cPanel Hosting Stuff

Below is a list of all of the modules that come as part of the Apache distribution. For Apache modules that are not part of the Apache distribution, please see http://modules.apache.org

Core
Core Apache features
mod_access
Access control based on client hostname or IP address
mod_actions Apache 1.1 and up
Executing CGI scripts based on media type or request method
mod_alias
Mapping different parts of the host filesystem in the document tree, and URL redirection
mod_asis
Sending files which contain their own HTTP headers
mod_auth
User authentication using text files
mod_auth_anon Apache 1.1 and up
Anonymous user access to authenticated areas
mod_auth_db Apache 1.1 and up
User authentication using Berkeley DB files
mod_auth_dbm
User authentication using DBM files
mod_auth_digest Apache 1.3.8 and up
MD5 authentication
mod_autoindex
Automatic directory listings
mod_browser Apache 1.2.* only
Set environment variables based on User-Agent strings. Replaced by mod_setenvif in Apache 1.3 and up
mod_cern_meta Apache 1.1 and up
Support for HTTP header metafiles
mod_cgi
Invoking CGI scripts
mod_cookies up to Apache 1.1.1
Support for Netscape-like cookies. Replaced in Apache 1.2 by mod_usertrack
mod_digest Apache 1.1 and up
MD5 authentication (deprecated by mod_auth_digest)
mod_dir
Basic directory handling
mod_dld Apache 1.2.* and earlier
Start-time linking with the GNU libdld. Replaced in Apache 1.3 by mod_so
mod_env Apache 1.1 and up
Passing of environments to CGI scripts
mod_example Apache 1.2 and up
Demonstrates Apache API
mod_expires Apache 1.2 and up
Apply Expires: headers to resources
mod_headers Apache 1.2 and up
Add arbitrary HTTP headers to resources
mod_imap Apache 1.1 and up
The imagemap file handler
mod_include
Server-parsed documents
mod_info Apache 1.1 and up
Server configuration information
mod_isapi WIN32 only
Windows ISAPI Extension support
mod_log_agent
Logging of User Agents
mod_log_common up to Apache 1.1.1
Standard logging in the Common Logfile Format. Replaced by the mod_log_config module in Apache 1.2 and up
mod_log_config
User-configurable logging replacement for mod_log_common
mod_log_forensic
Forensic logging of requests made to the server
mod_log_referer
Logging of document references
mod_mime
Determining document types using file extensions
mod_mime_magic
Determining document types using “magic numbers”
mod_mmap_static Apache 1.3 and up
Experimental file caching, mapping files into memory to improve performance
mod_negotiation
Content negotiation
mod_proxy Apache 1.1 and up
Caching proxy abilities
mod_rewrite Apache 1.2 and up
Powerful URI-to-filename mapping using regular expressions
mod_setenvif Apache 1.3 and up
Set environment variables based on client information
mod_so Apache 1.3 and up
Support for loading modules (.so’s on Unix, .dll’s on Win32) at runtime
mod_speling Apache 1.3 and up
Automatically correct minor typos in URLs
mod_status Apache 1.1 and up
Server status display
mod_unique_id Apache 1.3 and up
Generate unique request identifier for every request
mod_userdir
User home directories
mod_usertrack Apache 1.2 and up
User tracking using Cookies (replacement for mod_cookies.c)
mod_vhost_alias Apache 1.3.7 and up
Support for dynamically configured mass virtual hosting

Apache , htaccess and Front Page

Apache directives fall into seven different categories, and all can appear in the server-wide config files. Only five of the categories can be used in .htaccess files, though, and in order for Apache to accept a directive in a per-directory file, the settings for the directory must permit the directive’s category to be overridden.

The five categories of directives are:

AuthConfig
This category is intended to be used to control directives that have to do with Web page security, such as the AuthName, Satisfy, and Require directives. This is the most common category to allow to be overridden, as it allows users to protect their own documents.
FileInfo
Directives that control how files are processed are
Indexes
Directives that affect file listings should be in this category. It includes IndexOptions, AddDescription, and DirectoryIndex, for example.
Limit
This category is similar to the AuthConfig one in that the directives it covers are typically related to security. However, they usually involve involuntary controls, such as controlling access by IP address. Directive in this category include Order, Allow, and Deny.
Options
The Options category is intended for directives that support miscellaneous options, such as ContentDigest, XBitHack, and Options itself.

