Tag Archives: apache

apt get install libapache2 mod evasive

apt-get install libapache2-mod-evasive

cat > /etc/apache2/mods-enabled/mod-evasive.conf <<EOF
<IfModule mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 2
 DOSSiteCount 50
 DOSPageInterval 1
 DOSSiteInterval 1
 DOSBlockingPeriod 60
</IfModule>
EOF

Similar Posts:

Tagged , ,

Protecting Against WordPress Brute-Force Attacks

One of our customers was experiencing very high load today. Checking his logs showed too many IPs trying to hack at the wp-admin.php login page. Here’s a snapshot of what I saw:
# tail -f /var/www/vhosts/*/statistics/logs/*_log
==> /var/www/vhosts/example.com/statistics/logs/access_log <== 10.0.1.169 - - [03/Oct/2013:05:50:17 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 10.1.1.206 - - [03/Oct/2013:05:50:21 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 10.0.2.197 - - [03/Oct/2013:05:50:23 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" 10.0.55.117 - - [03/Oct/2013:05:50:24 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"

That went on forever!

The first thing I did was use the fail2ban filter I found here.

Unfortunately this did not work as the attack was widely distributed. Fail2ban is ineffective against such attacks. So the next thing I tried was password protect that page. I added a few lines in the apache configuration for that VirtualHost for basic authentication. That worked and the load instantly dropped to normal.

In case the files got lost or misplaced here's the gist:

Similar Posts:

Tagged , , , ,

Images not displayed unless site is refreshed

I faced a bit of puzzle today with Tomcat/Apache setup.
Tomcat is running in the background with Apache as frontend via mod_proxy_ajp. The site loads ok except for static files that return a 404 (File Not Found) on first load, then show up normally on refresh!

The apache configuration looks like the following:

Alias /static /var/www/static
ProxyPass /static !
ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/

An example failing URL: http://example.com/static/images/email.png;jsessionid=3892BC4B4C26073338268AF98ECA73D6
And in the error log I see the following:
[Fri Sep 06 10:18:14 2013] [error] [client 00.00.0.000] File does not exist: /var/www/static/images/email.png;jsessionid=3892BC4B4C26073338268AF98ECA73D6, referer[…]

Then it dawned on me that apache wouldn’t know about the jsessionid if it was not sent over to tomcat for processing. Since apache was handling static files the session id needed to go.

Solution: I added the following rewrite rule


        RewriteEngine On
        RewriteRule static/(.*);jsessionid=.* /static/$1 [R,L]

related searches I came across while googling:
page not found when including jsessionid in URL
;jsessionid and 404 File Not Found
Apache getting confused by encoded jsessionid’s (404 Not Found)

Similar Posts:

Tagged , , , , , ,

Password Protect Web Directory Using htaccess

This is a trivial matter for most admins. Here’s a quick recipe:

AuthType Basic
AuthName "Restricted Area"
AuthBasicProvider file
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

Similar Posts:

Tagged , , ,

Stop Apache VirtualHost Spoofing

There are many techniques to stop spoofing websites. One of the most straight forward is to create a default NameVirtualHost to capture and block all spoofs. Here’s a recipe I’m using:

ServerName stop.spam
DocumentRoot /var/www/stopspam
ErrorLog /dev/null

Deny from all

Similar Posts:

Tagged , , ,

Apache Reverse Proxy + SSH Reverse Tunnel

Disclaimer: This setup is just a bit crazy, and I wouldn’t recommend it for a production site. Works for me.
I needed to allow some clients to test a web app I’m working on. But I didn’t want to deploy the code to a server for now for different reasons (mainly memory constraints). So the solution was to setup a reverse proxy using apache to my local machine. Check out the code after the break Continue reading

Similar Posts:

Tagged , , , , , ,

Redirect all traffic to https

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Similar Posts:

Tagged , , ,