Master In Apache

This document will help you to become master in Apache by providing advanced configuration techniques.

 

Point 1) GoAccess Utility for Real-Time Log Analysis on WebBrowser

sudo apt-get install goaccess goaccess /var/log/apache2/access.log --log-format=COMBINED --real-time-html -o /var/www/html/report.html http://localhost/report.html

Point 2) Netstat Utility for Active Network Connections

sudo netstat -tnp | grep :80

Point 3) top or htop for System-Level Monitoring

htop -p $(pgrep -d',' -f apache2)

Point 4) Apache Access Logs with multiple Filter

sudo tail -f /var/log/apache2/access.log | grep "GET"

Point 5) mod_status for Real-Time Server Stats

sudo a2enmod status vim /etc/apache2/apache2.conf or /etc/apache2/site-available/singledomain.conf <Location /server-status> SetHandler server-status Require host example.com # Or allow all IPs to access it # Require all granted </Location> sudo systemctl restart apache2 http://your-server-name/server-status

Point 6) Limit Access to Specific IPs (Deny All, Allow Specific)

<Directory /var/www/html> Order Deny,Allow Deny from all Allow from 192.168.1.100 Allow from 203.0.113.0/24 </Directory>

Point 7) Force Apache to Reload Configuration Without Restarting

sudo apachectl graceful

Point 8) Set Up Downloading Speed Limiting with mod_ratelimit

sudo a2enmod ratelimit sudo vim /etc/apache2/sites-available/000-default.conf <Directory "/var/www/html"> SetOutputFilter RATE_LIMIT SetEnv rate-limit 400 #This will limit the bandwidth to 400 bytes per second. </Directory>

Point 9) Generate SSL Certificates with openssl

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/yourdomain.key -out /etc/ssl/certs/yourdomain.crt

Point 10) Setting up Basic Authentication for Website

flag -c use for new file only htpasswd -c /etc/apache2/.htpasswd subhash Add Following In /var/www/html/.htaccess AuthType Basic AuthName "Restricted Area" AuthUserFile /etc/apache2/.htpasswd Require valid-user Add Following In /etc/apache2/sites-available/000-default.conf <Directory /var/www/html> AllowOverride All </Directory> sudo systemctl restart apache2

Point 11) Using Fail2Ban: Block User if they hit website URL 100 times with in a min.

##Installation and Configuration on Ubuntu: sudo apt update sudo apt install fail2ban sudo systemctl start fail2ban sudo systemctl enable fail2ban sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local a) Create a new filter file and add following /etc/fail2ban/filter.d/apache-request-limit.conf. [Definition] failregex = ^<HOST> -.*"GET.* HTTP.*" [0-9]{3} [0-9]{1,}.*$ b) we'll add a new jail in /etc/fail2ban/jail.local [apache-request-limit] enabled = true port = http,https filter = apache-request-limit logpath = /var/log/apache2/access.log maxretry = 100 bantime = 3600 findtime = 60 sudo systemctl restart fail2ban sudo fail2ban-client status apache-request-limit

Point 12) Redirect IP To Domain
 

RewriteEngine On RewriteCond %{HTTP_HOST} ^100\.100\.45\.100 RewriteRule (.*) http://tech2towards.com/$1 [R=301,L]

Point 13) Setting Up Reverse Proxy For Root Directory

sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests sudo systemctl restart apache2 #Add Following Proxy Syntax In Virtual Host ProxyPreserveHost On ProxyPass / http://127.0.0.1:8081/ ProxyPassReverse / http://127.0.0.1:8081/

Point 14) Setting Up Reverse Proxy For Multiple Directory

sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests sudo systemctl restart apache2 ProxyPreserveHost On ProxyPass /Backend http://127.0.0.1:3000/ ProxyPassReverse /Backend http://127.0.0.1:3000/ <Proxy http://127.0.0.1:3000> Require all granted Options none </Proxy> --------------------------------------------------------------------------------- ProxyPass /Frontend http://127.0.0.1:4000/ ProxyPassReverse /Frontend http://127.0.0.1:4000/ <Proxy http://127.0.0.1:4000> Require all granted Options none </Proxy>

Point 15) Redirect Domain HTTP to HTTPS

RewriteEngine on RewriteCond %{SERVER_NAME} =tech2towards.tech RewriteCond %{SERVER_NAME} =www.tech2towards.tech RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Point 16) Redirect WWW To Non-WWW in Apache

RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com [NC] RewriteRule ^(.*)$ https://yourdomain.com$1 [L,R=301]

Point 17) Redirect Non-WWW To WWW in Apache

RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]

Point 18) Allow Sub-Directory Access With Complete HTTP Virtual Host

<VirtualHost *:80> ServerName example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

Point 19) HTTPS virtual host

sudo a2enmod ssl <VirtualHost *:443> ServerName example.com # ServerAlias www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/example.com/domain.crt SSLCertificateKeyFile /etc/ssl/example.com/domain.key SSLCertificateChainFile /etc/ssl/example.com/gd_bundle.crt </VirtualHost>