.htaccess Error Documents

Apache allows you to customize the server at the directory level, using .htaccess files. This tutorial explains how to use them to serve custom 404 error (page not found), and other common error pages, to your users.
Server response codes
A server reponse code is a three digit number sent by a server to a user in response to a request for a web page or document. They tell the user whether the request can be completed, or if the server needs more information, or if the server cannot complete the request. Usually, these codes are sent ‘silently’ – so you never see them, as a user – however, there are some common ones that you may wish to set up error pages for, and they are listed below. Most people will only ever need to set up error pages for server codes 400, 401, 403, 404 and 500, and you would be wise to always have an error document for 404 errors at the very least.
It is also relatively important to ensure that any error page is over 512 bytes in size. Internet Explorer 5, when sent an error page of less than 512 bytes, will display its own default error document instead of your one. Feel free to use padding if this is an issue – personally, I’m not going to increase the size of a page because Internet Explorer 5 doesn’t behave well.
In order to set up an error page for any other error codes, you simply add more lines to your .htaccess file. If you wanted to have error pages for the above five errors, your .htaccess file might look something like this:
ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html Read More

How to disable ModSecurity rules

1. View ModSecurity Audit Log File.

  • We need to first find the rules that are being triggered by ModSecurity on your webserver.
  • Open the tail end of the ModSecurity log file called modsec_audit.log to view the last entries made to the log file.
  • For Apache2 servers it is located in /var/log/apache2/ 
  • Open the Terminal Window and enter :
sudo tail /var/log/apache2/modsec_audit.log --lines 60 | less
  • The output should look similar to this screenshot below.
  • Look for Access denied with code 403 and work backwards to find the start of the rule entry based on the log entry id.
  • In this case the log entry ID is –00aee77f (see marked in yellow)
  • Find the GET item – in this example it is /modern-classic (see marked in blue)
  • Find the ModSecurity rule that was triggered by the GET – in this example the rule id 958291 (see marked in purple)

Read More

Install mod_pagespeed (Website Optimizer) for Apache in CentOS

mod_pagespeed is an open source module for Apache web server that automatically optimize Web Pages to improve better performance while serving web pages using Apache HTTP Server. It has several filters that automatically optimize files like HTML, CSS, JavaScript, JPEG, PNG and other resources.

Step 1: Enabling Google’s mod_pagespeed Repository

Create a file called /etc/yum.repos.d/mod-pagespeed.repo with the help of your favourite editor and add the following lines of code to it based on your OS bit. Read More

SELinux preventing Apache from writing to a file

For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t
To permanently mark that directory as httpd_sys_rw_content_t, you can use the command

semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?;
restorecon -RF /var/www/webapp/k/site/

This will survive SELINUX binary policy updates and filesystem relabeling.
Read More

How to install OTRS 4 on CentOS 7

In this post I’m going to walk you through installing OTRS 4 on CentOS 7. The procedure will be very similar for Red Hat Enterprise Linux (RHEL) version 7 as this is binary compatible.
Please note that there are some differences between CentOS 6 and CentOS 7: it now ships with systemd and with firewalld so the instructions to install OTRS are pretty different.
Setting up your production server or migrating from one is something you don’t want to do every day. This means you better take a distribution that will receive security upgrades for a long time. This is why I would recommend CentOS version 7 over version 6 at this point in time. Read More