Category: Apache

install php ziparchive
May 30th, 2018 by ronny

PHP ZipArchive is a file archive for zip compression used by many web applications and plugins. How to install PHP ZipArchive for Debian is an easy task. Let’s see how we install it.

PHP ZipArchive Library is missing or disabled

PHP ZipArchive Library is missing or disabled is the usual message you get if it is missing or disabled. So let’s assume it is missing, as in not installed. You only need to run one line of commands.

sudo apt-get install php7.0-zip

Now you should have installed PHP ZipArchive. Don’t forget to restart your web server too. If you are running Apache2, just run:

sudo service apache2 restart

PHP ZipArchive should be ready for your web application or plugin now.

To read more about the PHP ZipArchive package, go to the Debian package site.

You might also be interested in how to install phpPGAdmin.

Posted in Apache, Debian, Linux Tagged with:

debian apache log
December 1st, 2017 by ronny

Debian Apache log files contain tons of useful information about your web server and websites. Here I will show how to install GoAccess to help you get data and statistics on a lot of information. Here is what data you will easily visualize with GoAccess.

– Statistics and bandwidth usage

– Visitors data, top visitor, referring sites and links, 404

– Ip location, hosts, reverse DNS

– Operating systems and browser statistics

– Other Http status codes

– Geo Location

You can go to their website to check out more of this amazing Debian Apache log file tool.

How to Install GoAccess for Debian

GoAccess supports several Linux distributions, but I will only cover how to install it for Debian. By the way, it is the same installation for Ubuntu. GoAccess has been available since Debian 6 (Squeeze).

apt-get install goaccess

That will install the latest version of GoAccess made available to Debian package manager.

How to use GoAccess on Debian

Type the following and hit enter: goaccess

This will list all available parameters and arguments for GoAccess.

The argument we are interested in is -f. To specify the path to the log files. If we test it on this site, it would look something like this:

goaccess -f /var/www/soltveit.org/logs/access.log

That will give us an output like on the screen print below.

How to create an HTML report.

To generate an HTML report of your Apache log files you just run it with an output to a file with an html extension. Like this:

goaccess -f /var/www/soltveit.org/logs/access.log > report.html

To view this exact files, just go to:

www.soltveit.org/logs/report.html

You might get a fatal error message where GoAccess complaints about missing time format. Just go to /etc/goaccess.conf and uncomment the time, the date and log format you want to use.

This will generate an HTML report like the one below. But you can have a look your self by clicking the report link above.

So this is how you install and some basic usage of GoAccess on a Debian system with Apache web server and Debian Apache log file analyzing.

Enjoy and happy Debian Apache log file analyzing!

 

Also, check out Apache – Disable directory browsing in Debian

Posted in Apache, Debian Tagged with: ,

ssh upload www
May 28th, 2016 by ronny

ssh upload www

Ssh upload www. Note this article is for Debian based Linux distributions.

Several web designing tools offer ssh or sftp uploads to your site folder. Normally your user (if using a regular user) doesn’t have access to the /var/www folder. Unless you are using the root user, and that is not recommended. Remote root login should be blocked.

For ssh upload www we first need to change the folder permissions to 775. The reason for that is because we want to give groups access to write and modify files in the www folder. To change the folder permissions we do: sudo chmod -R 775 /var/www/

Note: the command above will also change the permissions in all sub-folders of www. If you only want to set 775 to the www without sub-folders, just remove -R. In most cases that will be enough as your software will create the folders it needs. And inherit the permissions from www.

Next we will need to add our user to the group www-data. That is the group used by the webserver. Doesn’t mater if you use Apache or Nginx, it will still use www-data. Here is how to add your user til www-data: sudo usermod -a -G www-data john

Here we are assuming the user is called John. Usermod means modify user. Then we are using two parameters. The first one -a means append (to supplementary groups and is always used together with -g).
The second one -G means groups. You can list more than one group. We only listed www-data. But you could list a whole list of groups. Use comma to separate them if you want to list more than one group.
Third parameter is the group(s) we want to add to the user.
Finally, the fourth parameter, is the name of the user we want to modify.

