first, download and unpack the tarball, build and install the DSO, and update Apache’s httpd.conf file.

cd /usr/local; tar xzf /root/modsecurity-apache-1.9.4.tar.gz
cd /usr/local/modsecurity-apache-1.9.4/apache2
/usr/local/apache2/bin/apxs -cia mod_security.c

Paste the ModSecurity minimal recommended filtering rules into your httpd.conf file. Here are the first few lines from from the online manual’s Appendix A: Recommended Configuration:

# Turn ModSecurity On

SecFilterEngine On

# Reject requests with status 403

SecFilterDefaultAction “deny,log,status:403″

# Some sane defaults

SecFilterScanPOST On

SecFilterCheckURLEncoding On

SecFilterCheckUnicodeEncoding Off

If you’d just like to see if someone is trying to exploit your site, you can set up ModSecurity to simply audit your traffic. The lines

# Log rule violations, but allow the requests

SecFilterDefaultAction “log,pass”

will do that for you. However, please note that if you want to merely log rule violations without denying the traffic, you must not include any implicit validations (URL encoding validation, Unicode encoding validation, cookie format validation, and byte range restrictions) in your rules.When you are satisfied with your rules, you can deny the traffic by changing the default action to this:

# Deny requests and log with status 403

SecFilterDefaultAction “deny,log,status:403″

Once you’ve got a bunch of traffic in your audit log, you can grep through it to see if you’ve got visitors with bad intentions:

grep -i ‘to|bcc|cc’ audit_log | less
or
grep -i ‘to|bcc|cc’ audit_log | wc -l

You may find lots of suspicious lines. In fact, you may find that some spammers are including portions of books, stories, or other nonsense, presumably to get past the final recipients’ Bayesian spam filters.

To block a common PHP mail injection exploit, add a rule like this to your httpd.conf file in the ModSecurity section:

# necessary to stop spammers doing mail injection into PHP mail forms!!!
SecFilterSelective ARGS_VALUES “\n[[:space:]]*(to|bcc|cc)[[:space:]]*:.*@”

The ModSecurity site also conveniently includes a package of rules, including PHP-related rules, grouped by function. Note that there are “SQL Injection Attack” rules in the “general” conf file. You can include the rule groups you want by using an “Include” directive in the ModSecurity section of your httpd.conf file; i.e. “Include conf/modsecurity-php.conf”.

These rules are a good place to start, as are the rules from gotroot.com. You may need to tweak these a little bit, and be selective in which rulesets you apply. For example, often aggregating IP addresses such as AOL proxies are blocked due to the blacklist rules, which may not be what you want.

This is only a brief introduction, but I hope you will try ModSecurity for yourself, and discover how powerful it can be.
Zone transfer AXFR + Change or Disable Name Server version
By admin on September 5th, 2008 | 1 Comment

At least one of your nameservers allowed a zone transfer to be performed. The zone transfer enables the extraction of all DNS data available for the zone. According to DNS best practices it is advisable to disable zone transfers for public slave zones.

To disable zone transfer

Login with root

edit named.conf

root@server [~]# vi /etc/named.conf

by setting this in options {}

allow-transfer { };

root@server [~]# :wq

Those persons who want to change there or disable thier nameserver Version do as writen in the above image.

version ” ” ;

This will disable your name server Version

That’s it you are done..

«
« Newer
1
Older »
»

» Apache

Categories

Pages

Recent Posts

Top Commentators

Recent Comments