Category Archives: apache

Oct 03

apache — let search engine fetch robots.txt based upon domain name

Posted on by

if you have a website with multiple domain(for some special reason),and you want google or other major search engine to fetch different robots.txt,how will you do?

first,get all ready prepared robots.txt and put them in the root folder of you website.you need to name it as robots.txt ,robots1.txt ,robots2.txt

second,create .htaccess file( if not existed)

third,add the following apache config command to the head of the file

Source code     
RewriteCond %{HTTP_HOST} abcdomain1\.com$ [NC]
RewriteRule robots.txt robots1.txt [L]
 
RewriteCond %{HTTP_HOST} abcdomain2\.com$ [NC]
RewriteRule robots.txt robots2.txt [L]
 
RewriteCond %{HTTP_HOST} abcdomain3\.com$ [NC]
RewriteRule robots.txt robots3.txt [L]
Aug 04

zen cart – .htaccess file to protect images,cache,bmz_cache folder from attact

Posted on by

To compatible with most 3rd application,most server has a common configuration.This lead to some potential security problem.Zen car allow globally read and write to its images,bmz_cache,cache directory.

The following .htaccess config will help to disable the index list of image directory, block any attemp to running script from this directory.you can put this .htaccess in the zen cart images directory for better security.

Source code     
###############################

# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>
 
# but now allow just *certain* necessary files:
<FilesMatch ".*\.(jpe?g|JPE?G|gif|GIF|png|PNG|swf|SWF)$" >
  Order Allow,Deny
  Allow from all
</FilesMatch>
 
OPTIONS -Indexes -ExecCGI

The .htaccess above blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions(image and other approved static file). It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled.This Will also prevent people from seeing what is in the dir. and any sub-directories. We’d better put this file to both images and bmz_image directory.

For the cache directory,we need to block running script and disalbe auto index.so the .htaccess can be:

Source code     
# deny *everything*
<FilesMatch ".*">
  Order Allow,Deny
  Deny from all
</FilesMatch>
OPTIONS -Indexes -ExecCGI
Aug 03

apache – globally disable direcory browsing

Posted on by

Zen cart website have some special folder which allow read write from apache user.This may be a potential security problem.Below is a list of folder we are talking about:

.
|– bmz_cache
|– cache
|– cgi-bin
|– download
|– editors
|– email
|– images
|– includes
|– media
|– pub
|– tempEP

The folder list above is the output from the command below of a zen cart website:

Source code     
tree -d -L 1

Those such directory should not be access directly from the web.but most server config make it possible.As there is no index.php file in those such directory,the apache server may return a index list of file in that directory for all request to the directory without any specified file.For example,a request to http://www.domain.com/cache or http://www.domain.com/bmz_cache will get response with a index list of cache and bmz_cache directory content respectively. So for the security purpose,we need to turn of the auto index feature of apache.

Of course we can put .htaccess fileĀ  in the directory to disable auto index,

Source code     
Options -Indexes

but in this way we will need to create many .htaccess for all directory in all zen cart websites.how to globally disable directory list(auto index) from apache.

Source code     
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

OR

Source code     
<Directory />
    Options FollowSymLinks -Indexes
    AllowOverride All
</Directory>

Both config will work.but the second config is more flexible, as you can change config for some directory but keep other unchanged.and zen cart need .htaccesss for seo and some other purpose.

 

Apr 21

Apache – how to set up mass virtual hosts with mod_vhost_alias module

Posted on by

If you manage many websites on a Apache web server,you may need this to save your time and also the server’s memory.Think about you have 10K website(virtual hosts), you would never like to write the configuration for each virtual host.The Apache configuration file will be huge which my contain about 70k lines (10k multiply 7 ). This will also slow down the Apache web server start speed.

Setting up mass virtual host will dynamically create virtual hosts without any configuration.You don’t need to restart the Apache web server.The only thing you need to do is create a folder in the specified folder and add a dns record.

let’s take a look at how to setting up mass virtual host.

mod_vhost_alias has a config directive VirtualDocumentRoot which dynamically configure the location of the document root for a given virtual host.it allows you to determine where Apache will find your documents based on the value of the server name.

UseCanonicalName Off
VirtualDocumentRoot /var/www/vhost/%2+/
A request to http://www.example.com/ will be served by /var/www/host/example.com/,request to http://www.example.com/page/test.html will be parsed as /var/www/host/example.com/page/test.html

however,with the configuration above is not enough,for request to http://example.com/page/test.html will be served by /var/www/host/.com/page/test.html.This will lead to 404 error page as the file is not existed.
You need to redirect all request to none www domain too its long format www.domain.com.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

So,i config my apache with the following configuration and it work very well.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

<Directory “/var/www/vhost”>
AllowOverride ALL
</Directory>
VirtualDocumentRoot /var/www/vhost/%2+/