new apache cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts....
TRANSCRIPT
![Page 2: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/2.jpg)
Table of ContentsSSL vhostsRewrite based on query stringPreventing “image theft”Logging more informationLogging to syslogWebDAVPreventing malicious requests with mod_securityEnabling PHPMass virtual hostingCustomized error messagesURL handler (“rewrite everything”)Fancy directory listingsCaching dynamic content/server-info goodness/server-status goodnessUserDir without the ~
![Page 3: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/3.jpg)
Recipes
On CD
At http://people.apache.org/~rbowen/presentations/apache_coobook_recipes.tar.gz
3
![Page 4: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/4.jpg)
Caveat: Versions2.2 is the current version of Apache
With any luck, by the end of the year, 2.4 will be the current version of Apache
If you are running 1.3, you really should upgrade
Some, not all, of these recipes will work in 2.0
4
![Page 5: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/5.jpg)
SSL vhosts
Multiple SSL hosts, one IP address
5
![Page 6: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/6.jpg)
Problem
One SSL cert per IP address
Certificate is negotiated before the HOST: header is sent
6
![Page 7: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/7.jpg)
Solution
Three options:
Wildcard certificate
Get more IP addresses
Ignore the error messages
7
![Page 8: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/8.jpg)
Wildcard certificate
Costs $$$
Works for *.domain.tld
Cannot span multiple domains
Set up name-based vhosts the normal way
8
![Page 9: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/9.jpg)
Wildcard certificate
9
NameVirtualHost *:443
# Wildcard certificate for *.domain.comSSLCertificateFile /var/www/conf/server.crtSSLCertificateKeyFile /var/www/conf/server.key
<VirtualHost *:443>ServerName one.domain.comDocumentRoot /var/www/one/htdocsSSLEngine On
</VirtualHost>
<VirtualHost *:443>ServerName two.domain.comDocumentRoot /var/www/two/htdocsSSLEngine On
</VirtualHost>
01_wildcard_cert
![Page 10: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/10.jpg)
Multiple IP addresses
This is the best solution
Not always an option
10
![Page 11: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/11.jpg)
Multiple IP addresses
11
<VirtualHost 172.20.4.10:443>ServerName one.domain.comDocumentRoot /var/www/one/htdocs
SSLCertificateFile /var/www/conf/one.crtSSLCertificateKeyFile /var/www/conf/one.key
SSLEngine On</VirtualHost>
<VirtualHost 172.20.4.11:443>ServerName two.domain.comDocumentRoot /var/www/two/htdocs
SSLCertificateFile /var/www/conf/two.crtSSLCertificateKeyFile /var/www/conf/two.key
SSLEngine On</VirtualHost>
02_ssl_hosts
![Page 12: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/12.jpg)
Ignore errors
SSL cert will be valid for only one hostname
Other named vhosts will be encrypted
Browser will report that the cert doesn’t match the hostname
SSL is encryption + validation. You’re losing the validation.
12
![Page 13: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/13.jpg)
Ignore the errors
13
NameVirtualHost *:443
# Certificate for one.domain.comSSLCertificateFile /var/www/conf/one.crtSSLCertificateKeyFile /var/www/conf/one.key
<VirtualHost *:443>ServerName one.domain.comDocumentRoot /var/www/one/htdocsSSLEngine On
</VirtualHost>
# Will be secure, but will generate errors<VirtualHost *:443>ServerName two.domain.comDocumentRoot /var/www/two/htdocsSSLEngine On
</VirtualHost>
03_ssl_vhosts
![Page 14: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/14.jpg)
Other options
Efforts are underway to escape this limitation
Browser support is the big hurdle
14
![Page 15: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/15.jpg)
Rewrite based on QUERY_STRING or
PATH_INFOSometimes what gets asked is:
15
“I want to forbid access if the QUERY_STRING doesn’t contain
foo=bar”
![Page 16: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/16.jpg)
Rewrite by QUERY_STRING
The sensible solution would be to handle this in your script/handler/program
But, if that’s not an option, mod_rewrite might be a good choice
16
![Page 17: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/17.jpg)
Problem
RewriteRule doesn’t have access to the QUERY_STRING
Only the URI - the bit after http://hostname.com and before the ? - is accessible to RewriteRule
17
![Page 18: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/18.jpg)
Solution
RewriteCond has access to the entire requested URL, and any other server variables
18
RewriteCond %{VARIABLE} regex
![Page 19: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/19.jpg)
RewriteCond
Does the QUERY_STRING contain foo=bar
19
RewriteCond %{QUERY_STRING} foo=barRewriteRule ^ - [F]
04_query_string
![Page 20: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/20.jpg)
^ rather than .*
^ means “starts with”
All strings start, even empty strings.
