Sunday, November 13, 2011

Apache Stuff

Disable modsec for a domain

In apache conf under that user add this:

SecRuleEngine Off
Restart httpd
Install Zend Optimizer
cd /usr/local/src
check latest zendoptimizer
tar -zxf ZendOptimizer-3.0.1-linux-glibc21-i386.tar.gz
cd ZendOptimizer-3.0.1-linux-glibc21-i386
If u still receiving “Zend Optimizer Not Installed” error page, then
SELinux is interfering with Apache’s attempt to access the .so file.
So do this commands
#chcon -t texrel_shlib_t (/usr/local/Zend/
#execstack -c (/usr/local/Zend/
#setenforce 0
then restart httpd and check.
If the issue still persist,
vi /etc/selinux/config
then reboot the server

Prevent SYN attacks

1. Enable SYN cookies mechanism in the server by the executing command:
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
2. Increase the backlog queue to 2048 by the command:
# sysctl -w net.ipv4.tcp_max_syn_backlog=”2048

Round Robin DNS

″Round robin DNS is a technique in which load balancing is performed by a DNS server instead of a strictly dedicated machine. A DNS record has more than one value IP address.
When a request is made to the DNS server which serves this record, the answer it gives alternates for each request. For instance, if you had a three webserver that you wished to distribute requests between, you could setup your DNS zone as follows:
# vi /var/named/
Append/modfiy www entry:
www   IN   A
IN   A

IN   A
IN   A

# /etc/init.d/named restart
When a query is made to the DNS server it will first give the IP of for the www host. The next time a request is made for the IP of www, it will serve and so on.

Run CGI scripts anywhere in the server + Plesk

Server wide :
cd /etc/httpd/conf/
cp -p httpd.conf httpd.conf.bak
vi httpd.conf
uncomment AddHandler cgi-script .cgi
service httpd restart
1. create an .htaccess file in your cgi-bin directory, that file should have the following
AddType text/x-server-parsed-html .html
AddType application/x-httpd-cgi .cgi .pl
Make sure you upload it in ASCII format, not binary.
2 set the permissions on your scripts correctly.. usually to 755

Installation of Java + Apache Ant

cd /opt
mkdir java
cd java
mv jre-6u13* jre-6u13-linux-i586.bin
chmod 755 jre-6u13-linux-i586.bin
/opt/java/jre1.6.0_13/bin/java -version
Installing Ant:
cd /opt
tar -xzf apache-ant-1.7.1-bin.tar.gz
cd apache-ant-1.7.1
export ANT_HOME=/opt/apache-ant-1.7.1
export JAVA_HOME=/opt/java/jre1.6.0_13
export PATH=${PATH}:${ANT_HOME}/bin
echo “export ANT_HOME=/opt/apache-ant-1.7.1″ >> /etc/profile
echo “export JAVA_HOME=/opt/java/jre1.6.0_13″ >> /etc/profile
echo “export PATH=${PATH}:${ANT_HOME}/bin” >> /etc/profile
ln -s /opt/java/jre1.6.0_13/bin/java /etc/alternatives/java
ln -s /etc/alternatives/java /usr/bin/java
Then verify the installation by:
java -version
ant -version
If you are getting the following error while executing : 
ant -version
Unable to locate tools.jar. Expected to find it in /opt/java/jre1.6.0_13/lib/tools.jar
Unable to locate tools.jar. Expected to find it in /opt/java/jre1.6.0_13/lib/tools.jar
cd /opt/java/jre1.6.0_13/lib/
chmod 755 tools.jar

No space left on device: mod_rewrite: could not create rewrite_log_lock

If you are getting “No space left on device: mod_rewrite: could not create rewrite_log_lock”  while restarting apache, then please execute the following commands in shell prompt:
ipcs -s | grep nobody
for i in `ipcs -s | grep nobody | awk ‘{print $2}’`; do ipcrm -s $i; done
Reason: Apache user occupies large number of semaphore arrays.. The above script will remove the semaphore arrays by using ipcrm command

A Simple Rewite Rule

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domainname\.com
RewriteRule ^(.*)$ http://www.domainname/$1

Script for restarting apache at load 10

loadavg=$(uptime | awk -F “.” ‘{ print $1 }’ | awk -F “:” ‘{ print $5 }’)
if [ "$loadavg" -ge "10" ]; then
pkill -9 httpd
sleep 3