Image

Apache

Apache configuration files

By  •  Apache

httpd.conf is Apache‘s main configuration file by default. It will then call out other files and directories via Include and IncludeOptional directives which is meant to simplify the main configuration file, and the structure wildly varies between platforms.

httpd.conf itself is located differently between platforms. These are some of the known locations;

Platform Location
xampp {installation directory}/apache/conf/httpd.conf
macOS /private/etc/apache2/httpd.conf
homebrew /usr/local/etc/apache2/2.4/httpd.conf
Debian/Ubuntu /etc/apache2/httpd.conf
RedHat/CentOS/Fedora /etc/httpd/conf/httpd.conf

If your platform of choice is not on the list, simply run httpd -V from the terminal and look for SERVER_CONFIG_FILE.

# httpd -V
Server version: Apache/2.4.25 (Unix)
Server built:   Feb  6 2017 20:02:10
Server's Module Magic Number: 20120211:67
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/usr"
 -D SUEXEC_BIN="/usr/bin/suexec"
 -D DEFAULT_PIDLOG="/private/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/private/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"

Different platform might use different binary names such as apache, apache2, apachectl or apache2ctl

Use grep to get only the relevant line.

# httpd -V | grep SERVER_CONFIG_FILE
 -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"

Combine the output for both HTTPD_ROOT and SERVER_CONFIG_FILE If the output doesn’t provide absolute full path of the configuration file.

How to restart Apache service

By  •  Apache

There are many ways to restart Apache service and this depends on your platform of choice and personal preferences

Platform Command
Ubuntu 16.10 and later, RedHat/CentOS 7 and later, Fedora and other platform with systemd
# systemctl restart httpd.service
Platforms with service command. Normally a wrapper to System V init scripts or systemd commands.
# service httpd restart
Older platforms with System V init scripts
# /etc/init.d/apache2 restart
Apache’s built-in command
# httpd -k restart

Different platform might use different binary/script names such as apache, apache2, apachectl or apache2ctl

How to test Apache configuration without restarting the service

By  •  Apache

It’s always a good idea to test your newly updated Apache config file before restarting the service itself. This will help avoid downtime due to Apache refusing to start due to misconfiguration. You can use apachectl, httpd or equivalent binaries as in the examples below;

Different platform might use different binary names such as apache, apache2 or apache2ctl

  1. httpd

    # httpd -t
    AH00112: Warning: DocumentRoot [/var/www/mywebsite] does not exist
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    Syntax OK
  2. apachectl

    # apachectl configtest
    AH00112: Warning: DocumentRoot [/var/www/mywebsite] does not exist
    AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
    Syntax OK

What happens is that the programs will try to parse the configuration files without implementing any of your changes. Once you get Syntax OK at the end of the output and are satisfied with all the warnings (if any), you could confidently restart your Apache service.

How to analyze Apache log for security with Scalp

By  •  Apache

Scalp! is a log analyzer for the Apache web server that looks for security problems. It reads the Apache log and perform log analysis for possible attacks against rulesets provided by PHP-IDS project. It is available for download from GitHub.

Scalp! is currently written in Python though the writer claims he’s now working on C++ version of it. Current Python can only analyze a maximum of 10000 lines of log, and seems to be a bit slow. The C++ version is aimed to overcome the problems.

When being run without any parameters, Scalp will look for access_log and default_filter.xml files in the current directory, and produce the report to the standard output. access_log is the Apache log file, and default_filter.xml is the filter rules available from the PHPIDS project. Running the program as the following will use the Apache log file at /var/log/apache2/access.log and the PHPIDS ruleset from ~/default_filter.xml;

$ python scalp.py --log /var/log/apache2/access.log --filters ~/default_filter.xml

To overcome the 10000 lines limitation of the program, a Linux program called split can be run as in the example below as a log splitter, and Scalp! is then run against all the splitted log;

$ split -l 10000  /var/log/apache2/access.log

How to redirect non-www URL to www in Apache

By  •  Apache

If both www and non www domain of your website (http://example.com and http://www.example.com) serve the same website, and you want people going to http://example.com to automatically be redirected to http://www.example.com, there’s a few way that you can do so with Apache

Top