Posts Tagged ‘apache’

Get Unique Hostnames from Apache Config Files

By Mark Davidson on April 8th, 2010

Currently where I work we are in progress of doing a big server move and we wanted to get a list of all the domains currently running on one of the servers. So I wrote this bit of Command Line Kung Fu to do just that. Thought that it was quite cool and handy so decided to share it.

So if you run the following (This is with a default Ubuntu configuration of Apache might need to change the path if your configuration is different)

cat /etc/apache2/sites-enabled/* | egrep 'ServerAlias|ServerName' | tr -s " " | sed 's/^[ ]//g' | uniq | cut -d ' ' -f 2 | sed 's/www.//g' | sort | uniq

You will get output like this

subdomain.mysite.com
mysite.com
anothersite.com
pablumfication.co.uk

WordPress Suhosin Memory Limit

By Mark Davidson on February 27th, 2010

On my last post I was uploading some images to include in the post using WordPress. I noticed in my error logs that while resizing the images the PHP script attempts to raise the memory limit.

Feb 26 22:52:29 host suhosin[9636]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 'XXX.XXX.XXX.XXX', file '/var/www/wordpress/wp-admin/includes/image.php', line 161)

This is fair enough and is a good idea for security and to stop your server getting overloaded by a single script. So I looked into how to fix this and its a very simple process.

You need to edit your suhosin config. I am doing this under Ubuntu 9.04 mine is located ‘/etc/php5/apache2/conf.d/suhosin.ini’. To fix it for WordPress just add the setting `suhosin.memory_limit` to the config file with the appropriate value in the case of WordPress it needs to be set to 256.

Your config should end up looking like this

extension=suhosin.so
[suhosin]
suhosin.memory_limit = 256M

that is it really very simple. I am going to have a bit of a tweak with suhosin config later I think the default config can be improved a lot.

mod_security & mod_deflate

By Mark Davidson on February 24th, 2010

Recently with having mod_security running on this server I noticed some errors in the mod_security logs in relation to content encoding

[22/Feb/2010:20:41:06 +0000] [www.pablumfication.co.uk/sid#7f5543997918][rid#7f5543ef1228][/wp-admin/load-styles.php][2] Warning. Operator EQ matched 0 at GLOBAL. [file "/etc/apache2/conf.d/modsecurity/modsecurity_crs_30_http_policy.conf"] [line "120"] [id "960903"] [msg "ModSecurity does not support content encodings"] [severity "WARNING"]

I did a bit of research into the error and found a good post on Klaubert’s Blog – modsecurity vs content compression he suggests a mod_deflate config. He also mentions gmane Mail Archive Rule 960903 – content encodings post where the orignal config is from.

The config file seems to work perfectly but I just thought I would make this post to add a bit of a step by step to making this configuration file work under a standard Ubuntu 9.04 install running mod_security as it is likely that all the required modules will not be enabled by default.

First enable the following modules

sudo a2enmod ext_filter
sudo a2enmod headers
sudo a2enmod filter

Next using your favourite editor start editing /etc/apache2/mods-enabled/deflate.conf and comment out the existing content then add the following.

<IfModule mod_deflate.c>
 ExtFilterDefine nodeflate mode=output cmd=/bin/true \
 enableenv=SomeVarThatWillNeverBeSet

 SetOutputFilter DEFLATE

 # Netscape 4.x has some problems¦
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 # Netscape 4.06-4.08 have some more problems
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 # IE is ok, but looked like Netscape, so we reset it
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

 SetEnvIfNoCase Accept-Encoding gzip force-gzip
 SetEnvIfNoCase TE gzip force-gzip

 RequestHeader unset Accept-Encoding
 RequestHeader unset TE

 # Skip images based on extension
 SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|exe|swf|mp?eg|mp3|tgz|tar.gz|avi|ico|gz)$ no-gzip dont-vary

 # Make sure caching still works
 Header append Vary User-Agent env=!dont-vary

 <IfModule mod_security2.c>
 FilterDeclare modsec CONTENT_SET
 FilterProvider modsec modsecurity_out env=modsec-ignore !=1
 </IfModule>

 FilterDeclare compress CONTENT_SET
 FilterProvider compress deflate env=force-gzip =1
 #FilterProvider compress inflate Content-Type $image/jpeg
 #FilterProvider compress inflate Content-Type $image/gif
 #FilterProvider compress inflate Content-Type $image/png

 FilterProtocol compress "change=yes"
 <IfModule mod_security2.c>
 FilterChain modsec compress
 </IfModule>

 <IfModule !mod_security2.c>
 FilterChain compress
 </IfModule>
</IfModule>

Lastly restart apache

sudo apache2ctl graceful

and thats it done this should allow for mod_security & mod_deflate to run on the server together without erroring.