Nov 27

remove server info and PHP info from response header

Below is a comm http response header:

HTTP/1.1 200 OK
Date: Wed, 27 Nov 2013 01:18:27 GMT
Server: Apache/2.0.55 (Debian) PHP/5.1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

To keep your server from attack, you should hide all unnecessary information about your system.With apache web server,this was control by ServerTokens  and ServerSignature config directive.From apache manual,we find out  all available config value of ServerTokens and its sample out.

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Obviously, we should turn our config to ServerTokens Prod.

To stop apache from exposing info in related error page,we need to turn off ServerSignature.

ServerSignature off

To hide the php related information,locate your php config file, find or add expose_php.

expose_php off

Nov 17

linux – how to replace special string in multiple files

As an administrator, you will need to fix an error for all user.I found that there are some users use [NC] flag with -f,-d,-l in their RewriteCond directive in zen cart .htaccess file. This misconfiguration is not so critical but it will force the busy server stop  to write to disk and generate huge big error log.i can not just sent a  notice to all the related customers about fixing their error.you know the customer is the god.

i don’t want to correct all the .htaccess file one by one.So,first i need to locate all the file contain
RewriteCond %{REQUEST_FILENAME} !-f [NC]

The command below will list all the .htaccess file containing ‘!-f [NC]‘ from all users’ document root.
# grep -ril ‘\!-f \[NC\]‘ /home/*/www/.htaccess

Now,with the single command below, i will replace all ‘!-f [NC]‘ with ‘!-f‘ in all related .htaccess files found.
#sed -i ‘s/\!-f \[NC\]/\!-f/g’ `grep -ril ‘\!-f \[NC\]‘ /home/*/www/.htaccess`

 

Nov 16

Apache – RewriteCond: NoCase option for non-regex pattern xx is not supported

we got lots of ‘NoCase option not supported’ warning like below from our apache server error log

[Fri Nov 15 20:46:14 2013] [warn] RewriteCond: NoCase option for non-regex pattern ‘-f’ is not supported and will be ignored.

As you may have guessed the problem is with your rewrite rule and one or more lines RewriteCond in your .htaccess file. From the mod_rewrite documentation,i found this

‘nocase|NC’ (no case)
This makes the test case-insensitive – differences between ‘A-Z’ and ‘a-z’ are ignored, both in the expanded TestString and the CondPattern. This flag is effective only for comparisons between TestString and CondPattern. It has no effect on filesystem and subrequest checks.

Pay attention to the last sentence It has no effect on filesystem and subrequest checks. this means that ‘nocase|NC’  is no need when you use ‘-d’ (directory) ‘-f’ (regular file) and ‘-l’ (symbolic link)  in your code pattern in the RewriteCond directive. they will just be ignored.

Unfortunately it is not explicitely written but these CondPatterns will only work in case sensitive mode when it contains filesystem related flags(-d,-f,-l).so keep in minds that you can not test insensitive mode in linux server.This means

If there is a file name A.php in domain(abcdomain.com) root it can be reached via http://www.abcdomain.com/A.php but not http://www.abcdomain.com/a.php

Someone may find that the warning messages still showing up that the waring show up in the error log file after the removed the NC flag.i thought it was because the error log was global error log,so the warning messages will continue showing up before you fix all website on the server.

 

 

Oct 19

apache — 301 redirect from long domain www.abcdomain.com to short abcdomain.com

For search engine, www.abcdomain.com and abcdomain.com are different domain.For seo purpose,we need to do 301 redirect to tell search engine to  treat the two domain as one.

To redirect long form domain with www to the domain without www,you can use the rewrite rule below.this can help you save time if you have lots of websites.

RewriteCond %{HTTP_HOST} ^([a-z0-9-]+)\.([a-z]+)$
RewriteRule (.*) http://www\.%1\.%2/$1 [R=301,L]

OR

RewriteCond %{HTTP_HOST} ^([a-z0-9-]+)\.([a-z]+)$
RewriteRule (.*) http://www\.{HTTP_HOST} [R=301,L]

On the other way,if you prefer to keep short form domain,you can adapt the rule to:

RewriteCond %{HTTP_HOST} ^www.([a-z0-9-]+)\.([a-z]+)$
RewriteRule (.*) http://%1\.%2/$1 [R=301,L]

Aug 07

apache — Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe.

This afternoon,i was trying to install zen cart v1.5.1.The zen cart installer shows that my running php is of version 5.2.6. To continue the installer, the minimum version of php should be 5.2.14.

Unlucky,i didn’t find any php addons which meets zen cart 1.5.1 version. The newest php version wamp support is 5.2.11  which means i will have to grab a new php developing platform(kit).that’s no good.it takes too much time and too much work need to be done. i decided to integrate php5.2.17 to wamp.

At the first time,i download  php-5.2.17-nts-Win32-VC6-x86.zip (VC6 x86 Non Thread Safe) from http://windows.php.net/downloads/releases/php-5.2.17-nts-Win32-VC6-x86.zip.After some setting tweaks,i restart the apache,it shows the error:

Apache is running a threaded MPM, but your PHP Module is not compiled to be threadsafe. You need to recompile PHP.
Pre-configuration failed.

