Apache: Difference between revisions
Jump to navigation
Jump to search
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=Documentation= | |||
http://httpd.apache.org/docs/2.3/mod/core.html | http://httpd.apache.org/docs/2.3/mod/core.html | ||
=proxy= | |||
The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as: | The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as: | ||
Line 11: | Line 11: | ||
This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server. | This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server. | ||
=who is hammering my apache?= | |||
sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log | sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log | ||
=POST logging mod_security= | |||
yum install mod_security | |||
/etc/httpd/conf.d/mod_security.conf.bak3 | /etc/httpd/conf.d/mod_security.conf.bak3 | ||
LoadModule security2_module modules/mod_security2.so | LoadModule security2_module modules/mod_security2.so | ||
<IfModule !mod_unique_id.c> | <IfModule !mod_unique_id.c> | ||
LoadModule unique_id_module modules/mod_unique_id.so | |||
</IfModule> | </IfModule> | ||
<IfModule mod_security2.c> | <IfModule mod_security2.c> | ||
SecRuleEngine On | |||
SecAuditEngine on | |||
SecAuditLog /var/log/httpd/modsec_audit.log | |||
SecRequestBodyAccess on | |||
SecResponseBodyAccess on | |||
SecUploadKeepFiles On | |||
SecUploadDir /var/log/httpd/files | |||
SecAuditLogParts ABCEIFGHZ | |||
SecDefaultAction "nolog,noauditlog,allow,phase:2" | |||
SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass" | |||
</IfModule> | </IfModule> | ||
=POST logging mod_dumpio= | |||
/etc/httpd/conf.d/mod_dumpio.conf.bak | |||
LoadModule dumpio_module modules/mod_dumpio.so | LoadModule dumpio_module modules/mod_dumpio.so | ||
<IfModule dumpio_module> | <IfModule dumpio_module> | ||
DumpIOInput On | |||
DumpIOOutput On | |||
# DumpIOLogLevel debug | |||
LogLevel debug | |||
</IfModule> | </IfModule> | ||
=apachectl= | |||
Verify apache config file. | Verify apache config file. | ||
apachectl -S -f /etc/httpd/conf/httpd.conf | apachectl -S -f /etc/httpd/conf/httpd.conf | ||
=Is module loaded= | |||
apachectl -t -D DUMP_MODULES 2>&1 | grep -i dumpio | |||
=logging= | |||
Format examples. Both mean same thing. | |||
# CustomLog with format nickname | |||
LogFormat "%h %l %u %t \"%r\" %>s %b" common | |||
CustomLog "logs/access_log" common | |||
# CustomLog with explicit format string | |||
CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b" | |||
One line explained. | |||
LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %b %D %P %X \"%{Referer}i\" \"%{User-Agent}i\"" combined | |||
CustomLog logs/api-access_log combined | |||
Example | |||
146.192.224.227, 10.199.85.25 10.199.85.25 - [22/Sep/2018:00:47:23 +0000] "GET /blabla. HTTP/1.1" 200 6008 343783 13792 - "-" "curl/7.38.0" | |||
X-Forwarded for, Remote hostname user Time "First line of request" final_status size_response time_serve_millis Process Connection_status "Referer" "user_agent" | |||
Variables described. | |||
%{X-Forwared-For}i=The contents of X-Forwared-For: header line | |||
%h=Remote hostname. | |||
%u=Remote user | |||
%t=Time the request was received | |||
%r=First line of request | |||
%>s=final status. | |||
%b=Size of response in bytes | |||
%D=The time taken to serve the request, in microseconds. | |||
%P=The process ID of the child that serviced the request. | |||
%X Connection status when response is completed: | |||
X=Connection aborted before the response completed. | |||
+=Connection may be kept alive after the response is sent. | |||
-=Connection will be closed after the response is sent. | |||
%{Referer}i=The contents of User-Agent: header line | |||
%{User-Agent}i=The contents of User-Agent: header line | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Unix]] | [[Category:Unix]] | ||
[[Category:Web]] | [[Category:Web]] |
Latest revision as of 13:52, 24 January 2019
Documentation
http://httpd.apache.org/docs/2.3/mod/core.html
proxy
The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as:
RewriteEngine on RewriteRule ^t(.*)$ http://somewhere.com/ [P,L]
This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server.
who is hammering my apache?
sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log
POST logging mod_security
yum install mod_security
/etc/httpd/conf.d/mod_security.conf.bak3 LoadModule security2_module modules/mod_security2.so <IfModule !mod_unique_id.c> LoadModule unique_id_module modules/mod_unique_id.so </IfModule> <IfModule mod_security2.c> SecRuleEngine On SecAuditEngine on SecAuditLog /var/log/httpd/modsec_audit.log SecRequestBodyAccess on SecResponseBodyAccess on SecUploadKeepFiles On SecUploadDir /var/log/httpd/files SecAuditLogParts ABCEIFGHZ SecDefaultAction "nolog,noauditlog,allow,phase:2" SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass" </IfModule>
POST logging mod_dumpio
/etc/httpd/conf.d/mod_dumpio.conf.bak
LoadModule dumpio_module modules/mod_dumpio.so <IfModule dumpio_module> DumpIOInput On DumpIOOutput On # DumpIOLogLevel debug LogLevel debug </IfModule>
apachectl
Verify apache config file.
apachectl -S -f /etc/httpd/conf/httpd.conf
Is module loaded
apachectl -t -D DUMP_MODULES 2>&1 | grep -i dumpio
logging
Format examples. Both mean same thing.
# CustomLog with format nickname LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog "logs/access_log" common # CustomLog with explicit format string CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"
One line explained.
LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %b %D %P %X \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog logs/api-access_log combined
Example
146.192.224.227, 10.199.85.25 10.199.85.25 - [22/Sep/2018:00:47:23 +0000] "GET /blabla. HTTP/1.1" 200 6008 343783 13792 - "-" "curl/7.38.0" X-Forwarded for, Remote hostname user Time "First line of request" final_status size_response time_serve_millis Process Connection_status "Referer" "user_agent"
Variables described.
%{X-Forwared-For}i=The contents of X-Forwared-For: header line %h=Remote hostname. %u=Remote user %t=Time the request was received %r=First line of request %>s=final status. %b=Size of response in bytes %D=The time taken to serve the request, in microseconds. %P=The process ID of the child that serviced the request. %X Connection status when response is completed: X=Connection aborted before the response completed. +=Connection may be kept alive after the response is sent. -=Connection will be closed after the response is sent. %{Referer}i=The contents of User-Agent: header line %{User-Agent}i=The contents of User-Agent: header line