A special directive, which is usable only in the server-wide configuration files, dictates which categories may be overridden in any particular directory tree. The AllowOverride directive accepts two special keywords in addition to the category names listed above:

All
This is a shorthand way of listing all of the categories; the two statements below are equivalent:

AllowOverride AuthConfig FileInfo Indexes Limits Options
AllowOverride All

None
This keyword totally disables the processing of .htaccess files for the specified directory and its descendants (unless another AllowOverride directive for a subdirectory is defined in the server config files). ‘Disabled’ means that Apache won’t even look for .htaccess files, much less process them. This can result in a performance savings, and is why the default httpd.conf file includes such a directive for the top-level system directory. .htaccess processing is disabled for all directories by default by that directive, and is only selectively enabled for those trees where it makes sense.

As shown above, the AllowOverride directive takes a whitespace-separated list of category names as its argument.

Apache , htaccess and Front Page

You can go through the following different solutions regarding the frontpage time out issues.

==========================================================================

Here’s how to get around the disconnection thing.

Normally you cannot FTP to a server setup without killing the extensions. But when publishing a large site do this:

1) Uninstall FP extensions on your host server.
2) FTP your website to the server AND STOP THE UPLOAD WHEN YOU ARE ABOUT 80% DONE! VERY IMPORTANT!
3) Reinstall FP extentions.
4) Proceed with the FP Publish process and choose “updated pages only” publishing option.

FP will then publish the remaining unpublished content and then plug in the extensions and your done!

==========================================================================

Q. I keep getting the error: “The server ‘”‘ timed out” when I try and open Webs with the FrontPage client. Any solutions would be appreciated. Is there a way of increasing the timeout?

A. This is actually a server configuration parameter. You need to increase the timeout to a more reasonable value. For apache the default is 400 seconds which is about 7 minutes. You can set it to 1200 (20 minutes). This is changed by editing the httpd.conf file and changing the timeout directive.

Timeout 1200

Remember to kill -HUP your server so that it rereads the config file.

Note: In our server i see this value as of only 30, hence need to be cross-checked regarding this value.

=========================================================================

Q. I keep getting the error: “The server ‘”‘ timed out” when I try and open Webs with the FrontPage client. Any solutions would be appreciated. Is there a way of increasing the timeout?

A. This is actually a server configuration problem. You need to increase the timeout to a more reasonable value. You can add

Init fn=init-cgi timeout=”nnn”

where nnn is the number of seconds to wait to your obj.conf file, with the init statement block.

==========================================================================

From time to time we have noticed problems with some of the webs we host. Normally on the larger webs the FP extensions (both v2.0 and v3.0) cause a timeout when opening the site in the FrontPage Explorer. Any suggestions?

There are three parameters which can be added to your frontpage config files (we80.cnf) which may improve the performance on your large webs. These are:

CacheMaxDocMeta
CacheMaxInclude
CacheMaxImage

The current defaults in MB are:

CacheMaxDocMeta: 512
CacheMaxInclude: 16
CacheMaxImage:16

You will want to increase these values to:

CacheMaxDocMeta: number of files in Web
CacheMaxInclude: size of the largest include file
CacheMaxImage: size of the largest image file

You should then recalculate links for your web.

Apache , htaccess and Front Page

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or DC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn’t have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack, up to a certain extend.

What is a DDOS attack?

Simply said, DDOS is an advanced version of DOS attack . Like DOS , DDOS also tries to deny the important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised.

Normally, DDOS consists of 3 parts . One is the Master ,Other the slave and atlast the victim. The master is the attack launcher ie the person/machine behind all this,sound’s COOL right . The slave is the network which is being compromised by the Master and Victim is the target site/server . Master informs the compromised machines, so called slaves to launch attack on the victim’s site/machine. Hence its also called co-ordinated attack.

In my term, Master is said to be the Master Brain, Slave is said to be the launch pad for the attack and Victim is the target.

How do they Do it?

DDOS is done in 2 phases. In the first phase they try to compromise weak machines in different networks around the world. This phase is called Intrusion Phase. Its in the next phase that they install DDOS tools and starts attacking the victims machines/site. This Phase is called Distributed DoS attacks phase.

What Allowed them to do it?

The reasons are given below :-

1) Vulnerable softwares/Applications running on a machine or network.

2) Open network setup.

3) Network/ machine setup without taking security into account.

