PUBLIC MARKS from camel with tags web & apache

Bienvenue sur apache-mod-rewrite.fr. Ce site regroupe de nombreuses ressources pour comprendre et utiliser le module Apache mod-rewrite. Ce dernier permet de réutiliser les URL d'accès à votre serveur d'une façon contrôlée par vous. Vous trouverez en parcourant ces pages de nombreuses utilisations (basiques comme avancées) de ce module. Pourquoi ce site ? Le module Apache mod-rewrite est très puissant. Il s'agit d'un outils très souvent utilisé en référencement par exemple, afin de donner aux moteurs de recherches des adresses web plus "humaines" (on parle souvent d'URL Rewriting, en français : Réécriture d'URL). Il permet aussi d'empêcher l'accès à votre serveur pour certaines adresse IP, ou bien de réserver l'accès à certaines de vos pages à votre PC uniquement (ciblage sur l'adresse IP). Ce site a été conçu pour vous donner les bases élémentaires concernant ce module. Une mauvaise utilisation conduit rapidement à une instabilité de votre serveur web. Nous avons décidé d'être les plus pédagogues possible en insistant sur les points délicats de la mise en place des règles du module. Que trouverez-vous sur ce site ? Nous avons essayer de regrouper sur nos pages les astuces les plus courantes et les plus utiles pour un webmaster ou un administrateur web. Vous pourrez lire entre autres comment : * Réécrire vos URL : remplacer les adresses web de vos pages dynamiques de style votre_ndd.fr/index.php?option=artcile&id=12 par votre_ndd.fr/article/12 * Gérer les redirections de façon propre * Empêcher l'utilisation de vos médias (vidéos, images, mp3, ...) par d'autres sites web, ceci afin de garder pour vous la bande passante de votre site web. Petit à petit, avec vos remarques et vos contributions, nous augmenterons le nombre de tutoriels (un tutorial, des tutoriels et pas tutoriaux Wink) et d'exemples concrets.

Vous avez développé votre tout dernier web service destinés à être utilisé par 2 ou 3 autres équipes en interne (voire en externe par des partenaires). Il (le web service) fonctionne bien, tellement bien, que vous commencez à avoir plusieurs dizaines de requêtes par jour. Vous n'aviez pas forcément optimisé les performances du web service, les temps de réponses ne sont pas au beau fixe car vous chargez 150 classes PHP qui sont nécessaires au tout dernier framework à la mode pour accéder à une table de base de données et faire une requête select sur un champ avec une clé primaire pour retourner la fiche descriptive d'un utilisateur, d'un partenaire ou d'un produit. Ou bien, pire encore, pour renvoyez votre catalogue de produits qui fait 150Ko une fois transformé au format XML.

Le serveur Apache n'est plus à présenter et propose nombre d'options liées à la sécurité en soi [1]. Pour autant, des modules tiers permettent d'étendre ses possibilités, que ce soit en termes de filtrage des requêtes et des réponses ou pour contrer les attaques visant à surcharger le serveur. Cet article présente deux de ces modules : mod_security et mod_dosevasive. Tout au long de l'article, nous prendrons l'exemple d'un proxy entrant, mais ces exemples sont bien sûr facilement transposables à un serveur web. mod_security : validation et filtrage des échanges

Speeqe is a web based, group chat client that works with the XMPP/MUC protocol. It is chat made simple. The goal is to give the user the best and easiest experience in creating chat rooms. It is a combination of javascript and python code using a collection of open source software and software tools. This collection is nginx or apache for a frontend. The frontend serves the webclient which is javascript using Strophe and JQuery. It also proxies to Punjab for the BOSH connection to connect to XMPP based servers. To tie it all together there is a small amount of django. Features ¶ HTML/javascript client Themable (all UI is in one html file) Inline images. Inline youtube videos. Kick,ban,unban support. Room configuration. DNS named rooms (ie http://speeqers.speeqe.com will go to the room speeqers@…) Ability to connect to federated XMPP servers and chat rooms.