Thus, all strings match ^
^ is more efficient than .*
20
![Page 21: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/21.jpg)
BackreferencesOr, you can do a rewrite based on the value of the QUERY_STRING
21
RewriteCond %{QUERY_STRING} user=(.+)\bRewriteRule (.*) /home/%1/www$1
05_query_string
![Page 22: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/22.jpg)
More frequently ...
People want to map http://example.com/one/two/three to http://example.com/something.php?a=one&b=two&c=three
22
![Page 23: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/23.jpg)
See also
Upcoming recipe “URL Handler”
Not quite the same, but many similar techniques
23
![Page 24: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/24.jpg)
PATH_INFOEverything after the final / is the path info
“Final /” refers to the / following an actual file or resource
24
http://example.com/index.php/one/two/three
![Page 25: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/25.jpg)
PATH_INFO
The trick is to figure out which bit is a valid resource, and which bit is PATH_INFO
Two approaches
25
![Page 26: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/26.jpg)
URL Prefix
http://example.com/prefix/one/two/three
You know that only URLs starting with prefix need special attention
26
RewriteRule ^/prefix(.*) \ /handler.php?args=$1
06_rewrite
![Page 27: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/27.jpg)
File existanceCheck to see if the requested file exists
If not, rewrite
May interfere with other rewrite matches
27
RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule (.*) /handler.php?args=$1
07_rewrite
![Page 28: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/28.jpg)
Caveats
May need to prepend a directory path
Still need to do something useful with the value of $1, if you want it to be split into args.
28
RewriteCond \/var/www%{REQUEST_FILENAME} !-f
![Page 29: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/29.jpg)
The full recipe
29
RewriteRule ^/prefix/([^/]+)/([^/]+) \ /handler.php?one=$1&two=$2 [PT,L]
08_rewrite
![Page 30: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/30.jpg)
Caveats
Exactly two arguments
No more, no less
Perhaps you want this to be more flexible?
30
![Page 31: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/31.jpg)
More flexible
Matches are now optional
Arguments will be passed null - just ignore them in handler.php, or check for null values and take appropriate measures
31
RewriteRule ^/prefix/([^/]+)?/?([^/]+)? \ /handler.php?one=$1&two=$2 [PT,L]
09_rewrite
![Page 32: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/32.jpg)
More arguments
This technique can be repeated for up to 9 arguments.
$1 - $9
$10 is not available
32
![Page 33: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/33.jpg)
Preventing image theft
“Image theft” is the term used for other sites embedding your images in their pages.
Ideally, you want to forbid having your images in any pages but your own
There are several ways to accomplish this
33
![Page 34: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/34.jpg)
SetEnvIf
SetEnvIf is provided by mod_setenvif
Sets environment variables if certain conditions are met
34
![Page 35: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/35.jpg)
SetEnvIf
35
SetEnvIf Referer “^http://myhost\.com” localref=1<FilesMatch "\.(gif|jpg|png)"> Order Deny,Allow
Deny from all Allow from env=localref</FilesMatch>
10_image_theft
![Page 36: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/36.jpg)
ProblemSome browsers don’t set the Referer value
36
SetEnvIf Referer “^http://myhost\.com” localref=1SetEnfIf Referer “^$” localref=1
<FilesMatch "\.(gif|jpg|png)"> Order Deny,Allow
Deny from all Allow from env=localref</FilesMatch>
11_image_theft
![Page 37: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/37.jpg)
mod_rewriteOr, you could do it with a RewriteRule
37
RewriteEngine onRewriteCond %{HTTP_REFERER} !=""RewriteCond %{HTTP_REFERER} !example\.com [NC]RewriteRule \.(jpe?g|gif|png)$ - [F,NC]
11_image_theft
![Page 38: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/38.jpg)
But, more usefully
If you’re just going to fail the request, use SetEnvIf. It’s more efficient
But if you wanted to do something more interesting ...
