Tag Archives: apache

Prevent Denial Of Service attacks with mod_evasive

Posted by on October 11, 2012 No comments

With today’s widespread use of cloud computing due to low cost and ease of use, the entry level hacker has found an easy playground to pray on the unexperienced and unprotected. It’s just amazing how many attack scripts are running against a new AWS EC2 instance as soon as it’s started. So what to do? How to protect against intruders and hackers?

While there are different kind of attacks, in this article we focus on Denial Of Service Attacks. These are the kind of scripts that generate a huge amount of requests to a web server in the attempt to overload it and bring any website to it’s knees. Fortunately, there is an Apache Module called mod_evasive which we can use to detect traffic with malicious traffic pattern and in combination with other tools, such as iptables to stop and lock a possible intruder out. Read more »

Apache Prefork Vs Worker Threads

Posted by on June 27, 2011 No comments

Apache Worker ThreadsWe often get questions like: What is the difference between Apache Worker Threads vs Prefork? Is it bad to have the values the same configuration? Is it bad to have them different?

In this quick article we like to shed some light between the two modules and assess in what given circumstance, certain os and application would call for which solution.
Read more »

Enable Digest Authentication In Apache

Posted by on March 7, 2011 2 comments
Auth Digest

Digest Authentication

Basic http authentication in Apache (mod_auith) has been available for a while, but one major downside still exists, which is the exchange of plain text user name and password information over a possibly unsecured network.
That is where Apache Digest Authentication takes over and provides us with MD5 encrypted values, using the mod_digest apache module.

Here are the steps to create a password file to store all account information, install the apache module mod_auth_digest and the necessary configuration parameters to enable security of our restricted area.

Create Account file

For digest authentication we need to use a utility called htdigest, unlike with basic authentication where we used htpasswd. The application takes the file name, realm and username as arguments, then prompts twice for the user’s password. The flag -c creates a new file, it overrides the existing one if exists. Read more »

Hot To Install Memcache And PHP Client On Mac Snow Leopard

Posted by on February 8, 2010 3 comments

I recently installed the memcached daemon on my MacBook Pro, incuding the necessary PHP client for development purposes. I just prefer to work locally instead of using a VM running Linux. And the process is actually quite simple and straight forward. Please note, I have included both clients, the old standard one and the newer PECL extension, because I deal with different applications and also lots of people seems to get confused when they install one version and their memcache classes cannot get instantiated and throw errors. So, if in doubt, just install both.

These are the five (four if you know which extension you want) components needed:

- libevent (requred library for memcached)

- memcached daemon

- libmemcached (required library for the php client)

- php extension (standard)

- php extension (PECL)

Now open your terminal and off we go: Read more »

How To Add PHP Mcrypt Module On Snow Leopard 10.6

Posted by on November 3, 2009 No comments

These instructions assume that you have a working Apache 2.2 / PHP 5.3 in place and want to add the php mcrypt module. It will work as a fresh install, but keep in mind that additional configuration steps after these instructions are necessary to get your webserver working properly. Those additional steps are omitted here, as there are countless resources available on the Internet.

1. If you don’t already have the mcrypt module (in /usr/lib), download the libmcrypt source code from sourceforge here. Then extract the downloaded file in a Terminal and move inside the created directory. (cd libmcrypt-2.5.8 in my case)

2. Execute the following lines in one command in your Terminal, if you have a 64bit version of Apache/PHP:

CFLAGS=”-arch x86_64″
CXXFLAGS=”-arch x86_64″
./configure –disable-posix-threads

(for 32 bit versions: ./configure –disable-posix-threads)

Read more »

How to install MySQL Server, PHP and Apache on a Mac

Posted by on October 24, 2009 1 comment

These instructions lead you thru the installation of the latest LAMP Stack on MacOS X Snow Leopard.

1 – Download the installation image from MySQL website here. Then double-click to mount and open the disk image.

2 – Install MySQL Server by double clicking the package “mysql-5.1.*****.pkg” and follow the menu, accepting the default values, unless you want to change something and know exactly what you’re doing.

3 – Install MySQL Startup Item by double-clicking the package “MySQLStartupitem.pkg” and follow the menu.

4 – Install MySQL Preference Pane by double-clicking the file “MySQL.prefPane” and follow the menu. This item will simplify the management of your SQL Server. You can now use the “System Preferences” panel to start and stop the database server.

5 – Enable the php module in your apache config file. You might know that Snow Leopard already ships with Apache 2.2 and PHP 5.3, but it needs a couple of tweaks to make it work smoothly. So, open /etc/apache2/httpd.conf and search for “php5_module”. Remove the comment (#) in front of the line, save and close the file, then restart apache (sudo apachectl restart)

Read more »

Nginx and memcached module

Posted by on July 17, 2009 No comments

Memcache is traditionally used as a module inside server side scripts, such as PHP, ASP, ColdFusion and others. And it’s doing a terrific job, as long as it’s implemented correctly.

But if we look under the hood of the actual Memcache application, and I’m not talking about the PHP or ASP extension, but rather the executable that’s running as a daemon under linux, for example, it is a rather simple database like application running in memory. Now there are two basic actions that need to be performed to use it, one is writing info into memcache, the other is reading it. In a typical scenario, there are many reads for one write, that’s the whole point, isn’t it. But what if we can isolate the reading from the server side scripts, and let a small high speed module do that for us.

Read more »