Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Apache vhosts inGentoo
#1

Im trying to set up 2 vhosts on gentoo. I got vhost1.nl and vhost2.nl. For some reason i when i visit vhost2.nl it redirects me to vhosts1.nl and i cannot figuere out why.

 

This is my setup:

 



Code:
# apache2 -V
Server version: Apache/2.2.15 (Unix)
Server built:   Mar 31 2010 09:16:29
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   32-bit
Server MPM:     Prefork
threaded:     no
   forked:     yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/usr"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/httpd.conf"




 

File: /etc/conf.d/apache2

 



Code:
# /etc/conf.d/apache2: config file for /etc/init.d/apache2

# When you install a module it is easy to activate or deactivate the modules
# and other features of apache using the APACHE2_OPTS line. Every module should
# install a configuration in /etc/apache2/modules.d. In that file will have an
# <IfDefine NNN> directive where NNN is the option to enable that module.
#
# Here are the options available in the default configuration:
#
#  AUTH_DIGEST  Enables mod_auth_digest
#  AUTHNZ_LDAP  Enables authentication through mod_ldap (available if USE=ldap)
#  CACHE        Enables mod_cache
#  DAV          Enables mod_dav
#  ERRORDOCS    Enables default error documents for many languages.
#  INFO         Enables mod_info, a useful module for debugging
#  LANGUAGE     Enables content-negotiation based on language and charset.
#  LDAP         Enables mod_ldap (available if USE=ldap)
#  MANUAL       Enables /manual/ to be the apache manual (available if USE=docs)
#  MEM_CACHE    Enables default configuration mod_mem_cache
#  PROXY        Enables mod_proxy
#  SSL          Enables SSL (available if USE=ssl)
#  SUEXEC       Enables running CGI scripts (in USERDIR) through suexec.
#  USERDIR      Enables /~username mapping to /home/username/public_html
#
#
# The following two options provide the default virtual host for the HTTP and
# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
# will not listen for incomming connections on the approriate port.
#
#  DEFAULT_VHOST      Enables name-based virtual hosts, with the default
#                     virtual host being in /var/www/localhost/htdocs
#  SSL_DEFAULT_VHOST  Enables default vhost for SSL (you should enable this
#                     when you enable SSL)
#
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D PHP5 -D PROXY -D PROXY_HTML"

# Extended options for advanced uses of Apache ONLY
# You don't need to edit these unless you are doing crazy Apache stuff
# As not having them set correctly, or feeding in an incorrect configuration
# via them will result in Apache failing to start
# YOU HAVE BEEN WARNED.

# ServerRoot setting
#SERVERROOT=/usr/lib/apache2

# Configuration file location
# - If this does NOT start with a '/', then it is treated relative to
# $SERVERROOT by Apache
#CONFIGFILE=/etc/apache2/httpd.conf

# Location to log startup errors to
# They are normally dumped to your terminal.
#STARTUPERRORLOG="/var/log/apache2/startuperror.log"

# A command that outputs a formatted text version of the HTML at the URL
# of the command line. Designed for lynx, however other programs may work.
#LYNX="lynx -dump"

# The URL to your server's mod_status status page.
# Required for status and fullstatus
#STATUSURL="http://localhost/server-status"

# Method to use when reloading the server
# Valid options are 'restart' and 'graceful'
# See http://httpd.apache.org/docs/2.2/stopping.html for information on
# what they do and how they differ.
#RELOAD_TYPE="graceful"




 

http.conf:

 



Code:
# cat httpd.conf
# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
#         Do not change manually, it will be overwritten on upgrade.
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so

<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>

LoadModule cgi_module modules/mod_cgi.so

<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
</IfDefine>

<IfDefine DAV>
LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>

<IfDefine DAV>
LoadModule dav_lock_module modules/mod_dav_lock.so
</IfDefine>

LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so

<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>

LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so

<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>

LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so

<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>

LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so

<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>

LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so

<IfDefine PROXY>
LoadModule proxy_module modules/mod_proxy.so
</IfDefine>

<IfDefine PROXY>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfDefine>

LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so

# <IfDefine SSL>
# LoadModule ssl_module modules/mod_ssl.so
# </IfDefine>

<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>

LoadModule unique_id_module modules/mod_unique_id.so

<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>

LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User apache
Group apache

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
# flag to use.
Include /etc/apache2/modules.d/*.conf

# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf

# vim: ts=4 filetype=apache




 

Then my conf in /etc/apache2/vhosts.d/*.conf

 



Code:
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

<IfDefine DEFAULT_VHOST>
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.

