Install ruTorrent on xbian

Install and configure apache server:
sudo apt-get install apache2 apache2-utils libapache2-mod-php5
Configure Apache
Enable auth_digest module for ruTorrent authentication, SSL, and reqtimeout.

sudo a2enmod auth_digest ssl reqtimeout
Open apache2.conf

sudo nano /etc/apache2/apache2.conf
Edit or add the following lines:

Timeout 30
ServerSignature Off
ServerTokens Prod

(more…)

Read More

.htaccess Error Documents

Apache allows you to customize the server at the directory level, using .htaccess files. This tutorial explains how to use them to serve custom 404 error (page not found), and other common error pages, to your users.

Server response codes

A server reponse code is a three digit number sent by a server to a user in response to a request for a web page or document. They tell the user whether the request can be completed, or if the server needs more information, or if the server cannot complete the request. Usually, these codes are sent ‘silently’ – so you never see them, as a user – however, there are some common ones that you may wish to set up error pages for, and they are listed below. Most people will only ever need to set up error pages for server codes 400, 401, 403, 404 and 500, and you would be wise to always have an error document for 404 errors at the very least.

It is also relatively important to ensure that any error page is over 512 bytes in size. Internet Explorer 5, when sent an error page of less than 512 bytes, will display its own default error document instead of your one. Feel free to use padding if this is an issue – personally, I’m not going to increase the size of a page because Internet Explorer 5 doesn’t behave well.

In order to set up an error page for any other error codes, you simply add more lines to your .htaccess file. If you wanted to have error pages for the above five errors, your .htaccess file might look something like this:
ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html (more…)

Read More

Secure Your Web Site from Clickjacking Attack

Clickjacking is well known web application vulnerabilities. For example, it was used as an attack on Twitter. To defense Clickjacking attack on your Apache web server, you can use X-FRAME-OPTIONS to avoid your website being hacked from Clickjacking.

The X-Frame-Options in HTTP response header can be used to indicate whether or not a browser should be allowed to open a page in frame or iframe. This will prevent site content embedded into other sites. Did you every try embed Google.com in your website as frame? You can’t because it’s protected and you can protect it too. (more…)

Read More

How to disable service listing in Axis2

Apache Axis2 is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack.
Number of users have requested to have a way to enable/disable service listing in Axis2. What that means is, by default Axis2 list out all the service in the system when you go the following URL;

http://localhost:8080/axis2/services/listServices (more…)

Read More

How to disable ModSecurity rules

1. View ModSecurity Audit Log File.

  • We need to first find the rules that are being triggered by ModSecurity on your webserver.
  • Open the tail end of the ModSecurity log file called modsec_audit.log to view the last entries made to the log file.
  • For Apache2 servers it is located in /var/log/apache2/ 
  • Open the Terminal Window and enter :
sudo tail /var/log/apache2/modsec_audit.log --lines 60 | less
  • The output should look similar to this screenshot below.
  • Look for Access denied with code 403 and work backwards to find the start of the rule entry based on the log entry id.
  • In this case the log entry ID is –00aee77f (see marked in yellow)
  • Find the GET item – in this example it is /modern-classic (see marked in blue)
  • Find the ModSecurity rule that was triggered by the GET – in this example the rule id 958291 (see marked in purple)

(more…)

Read More

Install mod_pagespeed (Website Optimizer) for Apache in CentOS

mod_pagespeed is an open source module for Apache web server that automatically optimize Web Pages to improve better performance while serving web pages using Apache HTTP Server. It has several filters that automatically optimize files like HTML, CSS, JavaScript, JPEG, PNG and other resources.

Step 1: Enabling Google’s mod_pagespeed Repository

Create a file called /etc/yum.repos.d/mod-pagespeed.repo with the help of your favourite editor and add the following lines of code to it based on your OS bit. (more…)

Read More