Apache Logo

Back in the early days of DDOS attacks this would have been a highly dangerous tool. Thankfully it is very easy to block a basic attack like this, so i don’t see the risk of explaining how to use this method. Apache has a tool built into it that will allow you to send a predefined number of requests to a website in order to see if it can handle the load. Here is what you need to do to benchmark a website using Apache.

Apache has a fantastic benchmark tool that you can use to check the performance of your website. If you are expecting a flood of traffic for some particular reason, it would be good to know if your server is capable of handling such a flood. This tool will give you a good idea on whether the server is going to be able to handle the load of traffic.

The format of the command is very simple. You can run it on any server that is using apache. Since most web servers that run apache, will be using some flavor of Linux, i will give you the linux command line method of performing this. The application is called ApacheBench. It may already be installed, but if it isn’t it should be easy to install it.

Once you have it installed you can run a quick test to see how your server handles it. The format of the request is very simple. The first number is the total number of requests you want to send and the second is the amount of requests you want to send at the same time (concurrently). The concurrent value is the most important as this is the one that is most likely to crash the server if it receives too many requests at once. You can play around with the values as you please.

The following command will send a total of 1000 requests to a single URL by grouping them in sets of 100 requests at a time. Make sure to include the “/” at the end of the website path.

If i run the above command against this website I get the following results.

 

Setting up a redirect using Apache is quite simple, but getting it to work with dynamic URLs can be a lot more difficult. Lets say you want to redirect all traffic from one file to another file in a different location/server. How do you perform this redirect while keeping all of the url variables intact? I have seen some many answers from people that suggest you use a mod rewrite matching method that has all sorts of complicated matching parameters that make it almost impossible to convert that answer into a solution that works for you. This solution is far more simple and will work for most instances without needing to be heavily modified.

In order to setup this redirect you will need to add some code to the .htaccess file of your website. This file can usually be found in the root directory of your website. It is more efficient to use your htaccess file when compared to using PHP. When you use PHP, Apache will need to call it and then PHP does the work. It might be easier to work with PHP, but doing the job with Apache cuts out the work the server has to do. The following piece of code will perform a simple redirect from a file in one server to a file on a different server/subdomain.

It’s as simple as that. By putting the $1 at the end, it is telling apache to match a url that starts “script1.php” and treat everything after this as a variable, when performing the redirect, put all of this content at the end of the new URL. If your files are inside a sub folder you can easily add this onto the first part of the redirect match.

This is a much cleaner and simple method of performing a redirect for a single file while keeping all of the URL variables in place.

Sometimes you get hit with a load capacity issue that you may have not expected. For example, you have created a site with multiple scripts and these scripts are now being accessed so much that the one server isn’t able to cope with all of the traffic. Rather than spending a fortune setting up fancy hadoop cluster, you can simply setup subdomains. For example if you moved http://website.com/scripts/script1.php to http://scriptserver1.website.com/scripts/script1.php you could better balance the load across multiple servers and use DNS records to change where it is pointing. Setting the subdomains up is simple, but the problem is how do you setup a redirect on the old server that will push all traffic to the new url? You could use PHP, but why not let Apache do the job instead of bringing PHP into the mix.

Using the .htaccess file in the root directory of your website you can make Apache redirect

If you are using a script that required some extra variables you can instead use the RedirectMatch method instead. This will allow you to perform the same redirect above where you will redirect a file from one location and send it to a file in a different location. The only difference here is that any url variables will be passed along with the redirect. For example, if your original URL contained something like script1.php?foo=123&bar=123454. All of the information after the ? would also be passed along to the new script.

 

cloudflare-logo

When using Cloudflare, you will notice that the REMOTE_ADDR variable no longer displays the correct user IP. Since Cloudflare acts as a proxy, the IP will always be a Cloudflare IP. If you have any code such as user votes that are using the IP as a unique way to stop users voting multiple times, you will find that this code is no longer working correctly. The solution to this is to install the Apache module which will correctly resolve the IPs that are being sent from Cloudflare. There is currently no module for Centos 7 and a few other operating systems which leaves us stuck. I looked into the issue and found that there is already a way to access the users IP without installing anything.