<VirtualHost *:80>
       ServerName vhost1.nl
       ServerAdmin root@vhost1
       DocumentRoot "/var/www/vhost1.nl/htdocs"

<Directory "/var/www/vhost1/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride All
       Allow from all
</Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>

<VirtualHost *:80>
       ServerName vhost2.nl
       ServerAdmin root@vhost2.nl
       DocumentRoot "/var/www/vhost2.nl/htdocs"

       <Directory "/var/www/vhost2.nl/htdocs">
               Options Indexes FollowSymLinks
               AllowOverride All
               Allow from all
       </Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>
</IfDefine>

# vim: ts=4 filetype=apache




 

Also, what might be something to worth mentioning, is that on vhost1.nl runs a opensource CMS called drupal. I want vhost1.nl redirected to WWW.vhost1.nl. On vhost2.nl is running a plain simple website that i also want to redirect to www. That's why i made the following .htaccess files:

 

vhost1.nl:



Code:
# cat .htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
RewriteCond %{HTTP_HOST} ^vhost1\.nl$ [NC]
RewriteRule ^(.*)$ http://www.vhost1.nl/$1 [L,R=301]




 

vhost2.nl



Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^vhost2\.nl$ [NC]
RewriteRule ^(.*)$ http://www.vhost2.nl/$1 [L,R=301]




 

 

You guys see antything unusual? Thanks in Advance :)

 

Grtz EzMe

Reply
#2

I am not sure whether this is the problem, but if you are redirecting to www.vhost1.nl and www.vhost2.nl, it might be necessary to also include a ServerAlias directive in each virtual host. On my virtual host setup in my Apache configuration, I always set a ServerAlias to handle *.domain.com as well as setting the ServerName to domain.com.

 

Try changing your configuration for each vhost:

 



Code:
<VirtualHost *:80>
       ServerName vhost1.nl
       ServerAlias *.vhost1.nl
       ServerAdmin root@vhost1
       DocumentRoot "/var/www/vhost1.nl/htdocs"

<Directory "/var/www/vhost1/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride All
       Allow from all
</Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>

<VirtualHost *:80>
       ServerName vhost2.nl
       ServerAlias *.vhost2.nl
       ServerAdmin root@vhost2.nl
       DocumentRoot "/var/www/vhost2.nl/htdocs"

       <Directory "/var/www/vhost2.nl/htdocs">
               Options Indexes FollowSymLinks
               AllowOverride All
               Allow from all
       </Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>




 

Does that configuration change have any effect on the redirection behaviour?

Reply
#3
Peter, you just made my day. Thank you very very much! Your solution solved my problem :)
Reply
#4

Quote:Peter, you just made my day. Thank you very very much! Your solution solved my problem :)
 

Glad I could help! :)

 

Just to recap for the benefit of anyone else reading this later (I'll use just vhost1.nl as an example):

 

The ServerAlias line:

 



Code:
ServerAlias *.vhost1.nl




 

Before the ServerAlias line

 

The user goes to vhost1.nl. Apache detects this request as being for the vhost1.nl vhost. At that point, the .htaccess rule kicks in and redirects to www.vhost1.nl. The browser now requests www.vhost1.nl, but without the ServerAlias line, Apache does not know that www.vhost1.nl should fall under the vhost1.nl virtual host and so the wrong content is displayed.

 

After the ServerAlias line

 

 

The user goes to vhost1.nl. Apache detects this request as being for the vhost1.nl vhost. At that point, the .htaccess rule kicks in and redirects to www.vhost1.nl. The browser now requests www.vhost1.nl. The ServerAlias line ensures that Apache knows the request for www.vhost1.nl should fall under the vhost1.nl virtual host. The correct content is then displayed.

Reply
#5

Can I also suggest that you create THREE virtual hosts.

 

Have your first host pointing to a black hole (such as /dev/null) or to a blank holding page.

 

Then have your sites on the second and third.

 

The reason being that if no sitename is matched, then the first will be served up. It also means that crackers sniffing webservers will automatically trawl through the first one if they try addressing it by IP (not by hostname).

 

Even if you deem your very first one to be secure, sniffer progs out there will rapidly fill up your logfiles and skew stats.

 

(posting from Fedora 12!)

 

Footnote: every webserver I run has had a "blank default" site for just this purpose, as well as Fail2ban running against those logfiles. You'll be surprised at just how much unwanted attention your IP can receive.

Reply
#6

Quote:Glad I could help! :)

 

Just to recap for the benefit of anyone else reading this later (I'll use just vhost1.nl as an example):

 

The ServerAlias line:

 



Code:
ServerAlias *.vhost1.nl

<div>


 

Before the ServerAlias line

 

The user goes to vhost1.nl. Apache detects this request as being for the vhost1.nl vhost. At that point, the .htaccess rule kicks in and redirects to www.vhost1.nl. The browser now requests www.vhost1.nl, but without the ServerAlias line, Apache does not know that www.vhost1.nl should fall under the vhost1.nl virtual host and so the wrong content is displayed.