Then i noticed the nts from the file name of the downloaded zip. To fix the problem,i need to download a Thread Safe version. i download from http://windows.php.net/downloads/releases/php-5.2.17-Win32-VC6-x86.zip. It works. maybe you can config apache to run in cgi mode.i didn’t try that.

VC6 x86 Thread Safe

http://windows.php.net/downloads/releases/php-5.2.17-Win32-VC6-x86.zip

Jul 06

how to check if php suport jpeg or png

how to check if your php support jpeg or png on your web server? you can create a phpinfo page to check the gd section. or you can run the following command directly in your shell:

# php -r 'print_r(gd_info());'
Array
(
 [GD Version] => bundled (2.0.34 compatible)
 [FreeType Support] =>
 [T1Lib Support] =>
 [GIF Read Support] => 1
 [GIF Create Support] => 1
 [JPEG Support] =>
 [PNG Support] => 1
 [WBMP Support] => 1
 [XPM Support] =>
 [XBM Support] => 1
 [JIS-mapped Japanese Font Support] =>
)
May 15

linux — install mod_rapf to work with apache2.4 backend in ubuntu

you can not get real ip of the client making the request if you put apache behind the nginx server.All cilent ip become 127.0.0.1 in the apache access log.tha’s because that nginx now become the client of the apache server.To circumvent this, you’d want to install mod_rpaf (http://stderr.net/apache/rpaf/).

To get and source code:

Source code    
http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz

To build and install a third-party Apache module,we need the help of apxs

Source code    
apxs -c mod_rpaf-2.0.c
apxs -i -a -n mod_rpaf-2.0 mod_rpaf-2.0.la

However,i got error message:

Source code    
usr/local/apache2/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic   -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2/include  -I/usr/local/apache2/include   -I/usr/local/apache2/include   -c -o mod_rpaf-2.0.lo mod_rpaf-2.0.c && touch mod_rpaf-2.0.slo
mod_rpaf-2.0.c: In function 'rpaf_cleanup':
mod_rpaf-2.0.c:150: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'remote_addr'
mod_rpaf-2.0.c:151: warning: implicit declaration of function 'inet_addr'
mod_rpaf-2.0.c:151: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c: In function 'change_remote_ip':
mod_rpaf-2.0.c:164: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:183: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:186: error: 'conn_rec' has no member named 'remote_ip'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'remote_addr'
mod_rpaf-2.0.c:187: error: 'conn_rec' has no member named 'remote_ip'
apxs:Error: Command failed with rc=65536

After google,i know that the mod_rpaf need to pached to work with apache2.4.

Source code    
apt-get install git
git clone git://gist.github.com/2716030.git
apt-get install patch
patch mod_rpaf-2.0.c 2716030/mod_rpaf-2.0.c.patch

if you don’t like to use git,you can just copy and save the diff file.Now compile and install again:

Source code    
apxs -c mod_rpaf-2.0.c
apxs -i -a -n mod_rpaf-2.0 mod_rpaf-2.0.la

BUT after install,when you tried to check with

Source code    
httpd -S

it shows that there are some syntax error if apache load the new complied mod_rpaf-2.0.so.after some try,

Source code    
apxs -c mod_rpaf-2.0.c
apxs -i -a -n mod_rpaf mod_rpaf-2.0.c

This will work.maybe this only happened in ubuntu.

May 09

linux – “Disk xxx contains BIOS RAID metadata”

While installing Cent OS 6.4,i got the error like below:

Getting error “Disk sda contains BIOS RAID metadata, but is not part of any recognized BIOS RAID sets. Ignoring disk sda.”

after googling,i reboot into rescue mode,with the following command to erase the whole disk:

dd if=/dev/zero of=/dev/xxx (xxx is the disk you would like to install linux)

Apr 29

linux — install cent os via url mirros in china

Below list some available mirrors url that can be used to do a network installation of cent os:

http://mirror.bit.edu.cn/centos/6.4/os/

http://mirrors.yun-idc.com/centos/6.4/os/

http://mirrors.btte.net/centos/6.4/os/

http://mirror.esocc.com/centos/6.4/os/

http://mirrors.163.com/centos/6.4/os/

http://mirrors.sohu.com/centos/6.4/os/

http://mirror.neu.edu.cn/centos/6.4/os/

Apr 27

linux — CentOS change the name of the network interface

The network didn’t work in my new minimal CentOS install. After some try on changing both “adapter type” and mac addr,i found that with ifconfig command

> ifconfig -a

First,you need to edit the file below,find the line with your mac(the one generated by Virtulbox),change ethx to ech0,remove all other lines.
> vim /etc/udev/rules.d/70-persistent-net.rules

the name of the network become eth3.not eth0 by default.but there is only ifcfg-eth0 in /etc/sysconfig/network-scirpts/. so is it possible for me to revert the name back to eth0?yes!

SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”08:00:27:07:aa:e6″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”03:00:23:24:45:e2″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”03:00:37:27:ba:a3″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”05:00:37:07:ab:c6″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth3″

Now, reload the udev configuration.
>  start_udev

Third,restart network service
> service network restart