17 Nov 2009 Create a temporary “Site Down” notice in Apache
This post describes how to make a “Site down for maintenance” notice using Apache .htaccess and the mod_rewrite module.
I assume you know how to enable the Apache htaccess directive and the mod_rewrite module.
First you need to create a .htaccess file in your root level of your website.
Next you add the following lines to it
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/sitedown.html$
RewriteRule $ /sitedown.html [R=302,L]
The .htaccess file should be “active” immediately and you should see the content of your sitedown.html file. If not, try clearing your browsers cache.
If you as a maintenance user would like to access the site without seeing the sitedown.html file, add the following line to enable IP address exception
RewriteCond %{REMOTE_HOST} !^192\.168\.0\.12
Remember to replace the IP address with your address.
The .htaccess file should now look something like this.
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/sitedown.html$
RewriteCond %{REMOTE_HOST} !^192\.168\.0\.12
RewriteRule $ /sitedown.html [R=302,L]
Just delete the .htaccess file when you are done with your maintenance and your site will be available again.
Posted by Hans-Henry Jakobsen
30 Jan 2009 Enable secure / https SSL login on mediaWiki 1.13.3
This is how I’ve enabled secure SSL login through https on a mediaWiki 1.13.3 installation. This description might work on other versions of mediaWiki, but that has not been tested.
mediWiki doesn’t support SSL login out of the box so a little hack has to be performed.
First you need to tell the webserver, in my case my Apache server that mediaWiki login requests should be redirected to the SSL page
Add the following code lines to your Apache config files or the mediaWiki .htaccess file
Rewrite login url to use httpsRewriteEngine On
RewriteCond %{REQUEST_URI} ^/index.php$
RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R]
Rewrite non login url to use normal http
RewriteEngine On
RewriteCond %{QUERY_STRING} ^(?!title=Special:Userlogin)
RewriteRule ^(.*)$ http://%{SERVER_NAME}$1 [R]
Source: http://wiki.epfl.ch/cfavi/mediawiki
In addition to the above configuration you have to create a PHP script to fix some cookies problems since the cookie was made on an https address but normal surfing is done on http mode.
Create a file named ssl_login.php and insert the following code into it
# Secure the login page.
# Secure cookies hurt us because they are set on the https page
# but inaccessible from the http page, so we lose our previous session.
$wgCookieSecure = false;
# Don't process JavaScript and CSS files.
# Otherwise, a secure page will be tagged as "partially secure" because these
# files are being hit via http.
if (checkQS('gen', 'js')) {return;}
if (checkQS('gen', 'css') || checkQS('ctype', 'text/css')) {return;}
# Get page title from query string.
$pageTitle = array_key_exists('title', $_GET)
? $_GET['title']
: "";
# Get server variables
$domain = $_SERVER['HTTP_HOST'];
$uri = $_SERVER['REQUEST_URI'];
# Are we on the sign-in page or not?
# Logic works for everything except Special pages which apparently don't
# even run LocalSettings.php.
$onSignInPage = false;
$signInPageName = 'special:userlogin'; // lowercase on purpose
if ( strtolower($pageTitle) == $signInPageName ) {
$onSignInPage = true;
} elseif ( strstr(strtolower($uri), "/$signInPageName") ) {
$onSignInPage = true;
} else {
$onSignInPage = false;
}
# Secure only the Special:Userlogin page.
# Un-secure all other pages.
if ( !checkServerVariable('HTTPS', 'on') && $onSignInPage ) {
header('Location: https://' . $domain . $uri);
} elseif ( checkServerVariable('HTTPS', 'on') && ! $onSignInPage ) {
header('Location: http://' . $domain . $uri);
} else {
// nothing
}
function checkQS($key, $value) {
return checkArrayValue($_GET, $key, $value);
}
function checkServerVariable($var, $value) {
return checkArrayValue($_SERVER, $var, $value);
}
function checkArrayValue($arr, $key, $value) {
return array_key_exists($key, $arr) && $arr[$key] == $value;
}
Include this file in your LocalSettings.php file like this
# Fix to use SSL login include '/full/path/to/htdocs/ssl_login.php';
Source: http://www.mediawiki.org/wiki/Manual:Configuration_tips_and_tricks#HTTPS_on_Login_only
Remember to restart your apache webserver to see the changes.