38
![Page 39: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/39.jpg)
Redirect the request
39
RewriteEngine onRewriteCond %{HTTP_REFERER} !=""RewriteCond %{HTTP_REFERER} !example\.com [NC]RewriteCond %{REQUEST_URI} !go_away.pngRewriteRule \.(jpe?g|gif|png)$ /images/go_away.png [NC,L]
13_image_theft
![Page 40: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/40.jpg)
Or ...
40
RewriteEngine onRewriteCond %{HTTP_REFERER} !=""RewriteCond %{HTTP_REFERER} !example\.com [NC]RewriteRule \.(jpe?g|gif|png)$ \
http://othersite.com/images/unsavory.jpg [NC,R]
14_image_theft
![Page 41: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/41.jpg)
Logging more information
The standard log file is sometimes not sufficient.
This recipe shows you how to get a little more information
41
![Page 42: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/42.jpg)
mod_log_config
Variables available for other values
Always use ‘combined’ rather than ‘common’
42
![Page 43: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/43.jpg)
combined
43
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" \ combinedCustomLog logs/access_log combined
15_combined
![Page 44: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/44.jpg)
Additional variables
http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
Most of the actual useful variables are already in ‘combined’
Most log analysis packages understand the ‘combined’ format
44
![Page 45: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/45.jpg)
Important variables%{something}C - the value of the ‘something’ cookie
%{something}i - the ‘something’ request (input) header
%{something}o - the ‘something’ response (output) header
%q - The query string
and ...
45
![Page 46: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/46.jpg)
mod_logio
%b gives the size of the response in bytes
Does not include headers
Does not include the request
mod_logio gives both of these
46
![Page 47: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/47.jpg)
mod_logio
%I - total size of request (Input) in bytes
%O - total size of response (Output) in bytes
Includes headers in each case.
47
![Page 48: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/48.jpg)
mod_dumpio
http://httpd.apache.org/docs/2.2/mod/mod_dumpio.html
Dumps all input and output to the error log
48
# DumpIOLogLevel notice (2.3)DumpIOInput OnDumpIOOutput On
16_dumpio
![Page 49: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/49.jpg)
mod_log_forensic
http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html
Logs at the start, end of a request
Uses unique IDs to match the two
check_forensic script alerts you to requests that did not complete
49
![Page 50: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/50.jpg)
LogLevel
LogLevel changes the level at which error messages are emitted
Can increase/decrease the volume of your error_log
In practice, this seldom adds useful information
50
![Page 51: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/51.jpg)
RewriteLog
Should always turn on the RewriteLog when RewriteRules aren’t doing what you expect them to do
Can only be turned on in main config, not in .htaccess files
51
![Page 52: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/52.jpg)
RewriteLog
52
RewriteLog logs/rewrite_logRewriteLogLevel 9
17_rewritelog
![Page 53: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/53.jpg)
Other logs
suexec
SSL
53
![Page 54: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/54.jpg)
Logging to syslog
“Offsite” logs, in the event of catastrophe
Multiple servers logging to the same place
54
![Page 55: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/55.jpg)
ErrorLog
55
ErrorLog syslog...
ErrorLog syslog:local0
![Page 56: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/56.jpg)
Then, in /etc/syslog.conf
56
local0.* /var/log/error_log...
local1.* @192.168.1.22:32376
![Page 57: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/57.jpg)
access_log
mod_log_config doesn’t log to syslog
Have to use piped log handlers
57
![Page 58: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/58.jpg)
Solution
Where the script looks like:
58
CustomLog |/usr/bin/apache_syslog combined
#!/usr/bin/perluse Sys::Syslog qw( :DEFAULT setlogsock );
setlogsock('unix');openlog('apache', 'cons', 'pid', 'user');
while ($log = <STDIN>) { syslog('notice', $log);}
18_perl_syslog
![Page 59: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/59.jpg)
...
