Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

Administrators need to review the Apache security advisories for CVE-2018-8037 and CVE-2018-1336 and apply the necessary updates.

New category

Valic —  October 9, 2011 — Leave a comment

All posts in this category will be useful snippets of different categories such as: bash, linux, mysql, apache, htaccess, and why wordpress and more.

Varnish is a web accelerator. Its mission is to sit in front of a web server an cache the content. It makes your web site go fast.
In this mode, Varnish will stop incomplete HTTP requests from reaching your Apache webserver.

Installing Varnish:

Varnish is distributed in the Debian package repositories, but the version there might be out of date, and  generally recommend using the packages provided by varnish-cache.org or packages from backports.debian.org.

To use the varnish-cache.org repository and install varnish, do the following:

Change Varnish settings:

1. First change the default port.  Edit /etc/default/varnish:

Continue Reading…

Virtual hosts are used to run more than one web site on a single machine.
Virtual hosts can be “IP-based”, meaning that you have a different IP address for every web site, or “name-based”, meaning that you have multiple names running on each IP address.

I want to show you one of mine scripts for easy create virtual hosts in Debian Squeeze or ubuntu.

#!/bin/bash
VHOST_CONF=/etc/apache2/sites-enabled/
ROOT_UID=0
NOTROOT=87
WWW_ROOT=/var/www/

# Check if is root
if [ “$UID” -ne “$ROOT_UID” ]
then
echo “You must be root to run this script.”
exit $NOTROOT
fi

if [ -n “$1” ]
then
DOMAIN=$1
else
echo “You must provide a full domain name for this site, i.e. ‘example.com’ ”
echo -n “Run this script like ./script example.com .”
exit
fi

#Create document root site folder
mkdir -p $WWW_ROOT/$DOMAIN

Continue Reading…

On Debian systems … Apache comes with mod_status compiled by default.
mod_status provides information on the Apache server activity and performance.
This tutorial will show you how to enable this feature, so that only requested issued from localhost are accepted and served.

Setting mod_status up:

By default, server status report is commented so you can not access it. To enable it, you need to uncomment from /etc/apache2/apache2.conf:

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from .your_domain.com
</Location>

Continue Reading…