~ overflow ~

Problem:

How to do a 302/permanent SEO compliant redirect from a root folder to somewhere else?

Solution:

RedirectMatch permanent ^/$ http://mydomain.com/php/index.php

Source:

digitalpoint

Since i keep forgetting this i’m posting here:

RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www\.|$) [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This kind of redirect helps spiders knowing where you site really is, usually if you don’t have those and your non www domain is the same of your www you may get penalized for having a duplicate site. With this 301 redirect this will not happen.

Problem:

how to generate a ssl certificate to integrate with apache’s mod_ssl?

Solution:

You will need OpenSSL.

First step – Generate a RSA Private Key.

Use random files as seed.

openssl genrsa -des3 -rand  file1:file2:file3:file4:file5 -out server.key 1024

openssl will ask you for a password, don’t forget it cuz your key will be useless without it.

— Stolen Text Begins:

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

openssl rsa -in server.key -out server.pem

— Stolen text ends.

Now you need to generate a CSR that will be sent to the Certificate Authority that will verify and i$$ue a signed certificate. Now you will need to fill lots of fields, make sure you write them down, sometimes the CA asks for the info to see if it matches.

openssl req -new -key server.key -out server.csr

Generating a Self-Signed Certificate

Now that your have your csr you may want to test it on your local server, or if you want to actually buy a signed certificate you can just send the server.csr file to your beloved CA. Note that generating self-signed certificates will show an error on client’s browser, since your’re not a trusted entity.

openssl x509 -req -days 60 -in server.csr -signkey  server.key -out server.crt

This will generate a 60 days self-signed certificate.

And now…

You just need to add it to apache!

Usually apache has a ssl.conf or a httpd-ssl.conf file as examples, just copy the .crt, .csr and .key file to the folders there.

There’s also a simple example of doing a implementation of ssl on a domain:

 <IfDefine SSL>

 <VirtualHost _default_:443>
 ServerAdmin webmaster@domain.com
 DocumentRoot /usr/local/apache/share/htdocs
 ServerName www.domain.com
 ScriptAlias /cgi-bin/ /usr/local/apache/share/htdocs/cgi-bin/
 SSLEngine on
 SSLCertificateFile    /usr/local/apache/etc/ssl.crt/server.crt
 SSLCertificateKeyFile /usr/local/apache/etc/ssl.key/server.pem
 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
 CustomLog /usr/local/apache/var/log/ssl_request_log \"%t %h  %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>

 </IfDefine>

…also stolen from the same site.

Notes:

DO NOT use OpenSSL for windows, it has sucked for me.

If you are using this on windows and when starting apache you get:

Init: SSLPassPhraseDialog builtin is not supported on Win32

Remove the password from your server.key file by:

cp server.key server.key.bak

openssl rsa -in server.key.bak -out server.key

Source:

Slacksite.com

Problem:

403 / forbidden on any file, even if the permissions and user / group are right.

Solution:

First check httpd.conf to see if the User and Group statements are compatible with the user you’re trying to access.

“No, you can’t add root there, you idiot.”

After that make sure that the folder /home/<username> is actually owned by the same user and group (or same/lower rights) of the user you’re running apache with.

To make sure you should restart apache completly.

“httpd -k stop;httpd -k start”

401 redirects must be within the same domain without the full url:

ErrorDocument 401 /error_page.ext <– right
ErrorDocument 401 http://www.example.com/error_page.ext <– wrong, EVEN if your domain is the same that it’s being redirect to.

I’ve noticed that apache’s server-status’ speed value is wrong, apache does not take in consideration if the file was all sent or if the download has finished to calculate this, not even the speed itself only the size of the request.

I’m uploading a file from my machine to another using apache running on my machine, however, my connection is slow and eventually the download stops, i can upload at around 64k/s, and yet, apache thinks i’m sending at 12.3mb/s, not sure if this is because the file is being resumed or because apache isen’t really monitoring this kind of activity.

I also noticed that apache does count the cached files on those sums, so, even if the user has the file already and don’t actually downloads off the server (just send a header to confirm if it matches with the local) apache will count this as a full download. As stated on a server i redirected to another.

Problem:

All pages are 403 (fobidden), no matter what.

Solution:

There’s nothing wrong with apache, the file permissions are wrong, make sure that the folders that apache is trying to access are at least 755 (chmod 755), including the /home/ ones.

Problem:

last-modified headers are missing on your httpd servers responses.

Solution:

This is happening because the page you’re testing is being taken as SSI, meaning that it’s being processed in the server first.

I really like to use SSI on my pages, even if they are static, it’s much easier to build them, since the headers and footers are usually all the same, and it’s much easier when you need to modify one of those, editing 2 files changes the whole site.

While building a sitemap script i noticed that server wasn’t returning the last-modified header, which is crucial for the sitemap xml to work right.

After some digging i found out about the XBitHack apache feature, which is able to return the last-modified header, even for cgi scripts.

You can enable this on the server config or on the .htaccess, for me, it was better enable only on the .htaccess, since this might cause unexpected issues and slowdown on the server, as apache site meantion, this last-modified date for SSI pages is harder to be pooled and uses more cpu.

So the solution is simple:

XBitHack On

in some cases you would need to enable it full,

XBitHack Full

This will make the files with execution mode enabled (chmod +x) to have a last-modified header on it, the full mode will enable group checking as well. Check apache docs for more info.

Sources:

Apache SSI Tutorial

XBitHack Directive

Other usefull info:

E-Tag vs Expires

same issue on apache 1.3

Bonus:

Little script to show headers of a page (use it on prompt, php script.php <url>):

<?php

$fp=fopen($argv[1],”r”);
print_r(stream_get_meta_data($fp));

?>

Error:

[XXX] [crit] [client XXX] (13)Permission denied: /path/to/user/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Solution:

chmod 777 /home/userfolder