Apache: Difference between revisions

From Halfface
Jump to navigation Jump to search
Line 13: Line 13:
==who is hammering my apache?==
==who is hammering my apache?==
  sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log
  sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log
==log post==
==POST loggin mod_security==
  What is being posted to my apache.
  /etc/httpd/conf.d/mod_security.conf.bak3
  /etc/httpd/conf/httpd.conf
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule mod_security2.c>
  SecRuleEngine On
  SecAuditEngine on
  SecAuditLog /var/log/httpd/modsec_audit.log
  SecRequestBodyAccess on
  SecUploadKeepFiles On
  SecUploadDir /var/log/httpd/files
  SecAuditLogParts ABIFHZ
  SecDefaultAction "nolog,noauditlog,allow,phase:2"
  SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass"
</IfModule>
==POST loggin mod_dumpio==
  /etc/httpd/conf.d/mod_dumpio.conf.bak
  LoadModule dumpio_module modules/mod_dumpio.so
  LoadModule dumpio_module modules/mod_dumpio.so
/etc/httpd/conf.d/dumpio.conf
  <IfModule dumpio_module>
  <IfModule dumpio_module>
   DumpIOInput On
   DumpIOInput On
Line 23: Line 39:
   DumpIOLogLevel warn
   DumpIOLogLevel warn
  </IfModule>
  </IfModule>
[[Category:Applications]]
[[Category:Applications]]
[[Category:Unix]]
[[Category:Unix]]
[[Category:Web]]
[[Category:Web]]

Revision as of 23:07, 20 March 2016

Documentation

http://httpd.apache.org/docs/2.3/mod/core.html

proxy

The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as:

RewriteEngine on
RewriteRule ^t(.*)$ http://somewhere.com/ [P,L]

This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server.

who is hammering my apache?

sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log

POST loggin mod_security

/etc/httpd/conf.d/mod_security.conf.bak3 
LoadModule security2_module modules/mod_security2.so

<IfModule !mod_unique_id.c>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule mod_security2.c>
  SecRuleEngine On
  SecAuditEngine on
  SecAuditLog /var/log/httpd/modsec_audit.log
  SecRequestBodyAccess on
  SecUploadKeepFiles On
  SecUploadDir /var/log/httpd/files
  SecAuditLogParts ABIFHZ
  SecDefaultAction "nolog,noauditlog,allow,phase:2"
  SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass"
</IfModule>

POST loggin mod_dumpio

/etc/httpd/conf.d/mod_dumpio.conf.bak 
LoadModule dumpio_module modules/mod_dumpio.so
<IfModule dumpio_module>
  DumpIOInput On
  DumpIOOutput On
  DumpIOLogLevel warn
</IfModule>