Information and howtos about the Apache web server

Apache is an open source web server that runs on a variety of platforms including various UNIX flavours, Novell Netware and Microsoft Windows. It is used to run more websites on the Internet than any other webserver and has done so since 1996, as reported by the Netcraft Webserver Survey. The Apache webserver can be downloaded in binary and source form from the Apache website.

Post sort order: Post Date (Newest First) | Post Date (Oldest First) | Alphabetical | Date Updated

Browser responses to the X-Frame-Options response header

Posted in Apache and Nginx Web Server -

The X-Frame-Options response header this morning; it can be used to prevent your website being rendered within a <frame>, <iframe> or <object>. There are different options to either deny access to all websites, allow from the same origin only, and to allow from a specific origin.

Password protection with Apache but allow from a user agent

Posted in Apache -

This post shows how to password protect a website with an Apache .htaccess file, but still allow access for a particular user-agent.

RewriteRule redirect without the query string

Posted in Apache -

When redirecting all requests from one domain name to another one when the URL structure has changed, you'll ideally want to craft redirects from the old scheme to the new one. Sometimes this is too complex or messy, and it's easiest to just redirect everything to the new domain's homepage. If they have query strings at the end of the URL then Apache's RedirectMatch and RewriteRule with automatically include the query string in the redirect location. This post shows how to solve this.

Apache .htaccess recipes, tips and tricks

Posted in Apache -

This is a summary post containing a list of the articles from this blog containing recipes, tips and tricks for using Apache's .htaccess files.

Allowing and denying access by IP address with Apache

Posted in Apache -

Apache's configuration allows access to be restricted by IP address in both the main configuration file, virtualhost directives and .htaccess files. It can be useful to deny access to specific IP addresses, for example to keep a bad robot out; and it can equally be useful to deny access to all IP addresses but allow a select few in, for example to restrict access for a specific area of a website (e.g. the admin) to a specific number of IP address. This post shows how to do both.

Stop logging "internal dummy connection" in Apache

Posted in Apache -

Apache 2.x keeps child processes alive by creating internal connections which appear in the log files as "internal dummy connection" on the IP address ::1 or If you ever monitor Apache log files you'll see a lot of these in the log files. This post shows how to prevent logging for these two IP addresses so your log files won't get filled up with these.

Password protection with Apache but allow from an IP address

Posted in Apache -

I have posted how to password protect a directory and remove password protection from a subdirectory with Apache and in this post look at how to have a password for all users except those from a defined IP address or set of IP addresses.

Turn off PHP on Apache

Posted in Apache and PHP -

This post is a response to a question asked on my "Disable PHP in a directory with Apache .htaccess" article asking how to disable PHP completely in Apache, or as it was asked: "Could you tell me how can I turn off PHP on Apache (Run Apache without PHP)".

Remove password protection from a subdirectory with Apache

Posted in Apache -

When a directory is password protected with Apache either with a .htaccess file or in the main Apache configuration, all subdirectories are also password protected. This post shows how to remove password protection from a subdirectory and from an individual file.

Password protect a directory with Apache

Posted in Apache -

This post is more of a self-reference than anything because there are probably fifty million other posts on the Internet showing how to password protect a directory with an Apache .htaccess file...

Disable PHP in a directory with Apache .htaccess

Posted in Apache and PHP -

If you have a directory which users can upload files into it's a good idea for security reasons to disable server-side parsing of scripts such as PHP. This post shows a couple of options using Apache's .htaccess files.

Apache and icons directory

Posted in Apache -

Default installations of Apache usually alias /icons to Apache's icons directory which cannot be overridden in an .htaccess file. If you do not control the Apache configuration of a server, and for maximum compatibility, it is always best to never have an /icons directory at a website's root level.

Using Apache mod_expires to control browser caching

Posted in Apache -

Apache's mod_expires module allows settings by file type to control how long browsers cache files. This is useful for ensuring browsers cache image, Javascript and/or CSS files without making additional unecessary requests when loading pages.

Setting 503 Service Temporarily Unavailable headers with Apache .htaccess

Posted in Apache and PHP -

When temporarily taking down a website to perform maintenance, it's a good idea to return a "503 Service Temporarily Unavailable" header so search engines know to come back later. This post shows how to set this header using an Apache .htaccess file, and also how to show a response page to users with PHP so they know to try again later.

Disabling PHP short tags in an Apache .htaccess file

Posted in Apache and PHP -

PHP code in a script is commonly delimited by opening <?php and closing ?> tags but there are also the older short open tags like this <? There are instances where you may need to disable short tags as shown in this post and using an Apache .htaccess file.

.htaccess condition to prevent missing CSS, JS, image urls being parsed by SilverStripe

Posted in Apache and SilverStripe -

The default .htaccess file for SilverStripe runs all URLs that do not belong to actual files on the filesystem through the Sapphire framework. This means that if a request is made for a CSS file that does not exist, for example, it will be run through SilverStripe/Sapphire, which is not really necessary.

Viewing live Apache logs with tail, grep and egrep

Posted in Apache -

There are times you may need to monitor what's happening on an Apache web server as is happens. This can be done from the command line using a combination of the tail command, which outputs the last part of a file, and grep or egrep which are used for regular expression pattern matching.

Content-type for Javascript with Apache

Posted in Apache and Javascript -

I was making some changes to an Apache configuration this morning to ensure mod_deflate was compressing CSS and Javascript files and discovered I'd either documented the content-type for Javascript incorrectly, or the Apache version and Linux distro I used at the time served Javascript differently.

