Apache

From SlackWiki
Jump to navigation Jump to search

Tuning logs

I'm sure all of you have gotten x90's and other worm hits flooding your apache logs. Well its an easy fix, just edit a few things. First find and edit your log entries:

CustomLog /var/log/apache/access_log common env=good
CustomLog /dev/null common env=!good

You can use an actual file to log errors, instead of dumping them to /dev/null

Now we find a section that looks similiar below

Now lets tell it what to log :) Notice WHAT TO LOG

<IfModule mod_setenvif.c>
SetEnvIf Request_Method "HEAD" good
SetEnvIf Request_Method "GET" good
SetEnvIf Request_Method "POST" good
SetEnvIf Request_URL "^/script" !good
SetEnvIf Request_URL "^/default.ida" !good
SetEnvIf Request_URI (.*)default\.ida !good
SetEnvIf Request_URI (.*)cmd\.exe !good
SetEnvIf Request_URI (.*)scripts !good
SetEnvIf Request_URI (.*)root\.exe !good
</IfModule>

Notice how there are 2 goods, One is with the ! and one without. The first one without the ! is what apache will log. The second !good, that tells apache what you dont want to log. In the above example i have SetEnvIf Request_URI (.*)default\.ida !good. This would actually find anything with default.ida and not log it. This would stop the default.ida?XXXXXXX in the logs. That will match anything with default.ida. This next example would block the IP address you set:

SetEnvIf Remote_Addr "192\.168\.0\.1" !good

Again you notice that it wont log anything coming from that IP.

Enabling PHP in Apache

Enabling PHP in slackware is fairly easy, all you have to do is open /etc/apache/httpd.conf - as SU - and edit 1 line!. Find the line below - it is near the bottom:

#Include /etc/apache/mod_php.conf

Then you just make it look like this:

Include /etc/apache/mod_php.conf

When you restart apache you might want to put a small php script in your htdocs directory and test it. To restart apache:

apachectl graceful

CGI-BIN

See Apache-cgi