Apache‘s main configuration file by default. It will then call out other files and directories via
IncludeOptional directives which is meant to simplify the main configuration file, and the structure wildly varies between platforms.
httpd.conf itself is located differently between platforms. These are some of the known locations;
If your platform of choice is not on the list, simply run
httpd -V from the terminal and look for
# httpd -V Server version: Apache/2.4.25 (Unix) Server built: Feb 6 2017 20:02:10 Server's Module Magic Number: 20120211:67 Server loaded: APR 1.5.2, APR-UTIL 1.5.4 Compiled using: APR 1.5.2, APR-UTIL 1.5.4 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_FLOCK_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/usr" -D SUEXEC_BIN="/usr/bin/suexec" -D DEFAULT_PIDLOG="/private/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/private/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"
Different platform might use different binary names such as
grep to get only the relevant line.
# httpd -V | grep SERVER_CONFIG_FILE -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"
Combine the output for both
SERVER_CONFIG_FILE If the output doesn’t provide absolute full path of the configuration file.
Apache‘s reverse proxy is an act of an
Apache webserver providing content from other webserver transparently. This is useful in many instances such as caching and mirroring, but it’s mostly used to serve websites that are hosted behind NAT or a firewall. A reverse proxy server routes connection addressed to the internal server, and the client sees the reverse proxy server itself as the origin server.
Apache can be configured to serve URL‘s such as
http://www.example.com/webapp to actually get the content from
http://192.168.0.10/myapp, which is hosted from an internal network. This happens transparently and the user initially requesting
http://www.example.com/webapp need not to be aware of what happens in the background.
DirectoryIndex (normally configured as
welcome.html) present in a directory, and if
mod_autoindex is enabled (which by default is normally enabled),
Apache would list the directory contents, as the following;
While useful for some cases, you would want to disable this feature (perhaps for security reason). There are few ways to do this.
There are many ways to restart
Apache service and this depends on your platform of choice and personal preferences
| Ubuntu 16.10 and later, RedHat/CentOS 7 and later,
# systemctl restart httpd.service
| Platforms with
# service httpd restart
|Older platforms with
# /etc/init.d/apache2 restart
|Apache’s built-in command||
# httpd -k restart
Different platform might use different binary/script names such as
It’s always a good idea to test your newly updated
Apache config file before restarting the service itself. This will help avoid downtime due to
Apache refusing to start due to misconfiguration. You can use
httpd or equivalent binaries as in the examples below;
Different platform might use different binary names such as
# httpd -t AH00112: Warning: DocumentRoot [/var/www/mywebsite] does not exist AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Syntax OK
# apachectl configtest AH00112: Warning: DocumentRoot [/var/www/mywebsite] does not exist AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Syntax OK
What happens is that the programs will try to parse the configuration files without implementing any of your changes. Once you get
Syntax OK at the end of the output and are satisfied with all the warnings (if any), you could confidently restart your
Scalp! is a log analyzer for the Apache web server that looks for security problems. It reads the Apache log and perform log analysis for possible attacks against rulesets provided by PHP-IDS project. It is available for download from GitHub.
Scalp! is currently written in Python though the writer claims he’s now working on C++ version of it. Current Python can only analyze a maximum of 10000 lines of log, and seems to be a bit slow. The C++ version is aimed to overcome the problems.
When being run without any parameters, Scalp will look for access_log and default_filter.xml files in the current directory, and produce the report to the standard output. access_log is the Apache log file, and default_filter.xml is the filter rules available from the PHPIDS project. Running the program as the following will use the Apache log file at /var/log/apache2/access.log and the PHPIDS ruleset from ~/default_filter.xml;
$ python scalp.py --log /var/log/apache2/access.log --filters ~/default_filter.xml
To overcome the 10000 lines limitation of the program, a Linux program called split can be run as in the example below as a log splitter, and Scalp! is then run against all the splitted log;
$ split -l 10000 /var/log/apache2/access.log
Apache normally runs as an unprivileged user without shell access in most platforms. This is for security reason as a poorly written script or configuration if exploited will not escalate and cause much harm to the system.
If you’re running a development environment and know exactly what you’re doing, you can change the user and group that the
Apache process runs as with these simple steps;
Apache‘s configuration file.
Apacheprocess to run as. The following example is to run it as
User root Group root
This could be a big security risk, especially to run it as
Make sure the user and group has appropriate permission to
DocumentRoot and related files and folders.
$ ps aux | grep apache2 root 1188 0.0 0.1 162184 6664 ? Ss Mar29 0:02 /usr/sbin/apache2 -k start root 1197 0.0 0.1 162184 5668 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1198 0.0 0.1 162184 5916 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1200 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1201 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1202 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start
In some distributions the
Apache binary could be named
httpd instead of