4) No monitoring or DataAnalysis are being conducted.

5) No regular Audit / Software upgrades being conducted.

What should we do if we are under attack?

First Identify if you are really under attack. If yes, follow the below steps :

Check if your machines load is high and you have large number of HTTP process running.

To find the load just use the command w or uptime -
Eg:-

Quote:

uptime 7:28am up 2:16, 2 users, load average: 4.75, 4.12, 3.64

To find if there is large number of HTTP process running use the command ” ps -aux|grep HTTP|wc -l ”
Eg:-

Quote:

ps -aux|grep HTTP|wc -l 23

In a heavy server , the number of connection will go above 100. But during DDOS attack, the number will go even higher and thats when we need to find out from which all networks are these attacks coming. In DDOS the host machine doesn’t have much importance. Its the network which is of importance here because, an attacker will use any machine on the compromised network or even will use all the machines in the network. Hence network address is of importance while fighting with the attack.

If you have high load (say 5 or more ) and you have large number of HTTP process then i would request you to do the following.

1) At command prompt execute the below command

netstat -lpn|grep :80 |awk ‘{print $5}’|sort

2) Check each block of ips. Like let me say , that you have more than 30 connection from a single ip. Under normal cases there is no need for that many number of connection requests from a single IP. Try to identify such ips/networks from the list you get

3) If more than 5 host/ip connects from the same network then its a clear sign of DDOS .

4) Block that ips/networks using iptables /Apf

iptables -A INPUT -s <Source IP> -j DROP

If you have apf then just add the ips which you want to block in the file /etc/apf/deny_hosts.rules

5) Keep on continuing this process untill the attack on the machine gets reduced.

There is no complete or perfect solution to DDOS . The logic is simple, NO softwares or measures could handle attacks from multiple servers say from 50 - 100 servers all at a time .

All that can be done is to take preventive measures .

How can we prevent or defend ourselves from these attacks?

Like said, Prevention is better than cure. Its very much true in the case of DDOS . In my Introduction, I had mentioned that DDOS happens because of vulnerable softwares/applications running on a machines in a particular network. Attackers use those security holes to compromise the servers in different network and install the DDOS tools (eg trinoo -DDOS tool )

To prevent DDOS in future, follow the below which has 12 major steps.

Setup machine / network keeping security in mind (Implement Good Security policy)

Setup a firewall which does Ingress and Egress Filtering at Gateway
To install APF go through the following :-
http://forums.rsanetworks.net/viewtopic.php?t=249

Install IDS on your gateway/hosts to alert you when someone tries to sniff in.
Eg: AIDE

Quote:

(a) Wget ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.7.tar.gz (b) Untar it tar -zxvf aide-0.7.tar.gz (c) cd aide-0.7 (d) Then execute ./configure -with-gnu-regexp (e) Final steps to install make;make install (f) Now the main step..To configure AIDE.AIDE stores all its rule sets in the file called aide.conf. Lets populate it get more details of how to configure and all from man aide.conf (g) Here I am taking an example .See below Here is a sample short aide.conf: Rule = p+i+u+g+n+s+md5 /etc p+i+u+g /sbin Rule /usr/local/apache/conf Rule /var Rule !/var/spool/.* !/var/log/.* In the above configuration listed , a rule called “Rule” is set to check permissions (p), inode (i), user (u), group (g), number of links (n), size (s), and md5 checksum (md5). This rules are applied to all files in /bin, /sbin, /var, and /usr/local/apache/conf because they should rarely if ever change. Files in /etc are checked for changes in only permissions, inode, user, and group because their size may change, but other things shouldn’t. Files and directories in /var/spool and /var/log are not checked because those are folders where maximum updation takes place. (h) After configuring AIDE should be initiated with all these rules. For that execute aide -init

Conduct regular Audits on each host on the network to find installation of DDOS tools / Vulnerable applications.

Use tools like RKDET(vancouver-webpages.com/rkdet),RKHUNTER(www.rootkit.nl) and CHKROOTKIT(www.chkrootkit.org) to find if any rootkit has been already installed and to locate the effected binaries in the machine, if any.

