Difference between revisions of "Apache"

From Steak Wiki
Jump to navigationJump to search
 
(13 intermediate revisions by one other user not shown)
Line 1: Line 1:
Apache hardening:
+
<small>Apache hardening:
 
https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server
 
https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server
  
Line 6: Line 6:
 
Append this:
 
Append this:
 
{{Cat|/etc/apache2/apache.conf|
 
{{Cat|/etc/apache2/apache.conf|
ErrorDocument 400 /error555.html
+
ErrorDocument 400 /error.html
ErrorDocument 401 /error555.html
+
ErrorDocument 401 /error.html
ErrorDocument 404 /error555.html
+
ErrorDocument 404 /error.html
ErrorDocument 403 /error555.html
+
ErrorDocument 403 /error.html
ErrorDocument 500 /error555.html
+
ErrorDocument 500 /error.html
ErrorDocument 502 /error555.html
+
ErrorDocument 502 /error.html
ErrorDocument 503 /error555.html
+
ErrorDocument 503 /error.html
ErrorDocument 504 /error555.html
+
ErrorDocument 504 /error.html
 
}}  
 
}}  
  
  
{{Cat|/var/www/html/error555.html|
+
{{Cat|/var/www/html/error.html|
 
}}  
 
}}  
 
Just a blank file.
 
Just a blank file.
Line 25: Line 25:
 
  a2enmod ssl
 
  a2enmod ssl
 
  a2dismod ssl
 
  a2dismod ssl
 +
  
 
enable / disable certain php vers
 
enable / disable certain php vers
 
  a2enmod php5.6
 
  a2enmod php5.6
 
  a2dismod php5.5
 
  a2dismod php5.5
 +
 +
===GeoBlocking===
 +
* https://wiki.pratznschutz.com/index.php/Apache2_Geo_IP
 +
* https://podtech.com/apache/block-ips-by-country-apache/
 +
* https://wiki.ubuntuusers.de/Archiv/Apache/mod_geoip2/
 +
 +
#apt-get install libapache2-mod-geoip
 +
#a2enmod geoip
 +
cd /usr/share/GeoIP
 +
#wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
 +
#gunzip GeoLiteCity.dat.gz - this didn't work. todo
 +
 +
geoip.conf
 +
<pre>
 +
<IfModule mod_geoip.c>
 +
  GeoIPEnable On
 +
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
 +
</IfModule>
 +
</pre>
 +
 +
/etc/apache2/sites-available/webseite-geoip
 +
<pre>
 +
<VirtualHost *>
 +
        ServerAdmin webmaster@example.com
 +
        ServerName www.example.com
 +
        ServerAlias www.example.com *.www.example.com
 +
        DocumentRoot /var/www/webseite/
 +
 +
<Directory /var/www/webseite/>
 +
        AllowOverride FileInfo Options
 +
        SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry
 +
        Deny from all
 +
        Allow from env=AllowCountry
 +
</Directory>
 +
 +
###### Logs ####
 +
 +
        ErrorLog /var/log/apache2/webseite.error.log
 +
        LogLevel warn
 +
        CustomLog /var/log/apache2/webseite.access.log combined
 +
</VirtualHost>
 +
</pre>
 +
This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat...
 +
 +
php test script (note: remove html comment tags)
 +
<pre>
 +
<!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?-->
 +
</pre>
 +
 +
multiple env variables at the same time (i.e. require both):
 +
    Allow from env=AllowedCountry1 & AllowCountry2
 +
 +
 +
 +
 +
</small>

Latest revision as of 07:15, 11 May 2023

Apache hardening: https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server


Eliminate Error Pages

Append this:

Contents of /etc/apache2/apache.conf

ErrorDocument 400 /error.html ErrorDocument 401 /error.html ErrorDocument 404 /error.html ErrorDocument 403 /error.html ErrorDocument 500 /error.html ErrorDocument 502 /error.html ErrorDocument 503 /error.html ErrorDocument 504 /error.html


Contents of /var/www/html/error.html

Just a blank file.

Misc

enable / disable ssl (listen on port 443)

a2enmod ssl
a2dismod ssl


enable / disable certain php vers

a2enmod php5.6
a2dismod php5.5

GeoBlocking

#apt-get install libapache2-mod-geoip 
#a2enmod geoip 
cd /usr/share/GeoIP
#wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
#gunzip GeoLiteCity.dat.gz - this didn't work. todo

geoip.conf

<IfModule mod_geoip.c>
  GeoIPEnable On
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>

/etc/apache2/sites-available/webseite-geoip

<VirtualHost *>
        ServerAdmin webmaster@example.com
        ServerName www.example.com
        ServerAlias www.example.com *.www.example.com
        DocumentRoot /var/www/webseite/

<Directory /var/www/webseite/>
        AllowOverride FileInfo Options
        SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry
        Deny from all
        Allow from env=AllowCountry
</Directory>

###### Logs ####

        ErrorLog /var/log/apache2/webseite.error.log
        LogLevel warn
        CustomLog /var/log/apache2/webseite.access.log combined
</VirtualHost>
 

This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat...

php test script (note: remove html comment tags)

 <!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?-->

multiple env variables at the same time (i.e. require both):

   Allow from env=AllowedCountry1 & AllowCountry2