Difference between revisions of "Apache"
From Steak Wiki
Jump to navigationJump to search| (13 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | Apache hardening: | + | <small>Apache hardening: |
https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server | https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server | ||
| Line 6: | Line 6: | ||
Append this: | Append this: | ||
{{Cat|/etc/apache2/apache.conf| | {{Cat|/etc/apache2/apache.conf| | ||
| − | ErrorDocument 400 / | + | ErrorDocument 400 /error.html |
| − | ErrorDocument 401 / | + | ErrorDocument 401 /error.html |
| − | ErrorDocument 404 / | + | ErrorDocument 404 /error.html |
| − | ErrorDocument 403 / | + | ErrorDocument 403 /error.html |
| − | ErrorDocument 500 / | + | ErrorDocument 500 /error.html |
| − | ErrorDocument 502 / | + | ErrorDocument 502 /error.html |
| − | ErrorDocument 503 / | + | ErrorDocument 503 /error.html |
| − | ErrorDocument 504 / | + | ErrorDocument 504 /error.html |
}} | }} | ||
| − | {{Cat|/var/www/html/ | + | {{Cat|/var/www/html/error.html| |
}} | }} | ||
Just a blank file. | Just a blank file. | ||
| Line 25: | Line 25: | ||
a2enmod ssl | a2enmod ssl | ||
a2dismod ssl | a2dismod ssl | ||
| + | |||
enable / disable certain php vers | enable / disable certain php vers | ||
a2enmod php5.6 | a2enmod php5.6 | ||
a2dismod php5.5 | a2dismod php5.5 | ||
| + | |||
| + | ===GeoBlocking=== | ||
| + | * https://wiki.pratznschutz.com/index.php/Apache2_Geo_IP | ||
| + | * https://podtech.com/apache/block-ips-by-country-apache/ | ||
| + | * https://wiki.ubuntuusers.de/Archiv/Apache/mod_geoip2/ | ||
| + | |||
| + | #apt-get install libapache2-mod-geoip | ||
| + | #a2enmod geoip | ||
| + | cd /usr/share/GeoIP | ||
| + | #wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | ||
| + | #gunzip GeoLiteCity.dat.gz - this didn't work. todo | ||
| + | |||
| + | geoip.conf | ||
| + | <pre> | ||
| + | <IfModule mod_geoip.c> | ||
| + | GeoIPEnable On | ||
| + | GeoIPDBFile /usr/share/GeoIP/GeoIP.dat | ||
| + | </IfModule> | ||
| + | </pre> | ||
| + | |||
| + | /etc/apache2/sites-available/webseite-geoip | ||
| + | <pre> | ||
| + | <VirtualHost *> | ||
| + | ServerAdmin webmaster@example.com | ||
| + | ServerName www.example.com | ||
| + | ServerAlias www.example.com *.www.example.com | ||
| + | DocumentRoot /var/www/webseite/ | ||
| + | |||
| + | <Directory /var/www/webseite/> | ||
| + | AllowOverride FileInfo Options | ||
| + | SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry | ||
| + | Deny from all | ||
| + | Allow from env=AllowCountry | ||
| + | </Directory> | ||
| + | |||
| + | ###### Logs #### | ||
| + | |||
| + | ErrorLog /var/log/apache2/webseite.error.log | ||
| + | LogLevel warn | ||
| + | CustomLog /var/log/apache2/webseite.access.log combined | ||
| + | </VirtualHost> | ||
| + | </pre> | ||
| + | This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat... | ||
| + | |||
| + | php test script (note: remove html comment tags) | ||
| + | <pre> | ||
| + | <!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?--> | ||
| + | </pre> | ||
| + | |||
| + | multiple env variables at the same time (i.e. require both): | ||
| + | Allow from env=AllowedCountry1 & AllowCountry2 | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | </small> | ||
Latest revision as of 07:15, 11 May 2023
Apache hardening: https://wiki.zoneminder.com/Ubuntu_Install_ZoneMinder_on_Ubuntu_Server
Eliminate Error Pages
Append this:
Contents of /etc/apache2/apache.conf
ErrorDocument 400 /error.html
ErrorDocument 401 /error.html
ErrorDocument 404 /error.html
ErrorDocument 403 /error.html
ErrorDocument 500 /error.html
ErrorDocument 502 /error.html
ErrorDocument 503 /error.html
ErrorDocument 504 /error.html
Contents of /var/www/html/error.html
Just a blank file.
Misc
enable / disable ssl (listen on port 443)
a2enmod ssl a2dismod ssl
enable / disable certain php vers
a2enmod php5.6 a2dismod php5.5
GeoBlocking
- https://wiki.pratznschutz.com/index.php/Apache2_Geo_IP
- https://podtech.com/apache/block-ips-by-country-apache/
- https://wiki.ubuntuusers.de/Archiv/Apache/mod_geoip2/
#apt-get install libapache2-mod-geoip #a2enmod geoip cd /usr/share/GeoIP #wget geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz #gunzip GeoLiteCity.dat.gz - this didn't work. todo
geoip.conf
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat </IfModule>
/etc/apache2/sites-available/webseite-geoip
<VirtualHost *>
ServerAdmin webmaster@example.com
ServerName www.example.com
ServerAlias www.example.com *.www.example.com
DocumentRoot /var/www/webseite/
<Directory /var/www/webseite/>
AllowOverride FileInfo Options
SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry
Deny from all
Allow from env=AllowCountry
</Directory>
###### Logs ####
ErrorLog /var/log/apache2/webseite.error.log
LogLevel warn
CustomLog /var/log/apache2/webseite.access.log combined
</VirtualHost>
This guide assumes you know how to restart apache. Make sure ipv6 isnt' enabled, or if you do enable it, you'll also need geoipv6.dat...
php test script (note: remove html comment tags)
<!--?php $country_name = apache_note("GEOIP_COUNTRY_NAME"); echo "Land: " . $country_name; ?-->
multiple env variables at the same time (i.e. require both):
Allow from env=AllowedCountry1 & AllowCountry2