To install RootKit you can go through the following :-
http://forums.rsanetworks.net/viewtopic.php?t=254

Please find a simple Audit check List below to be done on a Hosts

Eg: Audit Check List

Quote:

A quick checklist: * Software Vulnerabilities. * Kernel Upgrades and vulnerabilities. * Check for any Trojans. * Run chkrootkit. * Check ports. * Check for any hidden processes. * Use audittools to check system. * Check logs. * Check binaries and RPMS. * Check for open email relays. * Check for malicious cron entries. * Check /dev /tmp /var directories. * Check whether backups are maintained. * Check for unwanted users, groups, etc. on the system. * Check for and disable any unneeded services. * Locate malicious scripts. * Querylog in DNS. * Check for the suid scripts and nouser scripts. * Check valid scripts in /tmp. * Use intrusion detection tools. * Check the system performance. * Check memory performance (run memtest).

Enforce and Implement Security Measures on all hosts in the network.

Machines new or old should only be allowed to run on your network, if your Security Admin or DSE (Dedicated Security Expert) member approves it with status “OK-to go live” after auditing the box. All Host in the network should be checked on a regular basis by your DSE team to make sure that all hosts are uptodate and can fight any attacks.

Audit network on a regular basis to see if your network is vulnerable to attacks

Use Open Source Tools like NESSUS(www.nessus.org) ,NMAP(www.insecure.org/nmap),SAINT( www.saintcorporation.com/products/saint_engine.html),SARA (www-arc.com/sara/sara.html)for auditing a network to find its vulnerabilities.

Collect your networks and hosts data . Analysis them and study them to see from where and what kind of attacks are coming into the network. This step will help us to understand what kind of attacks we are facing and will help us to strengthen the preventive measures. Let me tell you this move is worth the money you spend,for sure.

Implement Sysctl protection against DDOS

vi /etc/sysctl.conf
add the below code:

Quote:

# Enable IP spoofing protection, turn on Source Address Verification net.ipv4.conf.all.rp_filter = 1 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1

Add the below code in /etc/rc.local and restart network

Quote:

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > done echo 1 > /proc/sys/net/ipv4/tcp_syncookies

You can also go through the following :-
http://forums.rsanetworks.net/viewtopic.php?t=231

Install Mod_dosevasive to your apache.
Mod_dosevasive is module for Apache to perform evasive action in the event of an HTTP DDoS attack or brute force attack. Please find the installation step of mod_dosevasive in DSO mode below.

Eg: Install Mod_dosevasive

Quote:

bash# wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz bash# tar -zxvf mod_evasive_1.10.1.tar.gz bash# cd mod_evasive_1.10.1 bash# $APACHE_ROOT/bin/apxs -iac mod_evasive.c Dont get scared by the variable “$APACHE_ROOT” . Its nothing, but a simple variable which stores the location of the apache installation (eg $APACHE_ROOT =/usr/local/apache) bash# vi /usr/loca/apache/conf/httpd.conf After this add the below code in httpd.conf <IfModule mod_dosevasive.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule> bash# /usr/loca/apache/bin/apachectl restart

Install Mod_security.

Since DDOS normally targets http. Its always good to have a filtering system for apache . So that the request gets analyzed before web server handles it. Please find the installation step of mod_security in DSO mode below

Quote:

http://www.modsecurity.org/download/modsecurity-apache-1.9.2.tar.gz bash# tar -zxvf modsecurity-apache-1.9.2.tar.gz bash# cd modsecurity-apache-1.9.2 bash# /usr/local/apache/bin/apxs -cia mod_security.c Create a file named mod_security.conf under the folder /usr/local/apache/conf bash# vi /usr/local/apache/conf/mod_security.conf Create the rule with reference to the link http://www.modsecurity.org/documentation/quick-examples.html and add it in the mod_security.conf file. Add the location of mod_security.conf to httpd.conf bash# vi /usr/local/apache/conf/httpd.conf Add the string below Include /usr/local/apache/conf/mod_security.conf bash# /usr/local/apache/bin/apachectl stop bash# /usr/local/apache/bin/apachectl start

Best solution to fight DDOS to a certain extend will be to setup load balancer for your services.

Creating awareness on Security

This is the most important part. People should be Security conscious. Then only they will understand the importance of Security measures . Server owner’s and users should be made aware of the issues which can rise due to bad security measures.

Conclusion
DDOS can be prevented to a certain extend, if hosts and network are secure. So I advice each server owners and network owners to implement security measures on their network ,if they want to fight against DDOS.

Apache , htaccess and Front Page

Sometimes clients want to access their webstats without using cpanel.

That you can do it with the following simple steps:-

1. first ask the url from where clients want to acess their webstats .

