Showing posts with label AEM/Apache Webserver. Show all posts
Showing posts with label AEM/Apache Webserver. Show all posts

How to hide Apache Version and OS Identity from Errors in Apache HTTP server


Environment  : Apache Web server


-          When you install apache with source or package through installer like Yum, it display the version of Apache and OS version in the errors.
-          It also shows the module installed in the Apache server
- It also shows the Port number

Steps to follow in RHEL, CentOS , Fedora, Debian and Ubuntu

1.       Open the httpd.conf/apache2.conf  file based on the OS

# vim /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)
# vim /etc/apache2/apache2.conf (Debian/Ubuntu)

2.       Add the below configuration to httpd.conf/apache2.conf   and Save the file
ServerSignature Off
ServerTokens Prod

3.       Restart the Server and That’s It

# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)

How to verify whether site is prevented from DDoS attack or not

Follow the Below URL to Check whether your site is prevented from DDoS attack or not

URL:
https://nmap.org/nsedoc/scripts/http-slowloris-check.html



Apache Web server Installation and configuration of Dispatcher in AEM

Apache webserver installation and Dispatcher configuration
Steps
Solution Description
Step: 1
Make sure you have downloaded Apache 2.4.3
Download From:
#wget http://apache.techartifact.com/mirror//httpd/httpd-2.4.3.tar.bz2
Step: 2
Install the apache webserver : Extract the Zip file to the /data/downloads Directory
#tar jxvf httpd-2.4.3.tar.bz2
Step: 3
Download apr check for the latest version
Download From:
#wget http://apache.techartifact.com/mirror/apr/apr-1.4.6.tar.bz2
Step: 4

Download apr-util Check for the latest version.
Download From:

Step: 5
Extract the bzip files.

#tar jxvf apr-1.4.6.tar.bz2
#tar jxvf apr-util-1.5.1.tar.bz2
Step: 6
Rename to remove the version from the directory name.

 #mv apr-1.4.6 apr
 #mv apr-util-1.5.1 apr-util
Step: 7
Download pcre.  latest version and compile it

#wget  ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.31.tar.bz2
#./configure --prefix=/etc/httpd/pcre
#make
#make install
Step: 8
Install apache

#./configure --prefix=/etc/httpd/apache2 --enable-mods-shared=all   --with-included-apr --with-pcre=/etc/httpd/pcre/
#make
#make install
Step: 9
Start Apache and verify installation
# cd /etc/httpd/apache2/bin
#./apachectl configtest
# ./apachectl  start
Or
#cd /etc/init.d/httpd start

Step: 10
Apache Configuration file:
#vi /etc/httpd.conf

ServerRoot "/etc/httpd/apache2"
Listen 80

#Modules added for
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule rewrite_module modules/mod_rewrite.so

          User apache
          Group apache



Step: 11
Install Dispatcher
Get Dispatcher package: dispatcher-apache2.4-linux-x86-64-4.1.2.tgz
#tar zxvf dispatcher-apache2.4-linux-x86-64-4.1.2.tgz
#cp -r modules/* /etc/httpd/modules/

Create a symbolic link to name 'mod_dispatcher.so' to the dispatcher module by running the command
> ln -s dispatcher_apache_xxxx_yyyy.so mod_dispatcher.so
Step:12.1
Setting Dispatcher Handler
       
                SetHandler dispatcher-handler
                ModMimeUsePathInfo On
       
        Options FollowSymLinks
        AllowOverride None



Step: 13
Setting up the Publish renders 1,2,3 and 4
#vi /usr/local/apache2/conf/extra/dispatcher.any
                       /renders
                        {
                                /render0
                                {
                                        /hostname "localhost1"
                                        /port "4503"
                                }
                                /render1
                                {
                                        /hostname "localhost2"
                                        /port "4503"
                                }
                                /render2
                                {
                                        /hostname "localhost3"
                                        /port "4503"
                                }
                                /render3
                                {
                                        /hostname "localhost4"
                                        /port "4503"
                                }
                        }


Step: 13.1
Filter out specific URL from accessing over the internet
/filter
      {
      # Deny everything first and then allow specific entries
      /0001 { /type "deny"  /glob "*" }
    #  /0001 { /type "allow"  /glob "*" }
       
      # Open consoles
#     /0011 { /type "allow" /glob "* /admin/*"  }  # allow servlet engine admin
#     /0012 { /type "allow" /glob "* /crx/*"    }  # allow content repository
#     /0013 { /type "allow" /glob "* /system/*" }  # allow OSGi console

      # Deny query
      /0090 { /type "deny"  /glob "* *.query.json*" }
          /0091 { /type "allow" /glob "* /test/*" }
          /0092 { /type "allow" /glob "GET *.1.json*" }          # allow one-level json requests
          /0093 { /type "allow" /glob "* /auth/*" }

      }
Step: 13.2

    # The cache section regulates what responses will be cached and where.
    /cache
      {
      # The docroot must be equal to the document root of the webserver. The
      /docroot "/data/aem/dispatcher/cache"
      # Sets the level upto which files named ".stat" will be created in the
      #/statfileslevel "0"
      # Flag indicating whether to cache responses to requests that contain
      # authorization information.
      #/allowAuthorized "1"
      # Flag indicating whether the dispatcher should serve stale content if
      # no remote server is available.
      /serveStaleOnError "0"
      # The rules section defines what responses should be cached based on
      /rules
        {
        /0000
          {
          # the glob pattern to be compared against the URL
         /glob "*"
          /type "allow"
          }
         
         

Step14
Cache invalidation for webserver and access to publishers
/invalidate
        {
                /0002
          {
          /glob "/etc/segmentation.segment.js"
          /type "allow"
          }
        /0003
          {
          /glob "*/analytics.sitecatalyst.js"
          /type "allow"
          }
                   /0004
                    {
                    /glob "*.js"
                    /type "allow"
                    }         
                /0005
                    {
                    /glob "*.css"
                    /type "allow"
                    }
        }
Step: 15
Performance tuning
# this configuration file extends the basic httpd.conf
# it includes a number of options that are used to improve performance
# turn off Etags completely, since they will differ across the cluster
FileETag None
# instead we use Expires and Cache-Control headers
ExpiresActive On
ExpiresByType text/css "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType application/x-shockwave-flash "access plus 1 year"
# force set Vary header so it works with proxies and IE properly
Header set Vary "Accept-Encoding"
        # enable compression for text file types: html, css, js, XML
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/xml
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE application/xhtml+xml
        AddOutputFilterByType DEFLATE application/rss+xml
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/x-javascript
        DeflateCompressionLevel 9
        DeflateFilterNote Input instream
        DeflateFilterNote Output outstream
        DeflateFilterNote Ratio ratio

Step: 16
Test configuration
# sudo /etc/init.d/httpd status

Step: 17
Stop Apache Server

# sudo /etc/init.d/httpd stop

Step: 18
Start Apache Server

# sudo /etc/init.d/httpd stop

Step:19
Log file location
/etc/httpd/logs/