If you are using a language like PHP, dump out the server variables using a command such as var_dump($_SERVER); This will allow you to see all of the server variables that you currently have access to. You will see that there are a few new variables that are not normally there. The important variable here is HTTP_CF_CONNECTING_IP. This variable contains the actual user IP that would normally have been present in the REMOTE_ADDR variable. You will also find that the HTTP_X_FORWARDED_FOR variable also contains the exact same value.

This is a quick solution for anyone writing code that is depending on the IP being correct. If you are using any software that you didnt write, you might still be in trouble as this is difficult to change.

command line

Installing can be quite simple to do and also very dangerous as you install something, it completely wrecks apache and now your web server wont start back up again. Well worry not, its very easy to uninstall anything that you have installed. The first thing you need to know is that the name of the package changes from the name of the original file that you downloaded and installed. You will first need to perform a search of everything that is installed to get the name of the package you are looking for. Using grep will make this way easier.

This will generate a massive list of all of the packages installed on your system if you run it without the grep. Once you have found the name of the package you want to install run the following command to uninstall an RPM package from your system.

If the RPM that you installed was part of another application such as an apache module, make sure to run the command to restart the application in case it has crashed with the install of the RPM.

Thankfully this is very easy to perform. You can begin to get over the mini heart attack you had when your server went down now 🙂

PhpMyadmin is a fantastic tool that gives you an easy to use web interface that lets you manage a MySQL database. You can install PhpMyAdmin by downloading the source files from the official website and placing them onto your web server following the config. Better news is that there is actually a package on Centos and Red Had operating systems that will let you install it through the command line.

In order to get access to phpmyadmin via yum you will need to enable the epel repository. Execute the following commands to install epel and phpmyadmin.

Once this has completed you will now have phpmyadmin installed on your server. You will need to restart apache in order for it to pick up the new conf files that were created when apache was installed.

If you now visit “/phpmyadmin” for your website e.g. http://website.com/phpmyadmin. You will be able to gain access to the UI. Chances are you will encounter permission issues trying to access this. I constantly get this error when i first install phpmyadmin. In order to be able to use PhpMyAdmin without getting permission errors go to /etc/httpd/conf.d/phpmyadmin.conf. Replace the contents of the file with the following and restart apache after.

Save this file and restart apache

Try visit the URL again and you should now have access to phpmyadmin.

 

Apache Logo

In order to be able to use RewriteEngine to rewrite URLs you will need to have mod_rewrite installed for Apache. To Install it enter the line of code below into terminal. The following line will install for CentOS. This command may differ for different Linux distributions.

Once installed you will need to open your httpd.conf file which should be located in /etc/httpd/conf/httpd.conf. Scroll down and make sure the mod_rewrite module is uncommented. Note: There will be a # in front of the line if it is commented out. Remove the # if it is there.

The final step is to allow URLs to be rewritten in your websites directory. E.G. If your site is located in /var/www/html you will need to look for a DocumentRoot block that contains the path. This was listed twice for me so make sure you check to see there isnt a DocumentRoot entry for your path more than once.

You need to change this to

Now restart apache and you should be able to add rewrite rules to your .htaccess file.

Apache Logo

There are several ways to protect a directory from URL access but most of these will also block your website from being able to access them. Heres what you do to protect a directory from being accessed by a URL but still let your website access the contents of the directory.

Open the directory you want to protect and create a new file called “.htaccess”. Open the file and add the following line of code.

Save the file and try access the directory. You should get a forbidden error e.g. “You don’t have permission to access /images/ on this server.”. If you check your website the images should still be showing up.

You will need to add a .htaccess file to every directory that you want to protect.