Tags: .htaccess, Apache, https, MediaWiki, PHP, SSL
Posted by Hans-Henry Jakobsen
03 Sep 2008 Using vlogger to split Apache logs
Vlogger is a program that handles large amounts of virtualhost logs and splits it to separate files.
This is a short HOWTO to configure it using Apache.
Install vlogger in debian etch
# aptitude install vlogger
Make sure you have working Apache server
Configuring vlogger
Change the LogFormat line (there are multiple LogFormat lines – in this example we will change the one that is named combined) in /etc/apache2/apache2.conf. We must add the string %v at the beginning of it
vi /etc/apache2/apache2.conf
#LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
LogFormat “%v %h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
Add the following CustomLog line to the same file (you can put it directly after the LogFormat line)
vi /etc/apache2/apache2.conf CustomLog “| /usr/sbin/vlogger -s access.log /var/log/apache2″ combined
NOTE
We only need one CustomLog directive in our whole Apache configuration. Please disable all other CustomLog directives, especially in your virtual host configurations.
Restart apache
# /etc/init.d/apache2 restart
Vlogger will now create subdirectories in the /var/log/apache2 directory, one per virtual host, and create access logs that contain the current date in the file name. It will also create a symlink called access.log that points to the current log file.
Let’s assume we have two virtual hosts, www.example1.com and www.example2.com. Then this is how the /var/log/apache2 directory will look like:
# ls /var/log/apache2/ www.example1.com/ 09022008-access.log 09012008-access.log access.log -> 09022008-access.log www.example2.com/ 09022008-access.log 09012008-access.log access.log -> 09022008-access.log
Posted by Hans-Henry Jakobsen
21 Feb 2008 Apache web connections pr hour
This is a bash oneliner to show Apache web connections pr hour. It lists up the IPs that has accessed your webserver and the amount og accesses.
# cat /var/log/apache2/access_log_pario.no | grep "21/Jan/2008:.." | awk {' print $4":"$1 '} | sed 's/\[//g' | awk -F : {' print $1":"$2"\t\t"$5 '} | sort | uniq -c
Example output
37 21/Jan/2008:00 192.168.0.10
This shows that I had 37 hits from 00:00 – 01:00 in 20th February 2008.
Tags: Apache, awk, bash, grep, sed
Posted by Hans-Henry Jakobsen
09 Nov 2007 Shortening Apache Configs using mod_macro
It is possible to use macros in the Apache config files to shorten them and make them easier to read and manage. To use this you have to install mod_macro if it’s not already installed in your distribution.
Sample mod_macro usage
<Macro VHost $customer $domain>
<VirtualHost $domain:80>
ServerName $domain
ServerAlias www.$domain
DocumentRoot /vaw/www/$customer/htdocs/$domain/
ScriptAlias /cgi-bin/ /var/www/$customer/cgi-bin/
ErrorLog /var/log/apache/$customer/logs/$domain-error.log
CustomLog /var/log/apache/$customer/logs/$domain-access.log combined
<Directory /var/www/$customer/cgi-bin/>
Options ExecCGI,noIndexes
</Directory>
</VirtualHost>
</Macro>
Use VHost customer_A example.com
Use VHost customer_B example.net
Use VHost customer_C example.org
Another example
<Macro PasswordProtect> AuthName "Restricted area" AuthType Basic AuthUserFile /var/www/.htpasswd require valid-user </Macro> <Directory /var/www/domain/htdocs> Options Indexes </Directory> <Directory /var/www/domain/htdocs/internal> Use PasswordProtect Options -Indexes </Directory> <Directory /var/www/domain/htdocs/downloads> Use PasswordProtect Options +FollowSymLinks </Directory>
More info can be found on the mod_macro website.
Posted by Hans-Henry Jakobsen
