Difference between revisions of "Apache"
From Steak Wiki
Jump to navigationJump to search(13 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
− | Apache hardening: | + | <small>Apache hardening: |
https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server | https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server | ||
Line 6: | Line 6: | ||
Append this: | Append this: | ||
{{Cat|/etc/apache2/apache.conf| | {{Cat|/etc/apache2/apache.conf| | ||
− | ErrorDocument 400 / | + | ErrorDocument 400 /error.html |
− | ErrorDocument 401 / | + | ErrorDocument 401 /error.html |
− | ErrorDocument 404 / | + | ErrorDocument 404 /error.html |
− | ErrorDocument 403 / | + | ErrorDocument 403 /error.html |
− | ErrorDocument 500 / | + | ErrorDocument 500 /error.html |
− | ErrorDocument 502 / | + | ErrorDocument 502 /error.html |
− | ErrorDocument 503 / | + | ErrorDocument 503 /error.html |
− | ErrorDocument 504 / | + | ErrorDocument 504 /error.html |
}} | }} | ||
− | {{Cat|/var/www/html/ | + | {{Cat|/var/www/html/error.html| |
}} | }} | ||
Just a blank file. | Just a blank file. | ||
Line 25: | Line 25: | ||
a2enmod ssl | a2enmod ssl | ||
a2dismod ssl | a2dismod ssl | ||
+ | |||
enable / disable certain php vers | enable / disable certain php vers | ||
a2enmod php5.6 | a2enmod php5.6 | ||
a2dismod php5.5 | a2dismod php5.5 | ||
+ | |||
+ | ===GeoBlocking=== | ||
+ | * https://wiki.pratznschutz.com/index.php/Apache2_Geo_IP | ||
+ | * https://podtech.com/apache/block-ips-by-country-apache/ | ||
+ | * https://wiki.ubuntuusers.de/Archiv/Apache/mod_geoip2/ | ||
+ | |||
+ | #apt-get install libapache2-mod-geoip | ||
+ | #a2enmod geoip | ||
+ | cd /usr/share/GeoIP | ||
+ | #wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | ||
+ | #gunzip GeoLiteCity.dat.gz - this didn't work. todo | ||
+ | |||
+ | geoip.conf | ||
+ | <pre> | ||
+ | <IfModule mod_geoip.c> | ||
+ | GeoIPEnable On | ||
+ | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
+ | </IfModule> | ||
+ | </pre> | ||
+ | |||
+ | /etc/apache2/sites-available/webseite-geoip | ||
+ | <pre> | ||
+ | <VirtualHost *> | ||
+ | ServerAdmin webmaster@example.com | ||
+ | ServerName www.example.com | ||
+ | ServerAlias www.example.com *.www.example.com | ||
+ | DocumentRoot /var/www/webseite/ | ||
+ | |||
+ | <Directory /var/www/webseite/> | ||
+ | AllowOverride FileInfo Options | ||
+ | SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry | ||
+ | Deny from all | ||
+ | Allow from env=AllowCountry | ||
+ | </Directory> | ||
+ | |||
+ | ###### Logs #### | ||
+ | |||
+ | ErrorLog /var/log/apache2/webseite.error.log | ||
+ | LogLevel warn | ||
+ | CustomLog /var/log/apache2/webseite.access.log combined | ||
+ | </VirtualHost> | ||
+ | </pre> | ||
+ | This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat... | ||
+ | |||
+ | php test script (note: remove html comment tags) | ||
+ | <pre> | ||
+ | <!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?--> | ||
+ | </pre> | ||
+ | |||
+ | multiple env variables at the same time (i.e. require both): | ||
+ | Allow from env=AllowedCountry1 & AllowCountry2 | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | </small> |
Latest revision as of 07:15, 11 May 2023
Apache hardening: https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server
Eliminate Error Pages
Append this:
Contents of /etc/apache2/apache.conf
ErrorDocument 400 /error.html
ErrorDocument 401 /error.html
ErrorDocument 404 /error.html
ErrorDocument 403 /error.html
ErrorDocument 500 /error.html
ErrorDocument 502 /error.html
ErrorDocument 503 /error.html
ErrorDocument 504 /error.html
Contents of /var/www/html/error.html
Just a blank file.
Misc
enable / disable ssl (listen on port 443)
a2enmod ssl a2dismod ssl
enable / disable certain php vers
a2enmod php5.6 a2dismod php5.5
GeoBlocking
- https://wiki.pratznschutz.com/index.php/Apache2_Geo_IP
- https://podtech.com/apache/block-ips-by-country-apache/
- https://wiki.ubuntuusers.de/Archiv/Apache/mod_geoip2/
#apt-get install libapache2-mod-geoip #a2enmod geoip cd /usr/share/GeoIP #wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz #gunzip GeoLiteCity.dat.gz - this didn't work. todo
geoip.conf
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat </IfModule>
/etc/apache2/sites-available/webseite-geoip
<VirtualHost *> ServerAdmin webmaster@example.com ServerName www.example.com ServerAlias www.example.com *.www.example.com DocumentRoot /var/www/webseite/ <Directory /var/www/webseite/> AllowOverride FileInfo Options SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry Deny from all Allow from env=AllowCountry </Directory> ###### Logs #### ErrorLog /var/log/apache2/webseite.error.log LogLevel warn CustomLog /var/log/apache2/webseite.access.log combined </VirtualHost>
This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat...
php test script (note: remove html comment tags)
<!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?-->
multiple env variables at the same time (i.e. require both):
Allow from env=AllowedCountry1 & AllowCountry2