Sys::Syslog is a standard Perl module, so you already have it installed
Piped logging is a standard feature
Script is started at server startup and remains running for the life of the server
59
![Page 60: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/60.jpg)
WebDAV
Network filesystem over HTTP (or HTTPS)
Manage your web content
Access your files from anywhere
Impress your friends
60
![Page 61: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/61.jpg)
DAV
Distributed
Authoring
Versioning
61
![Page 62: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/62.jpg)
Modulesmod_dav
mod_dav_fs
62
./configure --enable-modules=most \ --enable-mods-shared=all \ --enable-dav --enable-dav-fs
19_dav_configure
![Page 63: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/63.jpg)
Recipe
63
DavLockDb dav/davlock
Alias /dav /var/www/dav<Directory /var/www/dav> Dav On</Directory>
20_dav
![Page 65: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/65.jpg)
Client applications
Most modern operating systems
cadaver - Simple command-line application
NetDrive - Windows
DavExplorer - Java
65
![Page 66: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/66.jpg)
For More Information
Thursday morning
Bill Rowe
http://www.eu.apachecon.com/program/talk/39
66
![Page 67: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/67.jpg)
Caveat
Files must be writeable by the Apache user
This makes most of us VERY uncomfortable
67
![Page 68: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/68.jpg)
SolutionRun two Apache instances, with different permissions:
Instance 1, runs as apache.apache, content owned by dav.dav
Instance 2, runs as dav.dav, has access to these directories
Instance 2 runs over SSL, and is authenticated
68
![Page 69: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/69.jpg)
Like ...
69
User apacheGroup apacheDocumentRoot /var/www
User davGroup davDocumentRoot /var/www<Directory /var/www> Dav On</Directory>
/var/www> ls -lad .drwxrwxr-x 9 dav dav 306 Mar 23 22:42 .
12
![Page 70: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/70.jpg)
Preventing malicious requests with mod_security
modsecurity.org
Apache module to do request filtering
70
![Page 71: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/71.jpg)
New syntax
Syntax has changed considerably in mod_security 2, so some of these recipes might not work quite as expected, depending on what version you’re using.
71
![Page 72: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/72.jpg)
Core rules
Download the core rules from http://modsecurity.org/download/index.html
Try to understand before using - this will avoid blocking desirable traffic
72
![Page 73: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/73.jpg)
Basic Configs
Turn on the engine
Enable scanning of request body
73
# Basic configuration optionsSecRuleEngine OnSecRequestBodyAccess OnSecResponseBodyAccess Off
21_security
![Page 74: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/74.jpg)
Trivial example
74
# Trivial SQL blocking ruleSecDefaultAction \ log,auditlog,deny,status:403,phase:2,t:lowercaseSecRule REQUEST_URI|QUERY_STRING insert
phase:2 indicates that this runs after URL mapping. phase:1 runs before URL mapping. t:lowercase lowercases the variable before comparison is applied 22_security
![Page 75: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/75.jpg)
SecRule
ACTIONS is optional - SecDefaultAction will be used
Use multiple variables like REQUEST_URI|ARGS|QUERY_STRING
OPERATOR is a regex match, by default
75
SecRule VARIABLES OPERATOR [ACTIONS]
![Page 76: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/76.jpg)
More complex example
76
# file injectionSecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)" \ "capture,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Remote File Access Attempt.',severity:'2'"
23_security
![Page 77: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/77.jpg)
Note:
mod_security is extremely powerful
mod_security 2 adds a huge amount of new functionality and flexibility
I’m just beginning to learn it, so you should go to the mailing lists with your questions
http://modsecurity.org/
77
![Page 78: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/78.jpg)
Enabling PHP
There’s a certain amount of disagreement about the Right Way to do this
So, if there’s any confusion, you should keep in mind one important rule of thumb
78
![Page 79: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/79.jpg)
Rich is Right
79
![Page 80: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/80.jpg)
Now that we’ve got that out of the way ...