That is all on ssh upload www topic. Enjoy!

Happy uploading!

Posted in Apache, Linux Tagged with: , ,

June 8th, 2015 by ronny

libwww-perl access blocking

libwww-perl accessLibwww-perl access is often used by botnets and other nasty softwares to scan your site for vulnerabilities. Luckily it is quite easy to block libwww-perl access. Blocking libwww-perl access will increase safety on your server. Here is how it is done.

Open .htaccess file on the site you want to block libwww-perl access, and insert these lines below RewriteEngine On:
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* – [F,L]

libwww-perl is now blocked, and will not have access to that site again.
Thats it for blocking access libwww-perl in apache.

what is libwww-perl?

From Wikipedia:
LWP (for “Library for WWW in Perl”, also called libwww-perl) is a set of Perl modules that give Perl programming easy access to sending requests to the World Wide Web. libwww-perl provides an application programming interface to an HTTP client as well as a number of HTML utilities, and standard objects to represent HTTP requests and responses.

History
The first generation of libwww-perl was written by Roy Fielding using version 4.036 of Perl. Fielding’s work on libwww-perl provided a backend HTTP interface for his MOMSpider Web crawler. Fielding’s work on libwww-perl was informed by Tim Berners-Lee’s work on libwww, and helped to clarify the architecture of the Web that was eventually documented in HTTP v1.0. The second generation of libwww-perl was based on version 5.004 of Perl, and written by Martijn Koster and Gisle Aas.

Happy blocking!

Posted in Apache, Linux

June 7th, 2015 by ronny

Disable directory browsing

Disable directory browsingIf you have directory browsing enabled, which it is by default, your users can browse the directories on your web server. This is not particularly good regarding security. So we better disable directory browsing to be on the safe side.

On a Debian server we do that quite easily in the domain config at /etc/apache2/sites-available/
If you have setup more than one domain on your web server, you should go to your domains config file. Here is an example: ‹/etc/apache2/sites-available/example.com.conf
(if you use Apache prior to 2.4 you might not have the .conf extension)

Insert this line into the config file: Options -Indexes

If you only have one domain hosted on your server, you most likely uses the default domain config.
Edit this file: /etc/apache2/sites-available/default
Look for the line: Options Indexes FollowSymLinks MultiViews ExecCGI
And change to: Options -Indexes FollowSymLinks MultiViews ExecCGI

You can now restart or reload your apache server.
service apache2 restart

We have now done disable directory browsing.

Happy browsing!

Posted in Apache, Debian, Linux, Linux Mint, Ubuntu Tagged with:

June 6th, 2015 by ronny

Hard-Disk-Server-iconHaving your server include a signature at the end of a web page can be a security risk. So turn off server signature before someone target your server. They will easily know what web server version and operating system you are using. And then use that information to search for exploits spesific to your version. So we better leave it out.Screen Shot 2015-06-06 at 11.41.35

 

 

 

 

 

By typing in a page we know doesn’t exist, for provoking a 404 page to display, we will here see Apache version, and that we are using Debian.

On a Debian based Linux distro (Ubuntu, Linux Mint, Etc) we open this file: /etc/apache2/apache2.conf
On a Red Hat based distro (Centos, Fedora, Arch) open this file: /etc/httpd/con/httpd.conf

Add these two lines to the end of the config:
ServerSignature Off
ServerTokens Prod

ServerSignature turns the signature off, but you still need to include the ServerTokens. It will still display the server signature if you dont include it.

You will need to restart the server to make your changes take effect.
Debian based: service apache2 restart
Red Hat/Centos: service httpd restart

Screen Shot 2015-06-06 at 11.46.51

Your web server signature should now be hidden. And this was how to turn off server signature on a Apache webserver.

Happy safe serving!

