Difference between revisions of "Apache Webserver"

From wiki.linuxonlinehelp.eu
Jump to navigation Jump to search
Line 117: Line 117:
 
Remark:  
 
Remark:  
 
* Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
 
* Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
* Check ALWAYS the Apache Logs for Error! on both Balance Member Servers!!
+
* Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!!

Revision as of 23:24, 9 June 2017

Redirects for Browser with .htaccess

Redirect Browser by Language to other Websites

Create a .htaccess at the Webspace and enter:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:Accept-Language} ^de [NC]
RewriteRule ^$ /linux-support-deutsch [L,R=301]
RewriteRule ^$ /linux-support-english [L,R=301]
</IfModule>

This will redir German and International Users to two different Sites.

Block Access to Subfolders wp-includes of Wordpress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

Analyses and Diagnostics

Apache Log analyse on Console

create a bash script called apache-analyse.sh enter:

#!/bin/bash
cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c
exit 0

System Echos like this:

1573  www.domain2.de
3568  www.domain3.de
..

Analyse Spam Bots and block them

get IP Adresses from Spambots (here xovibot) to update the Firewalls do:

sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | uniq -c | sort -n > x.log

System Echos:

     46 212.224.119.143
     52 185.53.44.101
     54 212.224.119.140
     59 185.53.44.104
     62 212.224.119.142
     71 185.53.44.102
     75 185.53.44.103
     80 185.53.44.67
     80 212.224.119.141
     83 185.53.44.68
     87 185.53.44.43
     ...

manual update to ufw firewall (can be done automatic too, but can take you offline for search engines if the do 404) do:

$sudo ufw insert 1 deny from 185.53.44.0/24 to any       # insert rule
$sudo service ufw force-reload                           # force update firewall
$sudo ufw status numbered                                # test status

Load Balancer for virtual hosts with https

  • Enable apache24 proxy and ssl modules:
$sudo a2enmod proxy proxy_balancer proxy_http ssl && service apache2 restart
  • Now create and enable at /etc/apache2/sites-available:
<VirtualHost *:80>
ServerName linuxonlinehelp.de
ServerAlias www.linuxonlinehelp.de
RedirectPermanent / https://linuxonlinehelp.de/
</VirtualHost>

<VirtualHost *:443>
ProxyRequests off  #MAJOR!!
ServerName linuxonlinehelp.de
ServerAlias www.linuxonlinehelp.de

ProxyPreserveHost on
ProxyPass / balancer://linuxblog:443/
ProxyPassReverse / balancer://linuxblog:443/

<Proxy *>
Require all granted
</Proxy>

<Proxy balancer://linuxblog>
                BalancerMember https://192.168.XXX.001 
                BalancerMember https://192.168.XXX.002 
                ProxySet lbmethod=byrequests
</Proxy>
SSLProxyEngine on
SSLEngine on
SSLCertificateFile     /etc/ssl/cert.pem
SSLCertificateKeyFile  /etc/ssl/privkey.pem
SSLCACertificateFile   /etc/ssl/fullchain.pem
</VirtualHost>

Remark:

  • Disable ALWAYS!! the Balance Manager for Security Reasons over apache2.conf
  • Check ALWAYS the Apache Logs for Errors! on both Balance Member Servers!!