(e.g clients want to access webstats under public_html)

2. go to that directory execute the following commands.

ln -s /home/username/tmp/webalizer linkname

chown userneme.username linkname

After this client can access through

“http://domainname/linkname”

Apache , htaccess and Front Page

One client’s requirement is like he wants everything to be redirected to one folder within his public_html folder. But the technical issue comes like if the client accesses anything within that folder once again he will be redirected to the beginning of that folder because of the redirection. But this code excludes the redirection if he accesses anything from within that folder.

Options +FollowSymlinks
rewriteengine on
rewritecond %{request_uri} !^/folder/
rewriterule ^(.*)$ http://www.domain.com/folder/ [r=301,nc]

Put the above code in the public_html and test it.

Apache , htaccess and Front Page

While running /scripts/easyapache in the RHEL servers whenever you get the error

Checking Update System……..Your operating system’s rpm update method (up2date) was not able to locate the glibc package. This is an indication of an improper setup. You must correct this error before you can proceed.
Please correct the conflicts and try again!
Waiting for httpd to restart…………..finished.

It means the systemid and the serverid is not matching with the rhn database. To resolve the issue, the DC has to register the sytem with the rhn. Please see the below url for additional information.

http://kbase.redhat.com/faq/FAQ_61_5418.shtm

Apache , htaccess and Front Page

When you are trying to redirect http://example.com/index.html to http://example.com/ there are somecases where you get redirection limit exceeded as it goes into loop.

Reason for it:
If index.html is requested, you’ll redirect from index.html to “/”. A 301 response will be sent back to the client saying “request that from ‘/’.” So, the client will then request “/”, and then DirectoryIndex (Apache mod_dir) kicks in and redirects that to index.html. IF there are any subrequests associated with fetching index.html, then the redirect 301 (mod_alias) will kick in again, and the whole process starts over. Then you’ve got a loop.

Solution:
Add these entries in .htaccess file

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html
RewriteRule ^index\.html$ http://www.example.com/ [R=301,L]

Now if you give http://example.com/index.html in browser, it is redirected to http://example.com/

Apache , htaccess and Front Page

Sometimes client try to run php script (.php) under cgi-bin folder and get problem like server internal error ( with code 500).

To resolve this problem you follow the below steps.

1. check the ownership and permission of php script under cgi-bin folder.

the permission should be 755 and ownership should be username.

2. check the coding problem by running it manually in the shell by following command
====================
/usr/bin/php filename.php
====================
if it gives any error then there is problem in coding . If possible then check because sometimes it is easy to correct. otherwise tell to client to correct it.

3. Add the apache handler in .htaccess folder under public_html folder as below.
===================================
AddHandler application/x-httpd-php .php
===================================

Actually under cgi-bin folder apache server do not understand php script. Apache server understand only perl ( .pl ) and cgi script file ( .cgi ).
So by adding apache handler it is possible to run the php script file under cgi-bin folder. This apache handler do not useful for .pl and .cgi file. Because server already understand these file under cgi-bin folder.

Apache , htaccess and Front Page

Whenever you get the below problem with frontpage

========================================================
“FrontPage Run-Time Component Page
You have submitted a form or followed a link to a page that requires a web server and the FrontPage Server Extensions to function properly.

This form or other FrontPage component will work correctly if you publish this web to a web server that has the FrontPage Server Extensions installed.

Click the arrow to return to the previous page.”
========================================================

To resolve this problem you need to follow few steps below :-

1. Execute the command ( grep “onSubmit” -r -l ./* ) under /home/username/public_html folder.

You will get some files which contain “onSubmit” word like
==============================================
root@svr9 [/home/kharaz09/public_html]# grep “onSubmit” -r -l ./*
./cusupost.htm
./search.htm
./service.htm
./suggest.htm
================================================

2. Search the line which contain “onSubmit” word in the above listed file.

That line should be like
<form action=”_derived/nortbots.htm” method=”POST” webbot-action=”–WEBBOT-SELF–” onSubmit=”location.href=’_derived/nortbots.htm’;return false;” webbot-onSubmit>

3. Comment these line like

<!–<form action=”_derived/nortbots.htm” method=”POST” webbot-action=”–WEBBOT-SELF–” onSubmit=”location.href=’_derived/nortbots.htm’;return false;” webbot-onSubmit> –>

Apache , htaccess and Front Page