SOPA

Tuesday, March 24, 2009

Apache2 config: Changing Error message

In continuation to the previous blog... when the IP range was blocked we did want the default Forbidden message of apache2 the config was simple....

open and edit /etc/apache2/apache2.conf

[code]

Alias /error/ "/usr/share/apache2/error/"


AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en cs de es fr it nl sv pt-br ro
ForceLanguagePriority Prefer Fallback


ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /redirected.php
#ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

[/code]

I just wanted to change to FORBIDDEN access page to if the page is in ur default website directory just type / else metion to where it should redirect for more visit
4webhelp

google cache

Monday, March 23, 2009

Apache2 : Blocking access to a range of IPs

A few days back we had a problem that someone in a particular hostel was flooding the mysql through our website.
Now the problems were

1. We had to block the entire range of IP for that those places. (as the person was able to change his/ her IP and flood again)

2. We could not stop them from accessing apache2 completely as the server also hosts the local linux repos fror the network so by blocking access to port 80 the repos would also be blocked for that range.

3. A few IP in the blocked range had to be allowed as the IPs were of known people and who needed the access.

Now we followed a step by step approach to this..

1. For blocking the entire range we had to block the ips as well as the subnet as follows..

Open and edit /etc/apache2/site-enabled/

[code]
NameVirtualHost *:443
NameVirtualHost *:80

ServerAdmin webmaster@localhost

DocumentRoot /var/www/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
deny from 192.168.xxx.0/255.255.xxx.0
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/

[/code]

Here the apache2 is blocking the ip range of 192.168.xxx.0 to 192.168.xxx.255
having the subnet mask
255.255.xxx.0

2. For allowing access to repos on the server.

Open and edit /etc/apache2/site-enabled/

[code]
NameVirtualHost *:443
NameVirtualHost *:80

ServerAdmin webmaster@localhost

DocumentRoot /var/www/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
deny from 192.168.xxx.0/255.255.xxx.0
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/


Alias /repo/ubuntu "/var/spool/apt-mirror/mirror/archive.ubuntu.com/ubuntu/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from all


Alias /repo/wine "/var/spool/apt-mirror/mirror/wine.budgetdedicated.com/apt/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from all


Alias /repo/media "/var/spool/apt-mirror/mirror/packages.medibuntu.org/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from all


Alias /yum "/var/cache/yum/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from none
Allow from all

[/code]

3. unblocking a few IPs

Open and edit /etc/apache2/site-enabled/

[code]
NameVirtualHost *:443
NameVirtualHost *:80

ServerAdmin webmaster@localhost

DocumentRoot /var/www/

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
deny from 192.168.xxx.0/255.255.xxx.0
allow from 192.168.xxx.yyy
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/

[/code]

Here the Order is changed to deny then allow. It is interesting to note that to allow all a allow all mask is not required which initially confused me.

I hope this config helps people as much i have broken my head over it