80
![Page 81: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/81.jpg)
AddType
AddType associates a MIME type with a file extension
It tells the browser how to display a particular type of content
e.g. image/gif files should use the GIF rendering engine, and application/pdf files should use Adobe Acrobat
81
![Page 82: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/82.jpg)
AddType
82
AddType image/gif .gif
![Page 83: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/83.jpg)
AddHandler
AddHandler tells the server how to process a certain type of file
Calls a Handler which does something to the file before passing it along to the client
83
![Page 84: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/84.jpg)
AddHandler
84
AddHandler cgi-script .cgi
![Page 85: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/85.jpg)
PHP
PHP is a handler
However, PHP predates the AddHandler directive, and so uses the AddType directive
This is a grotty hack, and should be shunned
85
![Page 86: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/86.jpg)
The right way:
86
AddHandler application/x-httpd-php .php
![Page 87: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/87.jpg)
The other way
87
AddType application/x-httpd-php .php
![Page 88: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/88.jpg)
Multiple file extensionsIn either case, multiple file extensions can cause problems.
foo.php.txt
With php as a handler, it will still be executed
With php as a mime type, it will lose its text/plain attribute
88
![Page 89: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/89.jpg)
Discussion
They both work
Since it’s a handler, I recommend using AddHandler
Rasmus disagrees
89
![Page 90: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/90.jpg)
LoadModule
Must also ensure that the php module is loaded:
90
LoadModule php5_module modules/libphp5.so
![Page 91: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/91.jpg)
Testing
91
<?php phpinfo(); ?>
![Page 92: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/92.jpg)
92
![Page 93: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/93.jpg)
Mass Virtual Hosting
Several ways to do it
Most of them are icky
Don’t do this unless you really need to
93
![Page 94: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/94.jpg)
When?
When you have LOTS of vhosts
Most of us don’t have that many vhosts
Most of us are better of just making <VirtualHost> blocks
94
![Page 95: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/95.jpg)
IncludePut each vhost in its own file
Include them
000Default.conf
ZZZWildcard.conf
95
Include conf/vhosts/*.conf
![Page 96: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/96.jpg)
mod_vhost_alias
Comes with Apache
Very well documented
Rather limiting
96
![Page 97: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/97.jpg)
mod_vhost_alias
Substitutes bits of the hostname into the directory path, using templates, like ...
97
![Page 98: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/98.jpg)
98
# %0 gives you the entire hostname:
VirtualDocumentRoot /var/www/%0
# www.example.com maps to# /var/www/www.example.com
24_vhost_alias
![Page 99: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/99.jpg)
99
# %1 gives you the first part of the hostname:
VirtualDocumentRoot /var/www/%1
# www.example.com maps to# /var/www/www
25_vhost_alias
![Page 100: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/100.jpg)
100
# %2 gives you the second part of # the hostname:
VirtualDocumentRoot /var/www/%2
# www.example.com maps to# /var/www/example
26_vhost_alias
![Page 101: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/101.jpg)
101
# %3 gives you the third part of # the hostname:
VirtualDocumentRoot /var/www/%3
# www.example.com maps to# /var/www/com
27_vhost_alias
![Page 102: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/102.jpg)
102
# And so ...
VirtualDocumentRoot /var/www/%1/%2/%3
# www.example.com maps to# /var/www/www/example/com
28_vhost_alias
![Page 103: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/103.jpg)
103
# -1, -2, -3 counts from the rightVirtualDocumentRoot /var/www/%-1/%-2
# www.example.com maps to# /var/www/com/example
29_vhost_alias
![Page 104: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/104.jpg)
104
# m.n lets you choose particular lettersVirtualDocumentRoot \
/var/www/%-2.1/%-2.2/%-2.3+
# www.example.com maps to# /var/www/e/x/ample
30_vhost_alias
![Page 105: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/105.jpg)
105
# likewise ...VirtualScriptAlias \
/var/www/%-2.1/%-2.2/%-2.3+/cgi
# /cgi-bin maps to the directory# /var/www/e/x/ample/cgi# for www.example.com
31_vhost_alias
![Page 106: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/106.jpg)
Advantages
Don’t have to restart to add a new vhost
All your vhosts are identical and predictable
106
![Page 107: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/107.jpg)
Caveats
All your vhosts must be identical
You can’t intermix vhost_alias vhosts and regular vhosts on the same IP address
mod_alias and mod_userdir always override vhost_alias directives
107
![Page 108: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/108.jpg)
Vhosts with mod_rewrite
108
RewriteEngine OnRewriteCond %{HTTP_HOST} \ ^([^.])\.example\.comRewriteRule (.*) /var/www/%1$1
32_vhost_rewrite
![Page 109: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/109.jpg)
Disadvantages
May cause interactions with other RewriteRules (like in .htaccess files) that may cause breakage.