 

After the ServerAlias line

 

 

The user goes to vhost1.nl. Apache detects this request as being for the vhost1.nl vhost. At that point, the .htaccess rule kicks in and redirects to www.vhost1.nl. The browser now requests www.vhost1.nl. The ServerAlias line ensures that Apache knows the request for www.vhost1.nl should fall under the vhost1.nl virtual host. The correct content is then displayed.



</div>
 

That's very well explained. It all makes sense to me now :)

 

Quote:Can I also suggest that you create THREE virtual hosts.

 

Have your first host pointing to a black hole (such as /dev/null) or to a blank holding page.

 

Then have your sites on the second and third.

 

The reason being that if no sitename is matched, then the first will be served up. It also means that crackers sniffing webservers will automatically trawl through the first one if they try addressing it by IP (not by hostname).

 

Even if you deem your very first one to be secure, sniffer progs out there will rapidly fill up your logfiles and skew stats.

 

(posting from Fedora 12!)

 

Footnote: every webserver I run has had a "blank default" site for just this purpose, as well as Fail2ban running against those logfiles. You'll be surprised at just how much unwanted attention your IP can receive.
 

Not a bad idea at all Dungeon-Dave!

 

//edit I just found out about mod_security which kinda does the same? //edit

 

I googled around some and found more info about that here:

 

http://serverfault.com/questions/139891/...s-on-an-ip

and

http://bart.noordervliet.net/archive/7

 

The last solution suited me nicely so i came up with this final vhost config file:

 



Code:
<VirtualHost *:80>
       ServerName BlackHole
       ErrorDocument 403 "The website you requested was not found on this server"
       RewriteEngine on
       RewriteRule . - [F]
</VirtualHost>

<VirtualHost *:80>
       ServerName vhost1.nl
       ServerAlias *.vhost1.nl
       ServerAdmin root@vhost1.nl
       DocumentRoot "/var/www/vhost1.nl/htdocs"

<Directory "/var/www/vhost1.nl/htdocs">
       Options Indexes FollowSymLinks
       AllowOverride All
       Allow from all
</Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>

<VirtualHost *:80>
       ServerName vhost2.nl
       ServerAlias *.vhost2.nl
       ServerAdmin root@vhost2.nl
       DocumentRoot "/var/www/vhost2.nl/htdocs"

       <Directory "/var/www/vhost2.nl/htdocs">
               Options Indexes FollowSymLinks
               AllowOverride All
               Allow from all
       </Directory>

       <IfModule mpm_peruser_module>
               ServerEnvironment apache apache
       </IfModule>
</VirtualHost>




 

If i now try to reach my apache server by example (internal)ip i get a msg saying: "The website you requested was not found on this server" (see attachment)

When i try to goto http://vhost1.nl it now nicely redirects me to http://WWW.vhost1.nl. That's cause of the .htaccess file that i use:

 



Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^vhost1\.nl$ [NC]
RewriteRule ^(.*)$ http://www.vhost1.nl/$1 [L,R=301]




 

The same goes with http://vhost2.nl ofc :)

 

Thanks again guys! I leared alot more about how Apache, mod_rewrite and .htaccess work. I kinda lost this forum a long long time ago but i guess i should bookmark it again :)

<a class="ipsAttachLink ipsAttachLink_image" href="<fileStore.core_Attachment>/monthly_05_2010/post-2829-12738799474041.png" data-fileid="1261">[img]<fileStore.core_Attachment>/monthly_05_2010/post-2829-12738799474041.png[/img]</a>



Attached Files
.png   errormsg.png (Size: 25.37 KB / Downloads: 0)
Reply
#7

mod_security works by interpreting known common exploits and blocks them - bit like a commercial antivirus filter on desktop machines. In most cases, a quick "emerge" then a slight amendment of the config file is enough to make it active, but keep your modsec rules up to date - I have had a few instances where Squirrelmail and Wordpress were blocked by modsec: I added a manual whitelisting before finding a more updated ruleset to use.

 

I run it on several servers and it's prevented quite a few attempted exploits, even against named hosts (rather than default), so I'd recommend it. But I'd also recommend checking logfiles (using logwatch or so) to see what modsec is blocking.

 

Another option to add is suPHP - it makes php files run in the context of the user owning those files, rather than run in Apache context. Less messing with file/dir permissions for sites that have uploaded content, and easier on diagnostics when tracing what processes are up to.