Get Apache to parse .html files as PHP

Posted in Apache and PHP -

When PHP is installed in Apache files with the .php extension are interpreted as PHP scripts. It is possible to make any file extension be parsed as PHP including .html.

Set PHP configuration options with an Apache .htaccess file

Posted in Apache and PHP -

PHP has a large number of configuration option which can be set in the php.ini file, Apache <virtualhost> blocks, .htaccess files and ini_set(). This post looks at how to set PHP configuration options with Apache's .htaccess files.

Force reload of updated CSS and Javascript files with unique filenames

Posted in Apache, HTML and CSS, Javascript and PHP -

When a CSS or Javascript file is changed the visitor's browser needs to get the latest copy of the file to reflect the changes, but it will have been cached and may cause rendering or functionality issues depending on the changes. To force reloading of the CSS and Javascript file the files should be renamed each time they are changed; this can be automated by using PHP to add the timestamp of the file into the filename.

Aliasing images to a remote server with .htaccess

Posted in Apache -

When maintaing a website for a customer where there are several gigabtyes of product images that change frequently, it can be annoying to have to keep a local copy of all those images, particularly when bandwidth usage is taken in to consideration. Using .hatccess files on Apache with a clever use of rewrite rules, it is possible to still reference the images files as if they are on the local webserver but they are really served off the remote server. This makes the local development copy of the website look just like the remote one without having to worry about keeping the images in sync. This post looks at how to do this.

Changing the .htaccess filename in Apache

Posted in Apache -

Apache allows the use of .htaccess files which can change certain configuration options in a per-directory basis. By default .htaccess files are named .htaccess but it is possible to use a different name either for the whole server, or on a virtual host by virtual host basis. This post looks at how to change the filename used.

Changing Apache log rotation behaviour on CentOS / RHEL

Posted in Apache -

On a default install of CentOS or Red Hat Enterprise Linux, the log rotation script will automatically rotate the Apache log file each day and then reload the httpd service. This post looks at how to prevent this action from occuring automatically, or to change the behaviour to rotate the log files if your naming convention for log files is different from the default.

Apache - Permission denied: Failed to acquire SSL session cache lock

Posted in Apache -

I've set up a CentOS 5 Apache web server for a customer where we run the web server as user different from the default user "apache" (often "nobody" is used as well). The application runs through SSL using mod_ssl, and when accessing SSL secured pages errors like these would appear in the error log:

"[Wed Nov 14 11:16:49 2007] [warn] (13)Permission denied: Failed to acquire SSL session cache lock [Wed Nov 14 11:16:49 2007] [warn] (13)Permission denied: Failed to release SSL session cache lock"

Compressing files on Apache with mod_deflate

Posted in Apache -

It's possible with the Apache web server to compress files that are sent to the browser so less bandwidth is consumed and the load time should generally be faster. The module in Apache 2.0 and up is called mod_deflate.

Use of www in website addresses

Posted in Apache -

Tim Berners-Lee is the creator of the "World Wide Web" and the www prefix used in so many website addresses was his "fault" :) It made sense at the time to have a different prefix for domains for different services such as ftp, email, websites and more. However, websites came to use both the www and non-www prefix for accessing them (eg www.example.com and example.com) and the www part has therefore become somewhat redundant.

This article looks at why I use the www version of the domain name as the primary domain name for my websites, and redirect traffic from the non-www version to the www version.

Installing AWStats on CentOS

Posted in Apache and Linux/Unix/BSD -

AWStats provides a useful overview of website statistics from your Apache log files. There is no automatic way to install AWStats on CentOS using yum, so this article looks at how to install AWStats on CentOS. The instructions below should also work on other Linux distributions that do not have an automatic way of installing AWStats.

PHP Error Class 'SoapClient' not found

Posted in Apache and PHP -

I've often found that something gets left out or forgotten when moving a website from an old server to a new install. I've just finished migrating one of my customer's sites to a new CentOS 5.0 install with Apache 2.2 and PHP 5.1.6, and there's one single PHP script in the site which uses the SoapClient class.

Naturally I'd forgotten to test this particular function until after the migration was complete, and was wondering why the script had failed. A quick look in the Apache error log file revealed the following error message: PHP Fatal error: "Class 'SoapClient' not found"

Installing mod_ssl on Apache on CentOS 5

Posted in Apache -

I was moving a customer's website from its old dedicated web server to a shiny new one, installing CentOS 5 on it with Apache 2.2 and MySQL 5.0. They already had a secure certificate running on the old site, so I copied the certificate files over and the secure server settings into the appropriate configuration file.

Overriding the AWStats LogFile Configuration Option

Posted in Apache and Linux/Unix/BSD -

I run AWStats on one of my servers and it copies files over from some of the other servers I manage every 15 minutes and processes them. However, I had a server issue yesterday with the machine that AWStats runs on, and it meant the auto process which copies the files over and runs AWStats stopped running for about 12 hours. The end result was some lost information and needing to regenerate stats for the month to date. I needed to override the AWStats LogFile configuration directive on the command line to be able to do this.

Howto Restart Apache

Posted in Apache -

If you have made changes to the Apache configuration file httpd.conf, or one of the other included configuration files (eg vhosts.d files), you need to reload the Apache service for the changes to take effect.