109
![Page 110: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/110.jpg)
Customized Error Messages
Override the default boring error responses
Less jarring to the user
Give them useful information or links
110
![Page 111: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/111.jpg)
ErrorDocument
111
ErrorDocument 404 /errors/404.html
![Page 112: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/112.jpg)
Not always an error message
Can be used as a “default document” when something is not found
ErrorDocument 404 /index.html
ErrorDocument 401 /register.html
112
![Page 113: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/113.jpg)
Embedded logic
Can contain basic embedded logic using SSI
See extras/httpd-multilang-errordoc.conf for extended example
113
![Page 114: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/114.jpg)
Embedded logic
114
Alias /error /www/error<Directory /www/error> Options IncludesNoExec AddOutputFilter Includes html</Directory>ErrorDocument 404 /error/404.html
33_errordoc
![Page 115: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/115.jpg)
Then 404.html is ...
115
<html><head><title>Not Found</title></head><body><!--#if expr=”HTTP_REFERER” -->The link from <!--#echo var=”HTTP_REFERER” --> appears to be bad.<!--#else -->The URL you entered could not be found here.<!--#endif --></body></html>
34_404
![Page 116: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/116.jpg)
URL Handler (“Rewrite Everything”)
One content handler for all requests
116
![Page 117: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/117.jpg)
Recipe
117
RewriteEngine OnRewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteCond $1 !=/handler.phpRewriteRule (.*) /handler.php [PT]
35_rewrite
![Page 118: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/118.jpg)
handler.php
handler.php would know what was actually requested by looking at $_SERVER[‘REQUEST_URI’]
Other files (images, css, static files) are served as normal, due to the -f test.
118
![Page 119: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/119.jpg)
ErrorDocument
Can also be done with an ErrorDocument
ErrorDocument 404 /handler.php
HOWEVER, ErrorDocuments can’t receive POST data, so this is a rather limited solution
119
![Page 120: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/120.jpg)
Fancy Directory Listings
Auto directory listings are ugly
It would be nice to have more control over them
120
![Page 121: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/121.jpg)
Suppress unwanted columns
121
IndexOptions SuppressLastModified \ SuppressDescription
36_indexoptions
![Page 122: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/122.jpg)
Insert “wrapper” html
122
IndexOptions SuppressHTMLPreambleHeaderName /style/header.htmlReadmeName /style/footer.html
37_indexoptions
![Page 123: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/123.jpg)
Wrapper
123
<html><head><title>Directory Listing</title></head><body>
</body></html>
... Listing goes here ...
38_header
39_footer
![Page 124: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/124.jpg)
CSS
124
IndexStyleSheet "/css/style.css"
40_css
![Page 125: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/125.jpg)
Caching Dynamic Content
Much of your ‘dynamic’ content doesn’t change very often
Cache it to improve performance
125
![Page 126: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/126.jpg)
Warning
Caching dynamic content, by definition, causes stale content to be served
Note that “private” content will not (usually) be cached
126
![Page 127: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/127.jpg)
Cache for 10 minutes
127
CacheRoot /usr/local/apache/cacheCacheEnable disk /CacheDirLevels 5CacheDirLength 3
# Cache stuff for 10 minutesCacheDefaultExpire 600CacheIgnoreCacheControl On
41_cache
![Page 128: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/128.jpg)
Cleaning the cache
There are two ways to clear the cache
Depending on how much you care ...
128
![Page 129: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/129.jpg)
htcacheclean
Cleans up your cache periodically
Can specify an upper limit on size
-t deletes empty directories (in the cache)
129
htcacheclean -d 10 \ -p /var/cache/apache -l 50M \ -t
![Page 130: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/130.jpg)
httacheclean
Runs every 10 minutes (or whatever you specify)
Keeps cache below 50M (or whatever ...)
