Archive for the ‘Apache’ Category

Apache - Easy Benchmark

Tuesday, November 4th, 2008

ab -n 1000 -c 5 http://mydomain.com/bench.htm
makes 1000 separate requests for the same file with a concurrency (simultaneous requests) of 5

Apache - Create an Environment Variable to Use With PHP

Thursday, October 9th, 2008

Add this in your Apache configuration file:
SetEnv ENVIRONMENT “dev”

In this way, thanks to the SetEnv instruction, we have created some environment variables in Apache that can be used inside our PHP code.
In our PHP script we can access the variable this way:
$env= $_SERVER[’ENVIRONMENT’];

Secure PHP & Apache Configuration

Saturday, May 10th, 2008

PHP

  • Disable error messages
  • expose_php Off
  • session.use_only_cookies = 1
  • allow_url_fopen Off

    [if you don’t really need the opposite]

  • register_globals = Off
  • magic_quotes_gpc = ???

    This directive was introduced for improving security preventing SQL Injections, and it does. But it’s much better to put it Off and take care of escaping characters by yourself inside the PHP code for two main reasons. It doesn’t use a native function for your database and adds a level of complexity (infact if one of your input data can contain some quotes you’d need to use the stripslashes function )

Apache

  • ServerTokens ProductOnly
  • ServerSignature Off

In a shared environment you could use these directives as well (for PHP):

  • disable_functions
  • enable_dl
  • memory_limit
  • max filesize in uploading
  • safemode ON

Auth: Protect A Site With Password

Thursday, November 29th, 2007

Add this in the Apache configuration file:

<Directory document_root_for_the_site >
AuthType Basic
AuthName “Restricted access area”
AuthUserFile path_to_passwords_file
Require user username1 username2
</Directory>

The Require user parameter could have a list of usernames space-separated.

Usually path_to_passwords_file is /etc/httpd/passwords
If you can’t find the file:
http://httpd.apache.org/docs/1.3/howto/auth.html

Launch this command:

htpasswd path_to_passwords_file username

Restart the server

Apache Virtual Host Setting

Wednesday, November 21st, 2007

Don’t forget to uncomment the line:

NameVirtualHost *:80

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Check that DirectoryIndex directive contains:

index.html index.htm index.php

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Typical setup for dev environment

<VirtualHost *:80>
DocumentRoot /var/www/html/example.com/dev/html
ServerName dev.
example.com

<Directory /var/www/html/example.com/dev/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors on
php_flag display_startup_errors on
php_value error_reporting 2047
</VirtualHost>

The  AllowOverride All directive allows you to use a .htaccess file.

Typical setup for staging environment

<VirtualHost *:80>
DocumentRoot /var/www/html/example.com/staging/html
ServerName staging.
example.com

<Directory /var/www/html/example.com/staging/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors on
php_flag display_startup_errors on
php_value error_reporting 2047
</VirtualHost>

Typical setup for live environment

<VirtualHost *:80>
DocumentRoot /var/www/html/
example.com/live/html
ServerName www.
example.com

ServerAlias example.com

ServerAlias example2.com
<Directory /var/www/html/example.com/live/html>
AllowOverride All
</Directory>

AddDefaultCharset UTF-8

php_flag display_errors off
php_flag display_startup_errors off
php_value error_reporting 0
</VirtualHost>

The ServerAlias directive allows to reach the website even without using www at the begin of URL

Don’t forget to uncomment the line:

NameVirtualHost *:80

There must be just ONE ServerName directive and how many ServerAlias directives you need.

Apache Tips

Monday, October 1st, 2007

Checking the configuration file sintax before restarting the server:

apachectl -t

Htaccess File to Set register_globals Directive

Monday, June 25th, 2007

Some hosting provider set register_globals to ON just for compatibility to old open source projects.
In this case, you should be able to override that just putting this line in your .htaccess file:
php_flag register_globals on