Many times, you want to execute a command not only on one server, but also on several servers. For example, find out * Version of kernel * Version of Apache web server * Update static html or images files on all web servers via rsync * Find out user information, server information, memory usage etc * Security/patch checking tentakel I have already covered how to execute commands on multiple Linux or UNIX servers via shell script. The disadvantage of script is commands do not run in parallel on all servers. However, several tools exist to automate this procedure in parallel. With the help of tool called tentakel, you run distributed command execution. It is a program for executing the same command on many hosts in parallel using ssh (it supports other methods too). Main advantage is you can create several sets of servers according requirements. For example webserver group, mail server group, home servers group etc. The command is executed in parallel on all servers in this group (time saving). By default, every result is printed to stdout (screen). The output format can be defined for each group.

A good way to see how your Web applications and server will behave under high load is by testing them with a simulated load. We tested several free software tools that do such testing to see which work best for what kinds of sites. If you leave out the load-testing packages that are no longer maintained, non-free, or fail the installation process in some obscure way, you are left with five candidates: curl-loader, httperf, Siege, Tsung, and Apache JMeter.

This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

This tutorial shows how to set up a two-node Apache web server cluster that provides high-availability. In front of the Apache cluster we create a load balancer that splits up incoming requests between the two Apache nodes. Because we do not want the load balancer to become another "Single Point Of Failure", we must provide high-availability for the load balancer, too. Therefore our load balancer will in fact consist out of two load balancer nodes that monitor each other using heartbeat, and if one load balancer fails, the other takes over silently.

Un ensemble de nouveaux tutoriels a été mis en ligne cette semaine pour inaugurer une nouvelle thématique : L'administration de serveurs dédiés. En effet, les hébergements dédiés sont devenus monnaie courante, et il est fréquent de devoir plonger les mains dans le cambouis. Ces tutoriels ont pour but de servir de feuille de route à la mise en place d'un serveur web sous Apache assorti de PHP et MySQL, ainsi que de services mail et ftp. Des conseils en matière de monitoring, de sauvegarde et de sécurité complètent le tour d'horizon. Deux d'entre eux abordent également de façon rapide l'installation du webmail Roundcube et du panel de gestion DTC pour contrôler plus efficacement les services évoqués précédemment dans le cas d'un hébergement multi-domaines.

Typical Scenario: You have a web server that serves your domain. You write a simple script to restart apache each night and pipe the logs off to your analyzer. It works. ISP/Hosting Scenario: Each server hosts many domains. You may also have load balanced servers (multiple machines) serving each domain. A tool like this is necessary to: 1. collect all the log files from each server 2. split the logs based on the virtual host(s) 3. discard invalid entries (phishing, referrer spam, etc) 4. sort them into chronological order 5. feed logs into analyzer 6. do something with the raw logs (compress, save to vhost dir, etc) [edit]

how to set up a two-node Apache web server cluster that provides high-availability. In front of the Apache cluster we create a load balancer that splits up incoming requests between the two Apache nodes. Because we do not want the load balancer to become another "Single Point Of Failure", we must provide high-availability for the load balancer, too. Therefore our load balancer will in fact consist out of two load balancer nodes that monitor each other using heartbeat, and if one load balancer fails, the other takes over silently.

Caching is the temporary storage of frequently accessed data in higher speed media (typically SRAM or RAM) for more efficient retrieval. Web caching stores frequently used objects closer to the client through browser, proxy, or server caches. By storing "fresh" objects closer to your users, you avoid round trips to the origin server, reducing bandwidth consumption, server load, and most importantly, latency. This article shows how to configure your Apache server for more efficient caching to save bandwidth and improve performance. Caching is not just for static sites, even dynamic sites can benefit from caching. Graphics and multimedia typically don't change as frequently as (X)HTML files. Graphics that seldom change like logos, headers, and navigation can be given longer expiration times while resources that change more frequently like XHTML and XML files can be given shorter expiration times. By designing your site with caching in mind, you can target different classes of resources to give them different expiration times with only a few lines of code.

