PUBLIC MARKS from falko with tags debian & apache

mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.

This guide shows how you can write the Apache2 access log to a MySQL database instead of a file. To achieve this, I use the Apache2 module mod_log_sql. I am using a Debian Etch server in this tutorial.

This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

This tutorial shows how to install and use mod_python on a Debian Etch server with Apache2. mod_python is an Apache module that embeds the Python interpreter within the server. It allows you to write web-based applications in Python that will run many times faster than traditional CGI and will have access to advanced features such as ability to retain database connections and other data between hits and access to Apache internals.

This guide explains how to set up WebDAV with MySQL authentication (using mod_auth_mysql) on Apache2 on a Debian Etch server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.

This guide explains how to set up WebDAV with Apache2 on a Debian Etch server. WebDAV stands for Web-based Distributed Authoring and Versioning and is a set of extensions to the HTTP protocol that allow users to directly edit files on the Apache server so that they do not need to be downloaded/uploaded via FTP. Of course, WebDAV can also be used to upload and download files.

This guide explains how to integrate XCache into PHP5 on a Debian Etch system (with Apache2). From the XCache project page: "XCache is a fast, stable PHP opcode cacher that has been tested and is now running on production servers under high load." It's similar to other PHP opcode cachers, such as eAccelerator and APC.

Starting with version 2.2.20, ISPConfig has built-in support for Ruby. Instead of using CGI/FastCGI, ISPConfig depends on mod_ruby being available in the server's Apache. This article explains how to install mod_ruby on various Linux distributions supported by ISPConfig.

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

Since Apache 2.1, a new module called mod_proxy_balancer is available which lets you turn a system that has Apache installed into a loadbalancer. This loadbalancer retrieves requested pages from two or more backend webservers and delivers them to the user's computer. Users get the impression that they deal with just one server (the loadbalancer) when in fact there are multiple systems behind the loadbalancer that process the users' requests. By using a loadbalancer, you can lower the load average on your webservers. One important feature of mod_proxy_balancer is that it can keep track of sessions which means that a single user always deals with the same backend webserver. Most websites are database-driven nowadays with user logins etc., and you'd get weird results if a user logs in on one backend webserver, and then his next request goes to another backend webserver, meaning he'd get logged out again. You can avoid this by using mod_proxy_balancer's session-awareness.

This article shows how you can install Ruby on Rails (RoR) and integrate it in Apache2 on a Debian Etch system. Ruby on Rails is a web application framework which is rapidly gaining popularity among web programmers. It aims to increase the speed and ease with which database-driven web sites can be created and offers skeleton code frameworks (scaffolding) from the outset. Applications using the RoR framework are developed using the Model-View-Controller design pattern.

This tutorial shows how to install and use suPHP with the ISPConfig control panel on a Debian Etch server. When you have set up suPHP on your ISPConfig server, you are able to run the PHP scripts under the admin user of the website instead of the Apache user.

This tutorial shows how to set up a Debian Etch (Debian 4.0) based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Debian Etch, but should apply to the 64-bit version with very little modifications as well.

With this guide I explain how to set up suPHP on a Debian based ISPConfig server with PHP 4. When you have configured suPHP on your ISPConfig server, you are able to run the PHP scripts under the admin user of the website instead of the Apache user.

Auth Shadow or mod-auth-shadow is a module for apache (and apache2, sort of) that enables authentication against /etc/shadow. The benefits being that any system user with a password can be authenticated for web_dav, subversion or simply an https server. The only other way to do this is with PAM. That method is dangerous because the apache user (www-data in my case) must be able to read /etc/shadow. Obviously, not a good idea. Auth Shadow accomplishes this safely by using a intermediate program called validate. This works because validate can be owned by root but executable by everyone. In the event that your server is compromised through apache, your password file will not be readable.