Purges older content first
130
![Page 131: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/131.jpg)
rm -rf
If you don’t care about gradually expiring content, just delete everything in the cache directory
Faster - if you need to quickly purge the cache
131
![Page 132: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/132.jpg)
/server-info goodness
mod_info gives useful information about your server configuration
132
![Page 133: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/133.jpg)
Configuration
133
<Location /server-info> SetHandler server-info # Order deny,allow # deny from all # allow from 192.168</Location>
![Page 134: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/134.jpg)
Security considerations
Should protect this resource
Don’t give crackers additional information
134
![Page 135: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/135.jpg)
/server-info
135
![Page 136: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/136.jpg)
/server-info?config
136
![Page 137: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/137.jpg)
?configIncludes Include’ed files
Shows line numbers, file names
137
![Page 138: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/138.jpg)
?config
Particularly useful on third-party distros of Apache with unfamiliar config file layout
Locate overlapping or conflicting configuration settings
138
![Page 139: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/139.jpg)
?server
139
![Page 140: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/140.jpg)
?server
Equivalent to httpd -V
140
![Page 141: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/141.jpg)
?list
141
![Page 142: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/142.jpg)
?hooks
142
![Page 143: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/143.jpg)
And if you select one ...
That’s ?mod_log_config.c
143
![Page 144: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/144.jpg)
/server-status goodness
Displays the current status of the server
Also some basic statistical reports
144
![Page 145: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/145.jpg)
Configuration
145
<Location /server-status> SetHandler server-status # Order deny,allow # deny from all # allow from 192.168</Location>
![Page 146: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/146.jpg)
Security
As with /server-info, protect
Also, reveals what users are looking at what content
146
![Page 147: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/147.jpg)
ExtendedStatus
ExtendedStatus On
Gives more information
147
![Page 148: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/148.jpg)
/server-status
148
![Page 149: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/149.jpg)
Or, more interesting ...
149
![Page 150: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/150.jpg)
ExtendedStatus
150
![Page 151: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/151.jpg)
/server-status?autoMachine-readable
Useful for things like mrtg
151
![Page 152: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/152.jpg)
Example mrtg script
152
#!/usr/bin/perluse LWP::Simple;$content = get("http://localhost/server-status?auto");
$content =~ m/BusyWorkers: (\d+)/s;print $1 . "\n";$content =~ m/IdleWorkers: (\d+)/s;print $1 . "\n";
42_mrtg
![Page 153: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/153.jpg)
/server-status?refresh=4
Automatically refreshes every N seconds
Or, combine them:
Not sure what that’s useful for ...
153
http://rocinante.rcbowen.com/server-status?auto&refresh=2
![Page 154: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/154.jpg)
UserDir without the ~
Using mod_rewrite to create a per-user URL, without the ~
154
![Page 155: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/155.jpg)
Problem
We want:
To work the same as:
155
http://example.com/username/foo
http://example.com/~username/foo
![Page 156: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/156.jpg)
But
Somehow, ...
still needs to work properly
156
http://example.com/not-a-username/foo
![Page 157: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/157.jpg)
-d
157
RewriteEngine On
# If that home directory exists ...RewriteCond /home/$1 -dRewriteRule ^/([^/]+)/(.*) /home/$1/www/$2
43_userdir
![Page 158: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/158.jpg)
How this works
That’s right, $1 is used in the RewriteCond before it is defined in the RewriteRule
Pretty cool, hmm?
158
RewriteEngine OnRewriteCond /home/$1 -dRewriteRule ^/([^/]+)/(.*) /home/$1/www/$2
![Page 159: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/159.jpg)
Huh?
RewriteRules are always evaluated before the corresponding RewriteConds
You can watch this in the RewriteLog:
159
![Page 160: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/160.jpg)
160
(3) applying pattern '^/([^/]+)/(.*)' to uri '/rbowen/index.html'(4) RewriteCond: input='/home/rbowen' pattern='-d' => matched(2) rewrite '/rbowen/index.html' -> '/home/rbowen/www/index.html'(2) local path result: /home/rbowen/www/index.html(1) go-ahead with /home/rbowen/www/index.html [OK]
http://example.com/rbowen/index.html
![Page 161: New Apache Cookbookdrbacchus.com/files/apache-cookbook.pdf · 2020. 2. 14. · 02_ssl_hosts. Ignore errors SSL cert will be valid for only one hostname Other](https://reader034.vdocuments.net/reader034/viewer/2022052105/604085ba57e98b676f33632b/html5/thumbnails/161.jpg)
That’s all, folks
http://people.apache.org/~rbowen/
161