 

(by the way, you've not added any logfile directives into your vhosts - are you logging to one total file?)

 

Other information: https://www.linux-noob.com/forums/index.php?/topic/3835-multiple-virtual-hosts-causing-problems/

Reply
#8

Quote:mod_security works by interpreting known common exploits and blocks them - bit like a commercial antivirus filter on desktop machines. In most cases, a quick "emerge" then a slight amendment of the config file is enough to make it active, but keep your modsec rules up to date - I have had a few instances where Squirrelmail and Wordpress were blocked by modsec: I added a manual whitelisting before finding a more updated ruleset to use.

 

I run it on several servers and it's prevented quite a few attempted exploits, even against named hosts (rather than default), so I'd recommend it. But I'd also recommend checking logfiles (using logwatch or so) to see what modsec is blocking.

 

Another option to add is suPHP - it makes php files run in the context of the user owning those files, rather than run in Apache context. Less messing with file/dir permissions for sites that have uploaded content, and easier on diagnostics when tracing what processes are up to.

 

(by the way, you've not added any logfile directives into your vhosts - are you logging to one total file?)

 

Other information: https://www.linux-noob.com/forums/index.php?/topic/3835-multiple-virtual-hosts-causing-problems/
 

yup yup, i was logging everthing into one big file: /var/log/apache2

Splitting up the vhost makes things more structured, which is a good thing. Also tried mod_security. Let see what this baby does. Especially sinds im running a opensource CMS: drupal. I read alot about Joomla module exploits. Im not sure how things are with Drupal but it seems more tight. And if there comes one anywayz, mod_security might be another hump to take :)

 

Installing was very easy indeed. I tought i had to recompile apache. But "emerge -av mod_security" did the trick. Dont forget to add the "-D SECURITY" to your "/etc/conf.d/apache2" Restart apache with : "/etc/init.d/apache2 restart"

 

The module is configged in /etc/apache2/modules.d/mod_security

 

There are also prewritten rulesets to download but first i removed the old ones:

 



Code:
rm -rf /etc/apache2/modules.d/mod_security/*




 

And downloaded the new ones from here:

 



Code:
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.1-1.4.tar.gz
tar xzvf modsecurity-core-rules_2.1-1.4.tar.gz




 

And sinds we splitted the logs of the vhosts i changed the log entries in the config file at these 2 lines : 176 and 270. So do

 



Code:
nano /etc/apache2/modules.d/mod_security/modsecurity_crs_10_config.conf




 

And made em look like this:

 



Code:
SecAuditLog /var/log/apache2/modsec_audit.log
SecDebugLog /var/log/apache2/modsec_debug.log




 

crtl+c comes in hand here sinds you can see on what line you are.

 

After that i restarted apache :)

Reply
#9

Sounds like the job's a good'un!

 

Next stage: look at putting on something like awstats (logfile analyser) for your sites, so that you can see visitor stats.

 

Also consider adding something like Fail2Ban that scans your apache logs and locks out sniffers - especially if it's drupal/joomla you're running. I get a lot of sniffers trying to exploit phpmyadmin on my server (and it ain't even installed!)

 

ps: "emerge" rocks, doesn't it?

Reply
#10

Atm im running Google Analytics to get info about my users. And tbh, i like it really mutch :)I had awstats installed, some while ago, on some windowsboxes but i dont like it that mutch. But that might also had something todo with the .net urls. Doesn;t makes sence at all (http://www.url.com/goto24.aspx)

 

About Fail2Ban, it looks like a decent program to me. Im not sure how often i will get attacked by one and the same attacker sinds most exploit-attempts seem random. Then again, you can never make security too hard. I am not running IPtables on this particular server tought it's behind another server that acts as a firewall. I cannot seem to find out where i should install Fail2Ban. On the router or the webserver?

 

And yes, emerge rocks your socks! I've been working with gentoo for ages and the packet manager is very very good. I like the fact that it downloads the source of the program you wanna install, checks your hardware and compiles it specificly for that hardware. That way you allways have the best binary specially crafted for your system: a custom OS.

 

A disadvantage is ofc, that it can take ages to compile. Especially when you wanna install gentoo :)But then again, im running my server sinds uhm.. 2003, i guess.. and never had to reinstall it again. Try that with windows :P

 

As a desktop im using Fedora 11 Leonidas. Im not very keen on that tough. It allways feels kinda... sluggish donno. I still didn't figuere out why. Xfce was already way faster then Gnome but still..

 

Anywayz.. let's stay on topic :P Im gonna find some info about Fail2Ban and let's see how this all works :)

Reply


Forum Jump:


Users browsing this thread: 5 Guest(s)