Posted in Apache, Linux

June 4th, 2015 by ronny

Site does not exist

Site does not existDid you upgrade to Debian 8 and got Site does not exist?

I recently upgraded one of my web servers from Debian 7 to Debian 8. I was going to re-install it anyway and figured this was a good opportunity to try out Debian 8. I did my usual steps to install a basic LAMP server, and everything went fine. Until I got to the part where I was putting in my domains into sites-available. I already had the config files, so I knew they were working (at least on my Debian 7 server).

When I ran a2ensite example.com (I used a different domain of course). I got the message Site does not exist, or ERROR: Site example.com does not exist! to be specific.

After running around on different web sites I finally found out that Debian went from Apache 2.2 to Apache 2.4 with the latest Debian version. And I had to add .conf to my sites file to prevent the Site does not exist message.

So the complete path for the example.com would be:
/etc/apache2/sites-available/example.com.conf

If you get Site does not exist, just add .conf to your file and Apache will “find” your file. Apache 2.4 require .conf as file type.

Here is complete instruction for adding a new domain. Remember to add .conf to the config file.
And go to Debian official home page to download Debian 8. Look for the installation that suits you. I usually go for the net install versions, and have my own apt proxy server since I usually install quite a few Debian servers.

Happy site existing!

Posted in Apache, Debian, Linux Tagged with: , ,

January 25th, 2015 by ronny

link-iconIf you change your permalinks from default to something else, and it gives you a 404 error. Chances are the rewrite module in apache2 is not enabled. I´m not sure how to do this on a windows server. On Debian variants and Red Hat variants you only need to pass one command via console and restart. It might be the same for many other Linux distros.

As root or sudo
a2enmod rewrite

That´s it. Then you need to restart your apache server.
service apache2 restart

Voila, your permalinks now works.

Happy linking!

Posted in Apache, Linux

May 27th, 2014 by ronny

apps-gnome-ftp-iconIf you try to transfer files to your website folders (as a user) with FileZilla or any other sftp software, you most likely get write: permission denied.

To grant write access to your user, follow these steps (Ubuntu users add sudo first):
adduser username www-data
chgrp -R www-data /var/www
chmod -R g+rw /var/www

First command add the user to the www-data group. Thats the Apache2 group on Debian systems.
Second we make sure all files and sub-dirs get into the www-data group, by using the change group command (chgrp)
Third we give read and write access to all files and sub-dirs of /var/www

If you run multiple sites on your Apache server, you can of course set the permissions to just the one site instead of all sites.

Happy permissions!

Posted in Apache, Debian, Linux, Ubuntu

November 19th, 2013 by ronny

web-server-iconApache can easily host more than one domain. And here is how.

We assume the new domain is called example.com. First we create the needed directories.
mkdir /var/www/example.com
mkdir /var/www/example.com/logs

If you are going to run web applications like a forum script or even WordPress, apache will need write access to the directories.
chown -R www-data /var/www/example.com
If Apache don’t need write access, or is hosting a dumb html page. You should still give write access to the logs folder. This is convinient for fault finding and to keep track of script kiddies.
chown -R www-data /var/www/example.com/logs

Then we need to create the Apache site config file.
vim /etc/apache2/sites-available/example.com

And modify this to suit your own domain. You can skip the ErrorLog and CustomLog if you dont want to log your site.

<VirtualHost *:80>
ServerAdmin you@example.com
ServerName example.com
ServerAlias example.com
DocumentRoot /var/www/example.com
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
</VirtualHost>

<VirtualHost *:80>
ServerAdmin you@example.com
ServerName www.example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
</VirtualHost>

Close vim, vi, nano or what ever text editor your using. And we have to add the domain with:
a2ensite example.com

Then we have to restart Apache to apply the changes.
service apache2 restart (or you can run /etc/init.d/apache2 restart)

You should now have example.com added to your apache server.

Remember to point your dns to your web server.

Happy hosting!

 

Posted in Apache, Linux

Optimization WordPress Plugins & Solutions by W3 EDGE