Apache: Difference between revisions

From Halfface
Jump to navigation Jump to search
No edit summary
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Documentation==
=Documentation=


  http://httpd.apache.org/docs/2.3/mod/core.html
  http://httpd.apache.org/docs/2.3/mod/core.html


==proxy==
=proxy=


The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as:
The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as:
Line 11: Line 11:


This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server.
This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server.
==who is hammering my apache?==
=who is hammering my apache?=
  sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log
  sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log
=POST logging mod_security=
yum install mod_security
/etc/httpd/conf.d/mod_security.conf.bak3
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
  LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule mod_security2.c>
  SecRuleEngine On
  SecAuditEngine on
  SecAuditLog /var/log/httpd/modsec_audit.log
  SecRequestBodyAccess on
  SecResponseBodyAccess on
  SecUploadKeepFiles On
  SecUploadDir /var/log/httpd/files
  SecAuditLogParts ABCEIFGHZ
  SecDefaultAction "nolog,noauditlog,allow,phase:2"
  SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass"
</IfModule>
=POST logging mod_dumpio=
/etc/httpd/conf.d/mod_dumpio.conf.bak
LoadModule dumpio_module modules/mod_dumpio.so
<IfModule dumpio_module>
  DumpIOInput On
  DumpIOOutput On
  # DumpIOLogLevel debug
  LogLevel debug
</IfModule>
=apachectl=
Verify apache config file.
apachectl -S -f /etc/httpd/conf/httpd.conf
=Is module loaded=
apachectl -t -D DUMP_MODULES 2>&1 | grep -i dumpio
=logging=
Format examples. Both mean same thing.
# CustomLog with format nickname
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" common
# CustomLog with explicit format string
CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"
One line explained.
LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %b %D %P %X \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/api-access_log combined
Example
146.192.224.227, 10.199.85.25 10.199.85.25 -      [22/Sep/2018:00:47:23 +0000] "GET /blabla. HTTP/1.1" 200          6008          343783            13792  -                "-"      "curl/7.38.0"
X-Forwarded for, Remote hostname          user    Time                        "First line of request" final_status size_response time_serve_millis Process Connection_status "Referer" "user_agent"
Variables described.
%{X-Forwared-For}i=The contents of X-Forwared-For: header line
%h=Remote hostname.
%u=Remote user
%t=Time the request was received
%r=First line of request
%>s=final status.
%b=Size of response in bytes
%D=The time taken to serve the request, in microseconds.
%P=The process ID of the child that serviced the request.
%X Connection status when response is completed:
  X=Connection aborted before the response completed.
  +=Connection may be kept alive after the response is sent.
  -=Connection will be closed after the response is sent.
%{Referer}i=The contents of User-Agent: header line
%{User-Agent}i=The contents of User-Agent: header line
[[Category:Applications]]
[[Category:Applications]]
[[Category:Unix]]
[[Category:Unix]]
[[Category:Web]]
[[Category:Web]]

Latest revision as of 13:52, 24 January 2019

Documentation

http://httpd.apache.org/docs/2.3/mod/core.html

proxy

The idea is to receive all incoming requests on a single HTTP server. This server, using mod_proxy and mod_rewrite, will route requests to X backend servers, acting as a reverse proxy. This can be done very simply once mod_proxy is installed, by adding lines such as: 

RewriteEngine on
RewriteRule ^t(.*)$ http://somewhere.com/ [P,L]

This would route all requests starting with a t to the site somewhere.com and present its contents to the user as if delivered by the front server.

who is hammering my apache?

sudo perl -e '$ip{(split)[0]}++ while <>; print map "$_ : $ip{$_}\n", sort {$ip{$b} <=> $ip{$a}} keys %ip' /var/log/httpd/halfface.se.access.log

POST logging mod_security

yum install mod_security 

/etc/httpd/conf.d/mod_security.conf.bak3 
LoadModule security2_module modules/mod_security2.so
<IfModule !mod_unique_id.c>
 LoadModule unique_id_module modules/mod_unique_id.so
</IfModule>
<IfModule mod_security2.c>
 SecRuleEngine On
 SecAuditEngine on
 SecAuditLog /var/log/httpd/modsec_audit.log
 SecRequestBodyAccess on
 SecResponseBodyAccess on
 SecUploadKeepFiles On
 SecUploadDir /var/log/httpd/files
 SecAuditLogParts ABCEIFGHZ
 SecDefaultAction "nolog,noauditlog,allow,phase:2"
 SecRule REQUEST_METHOD "POST" "id:1000,phase:2,ctl:auditEngine=On,nolog,pass"
</IfModule>

POST logging mod_dumpio

/etc/httpd/conf.d/mod_dumpio.conf.bak 

LoadModule dumpio_module modules/mod_dumpio.so
<IfModule dumpio_module>
 DumpIOInput On
 DumpIOOutput On
 # DumpIOLogLevel debug
 LogLevel debug
</IfModule>

apachectl

Verify apache config file. 

apachectl -S -f /etc/httpd/conf/httpd.conf

Is module loaded

apachectl -t -D DUMP_MODULES 2>&1 | grep -i dumpio

logging

Format examples. Both mean same thing. 

# CustomLog with format nickname
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "logs/access_log" common

# CustomLog with explicit format string
CustomLog "logs/access_log" "%h %l %u %t \"%r\" %>s %b"

One line explained. 

LogFormat "%{X-Forwarded-For}i %h %u %t \"%r\" %>s %b %D %P %X \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/api-access_log combined

Example 

146.192.224.227, 10.199.85.25 10.199.85.25 -       [22/Sep/2018:00:47:23 +0000] "GET /blabla. HTTP/1.1" 200          6008          343783            13792   -                 "-"       "curl/7.38.0"
X-Forwarded for, Remote hostname           user    Time                         "First line of request" final_status size_response time_serve_millis Process Connection_status "Referer" "user_agent"

Variables described. 

%{X-Forwared-For}i=The contents of X-Forwared-For: header line
%h=Remote hostname.
%u=Remote user
%t=Time the request was received
%r=First line of request
%>s=final status.
%b=Size of response in bytes
%D=The time taken to serve the request, in microseconds.
%P=The process ID of the child that serviced the request.
%X	Connection status when response is completed:
  X=Connection aborted before the response completed.
  +=Connection may be kept alive after the response is sent.
  -=Connection will be closed after the response is sent.
%{Referer}i=The contents of User-Agent: header line
%{User-Agent}i=The contents of User-Agent: header line
Retrieved from "https://halfface.se/wiki/index.php?title=Apache&oldid=13107"