La communauté OpenLiberty.org élabore actuellement un code open source visant à optimiser la sécurité et la confidentialité dans les services Web et les applications Web 2.0. Le code source d’OpenLiberty-J peut être téléchargé librement sur OpenLiberty.org. OpenLiberty.org est une communauté de développeurs formée en janvier 2007 pour coordonner les synergies et les travaux de la Liberty Alliance. Elle regroupe des acteurs comme AOL, HP, Intel, Internet2, Sun Microsystems, Symlabs et la communauté OpenSAM. OpenLiberty.org confirme aujourd’hui la diffusion d’OpenLiberty-J, une bibliothèque client Liberty Web Services (ID-WSF 2.0) open source conçue pour "faciliter le développement et accélérer le déploiement d’applications Web 2.0 standardisées et sécurisées." Diffusé aujourd’hui en version beta sous la licence Apache 2.0, le code OpenLiberty-J peut être examiné et téléchargé sur OpenLiberty.org. OpenLiberty-J permet aux développeurs d’applications d’incorporer les fonctions du standard Identity Web Services Framework de Liberty Alliance dans des applications consommatrices d’identité telles que celles présentes dans les architectures orientées services (SOA) d’entreprise, les environnements de réseau social Web 2.0 et les applications client sur les PC et appareils mobiles.

In this tutorial I will describe how to install and configure mod_cband on an Apache2 web server. mod_cband is an Apache 2 module which provides bandwidth quota and throttling. It solves the problem of limiting users' and virtualhosts' bandwidth usage. The current version can set virtualhosts' and users' bandwidth quotas, maximal download speed, requests-per-second speed and the maximal number of simultanous IP connections.

This article shows 2 awesome ways to implement caching on your website using Apache .htaccess (httpd.conf) files on the Apache Web Server. Both methods are extremely simple to set up and will dramatically speed up your site!

You can benchmark Apache, IIS and other web server with apache benchmarking tool called ab. Recently I was asked to performance benchmarks for different web servers. It is true that benchmarking a web server is not an easy task. From how to benchmark a web server, “First, benchmarking a web server is not an easy thing. To benchmark a web server the time it will take to give a page is not important: you don’t care if a user can have his page in 0.1 ms or in 0.05 ms as nobody can have such delays on the Internet.

This article explains how to set up a two-node load balancer in an active/passive configuration with HAProxy and heartbeat on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using heartbeat, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.). From the HAProxy web site: "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net."

Globule is a third-party module for the Apache Web server that allows a given server to replicate its documents to other Globule servers. It takes care of maintaining consistency between the replicas, of monitoring the servers, and of automatically redirecting clients to one of the available replicas. Globule also supports the replication of PHP documents. It runs on Unix and Windows systems.

Les problèmes de montée en charge sont choses courantes pour un site ou une application web une fois atteint un certain succès. Ces derniers sont bien trop souvent négligés, généralement jusqu’au jour où se trouve atteinte la limite critique entre l’inconfort et l’instabilité. Le trend actuel veut qu’il soit à la fois plus simple et moins cher de rajouter des machines que de reprendre son code en profondeur pour l’optimiser. Encore faut-il que l’application permette un redimensionnement de ce genre sans rentrer dans une phase de refactoring complet. Évidemment, avant d’en arriver à une solution aussi lourde, il vaut mieux s’assurer que tout a été fait pour exploiter au mieux les ressources disponibles, et cela passe notamment par un peu d’optimisation côté serveur.

Pound is a reverse-proxy load balancing server. It accepts requests from HTTP / HTTPS clients and distributes them to one or more Web servers. The HTTPS requests are decrypted and passed to the back-ends as plain HTTP. It will act as: a) Server load balancer b) Reverse proxy server c) Apache reverse proxy etc d) It can detects when a backend server fails or recovers, and bases its load balancing decisions on this information: if a backend server fails, it will not receive requests until it recovers e) It can decrypts https requests to http ones f) Rejects incorrect requests h) It can be used in a chroot environment (security feature)

This article explains how to set up a two-node load balancer in an active/passive configuration with Pound and keepalived on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using keepalived, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. Pound is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.).

This article explains how to set up a two-node load balancer in an active/passive configuration with HAProxy and keepalived on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using keepalived, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.).

This tutorial takes a practical, example-based approach to implementing those rules. It's targeted towards web developers with a small budget, who are most likely using shared hosting, and working under the various restrictions that come with such a setup. Shared hosts make it harder to play with Apache configuration -- sometimes it's even impossible -- so we'll take a look at what you can do, given certain common restrictions, and assuming your host runs PHP and Apache.