Information and howtos about the Apache web server
Apache is an open source web server that runs on a variety of platforms including various UNIX flavours, Novell Netware and Microsoft Windows. It is used to run more websites on the Internet than any other webserver and has done so since 1996, as reported by the Netcraft Webserver Survey. The Apache webserver can be downloaded in binary and source form from the Apache website.
Post sort order: Post Date (Newest First) | Post Date (Oldest First) | Alphabetical | Date Updated
The X-Frame-Options response header this morning; it can be used to prevent your website being rendered within a <frame>, <iframe> or <object>. There are different options to either deny access to all websites, allow from the same origin only, and to allow from a specific origin.
This post shows how to password protect a website with an Apache .htaccess file, but still allow access for a particular user-agent.
When redirecting all requests from one domain name to another one when the URL structure has changed, you'll ideally want to craft redirects from the old scheme to the new one. Sometimes this is too complex or messy, and it's easiest to just redirect everything to the new domain's homepage. If they have query strings at the end of the URL then Apache's RedirectMatch and RewriteRule with automatically include the query string in the redirect location. This post shows how to solve this.
In one of my posts I have an AJAX loading image to demonstrate showing a loading image while waiting for an AJAX request to run. For some reason a bunch of people have decided to hotlink the loading image from my site, rather than generate their own from ajaxload.info and host it themselves.
There are many websites out there offering how to prevent hotlinking by using rewrite rules to show either a different image or make it forbidden (here's a good tutorial ) but I decided to do it differently and pop up a username and password dialog instead.
This is a summary post containing a list of the articles from this blog containing recipes, tips and tricks for using Apache's .htaccess files.
Apache's configuration allows access to be restricted by IP address in both the main configuration file, virtualhost directives and .htaccess files. It can be useful to deny access to specific IP addresses, for example to keep a bad robot out; and it can equally be useful to deny access to all IP addresses but allow a select few in, for example to restrict access for a specific area of a website (e.g. the admin) to a specific number of IP address. This post shows how to do both.
Apache 2.x keeps child processes alive by creating internal connections which appear in the log files as "internal dummy connection" on the IP address ::1 or 127.0.0.1. If you ever monitor Apache log files you'll see a lot of these in the log files. This post shows how to prevent logging for these two IP addresses so your log files won't get filled up with these.
I have posted how to password protect a directory and remove password protection from a subdirectory with Apache and in this post look at how to have a password for all users except those from a defined IP address or set of IP addresses.
This post is a response to a question asked on my "Disable PHP in a directory with Apache .htaccess" article asking how to disable PHP completely in Apache, or as it was asked: "Could you tell me how can I turn off PHP on Apache (Run Apache without PHP)".
When a directory is password protected with Apache either with a .htaccess file or in the main Apache configuration, all subdirectories are also password protected. This post shows how to remove password protection from a subdirectory and from an individual file.
This post is more of a self-reference than anything because there are probably fifty million other posts on the Internet showing how to password protect a directory with an Apache .htaccess file...
If you have a directory which users can upload files into it's a good idea for security reasons to disable server-side parsing of scripts such as PHP. This post shows a couple of options using Apache's .htaccess files.
Default installations of Apache usually alias /icons to Apache's icons directory which cannot be overridden in an .htaccess file. If you do not control the Apache configuration of a server, and for maximum compatibility, it is always best to never have an /icons directory at a website's root level.
When temporarily taking down a website to perform maintenance, it's a good idea to return a "503 Service Temporarily Unavailable" header so search engines know to come back later. This post shows how to set this header using an Apache .htaccess file, and also how to show a response page to users with PHP so they know to try again later.
PHP code in a script is commonly delimited by opening <?php and closing ?> tags but there are also the older short open tags like this <? There are instances where you may need to disable short tags as shown in this post and using an Apache .htaccess file.
The default .htaccess file for SilverStripe runs all URLs that do not belong to actual files on the filesystem through the Sapphire framework. This means that if a request is made for a CSS file that does not exist, for example, it will be run through SilverStripe/Sapphire, which is not really necessary.
There are times you may need to monitor what's happening on an Apache web server as is happens. This can be done from the command line using a combination of the tail command, which outputs the last part of a file, and grep or egrep which are used for regular expression pattern matching.
When PHP is installed in Apache files with the .php extension are interpreted as PHP scripts. It is possible to make any file extension be parsed as PHP including .html.
PHP has a large number of configuration option which can be set in the php.ini file, Apache <virtualhost> blocks, .htaccess files and ini_set(). This post looks at how to set PHP configuration options with Apache's .htaccess files.
When maintaing a website for a customer where there are several gigabtyes of product images that change frequently, it can be annoying to have to keep a local copy of all those images, particularly when bandwidth usage is taken in to consideration. Using .hatccess files on Apache with a clever use of rewrite rules, it is possible to still reference the images files as if they are on the local webserver but they are really served off the remote server. This makes the local development copy of the website look just like the remote one without having to worry about keeping the images in sync. This post looks at how to do this.
Apache allows the use of .htaccess files which can change certain configuration options in a per-directory basis. By default .htaccess files are named .htaccess but it is possible to use a different name either for the whole server, or on a virtual host by virtual host basis. This post looks at how to change the filename used.
On a default install of CentOS or Red Hat Enterprise Linux, the log rotation script will automatically rotate the Apache log file each day and then reload the httpd service. This post looks at how to prevent this action from occuring automatically, or to change the behaviour to rotate the log files if your naming convention for log files is different from the default.
I've set up a CentOS 5 Apache web server for a customer where we run the web server as user different from the default user "apache" (often "nobody" is used as well). The application runs through SSL using mod_ssl, and when accessing SSL secured pages errors like these would appear in the error log:
"[Wed Nov 14 11:16:49 2007] [warn] (13)Permission denied: Failed to acquire SSL session cache lock [Wed Nov 14 11:16:49 2007] [warn] (13)Permission denied: Failed to release SSL session cache lock"
It's possible with the Apache web server to compress files that are sent to the browser so less bandwidth is consumed and the load time should generally be faster. The module in Apache 2.0 and up is called mod_deflate.
Tim Berners-Lee is the creator of the "World Wide Web" and the www prefix used in so many website addresses was his "fault" :) It made sense at the time to have a different prefix for domains for different services such as ftp, email, websites and more. However, websites came to use both the www and non-www prefix for accessing them (eg www.example.com and example.com) and the www part has therefore become somewhat redundant.
This article looks at why I use the www version of the domain name as the primary domain name for my websites, and redirect traffic from the non-www version to the www version.
AWStats provides a useful overview of website statistics from your Apache log files. There is no automatic way to install AWStats on CentOS using yum, so this article looks at how to install AWStats on CentOS. The instructions below should also work on other Linux distributions that do not have an automatic way of installing AWStats.
I've often found that something gets left out or forgotten when moving a website from an old server to a new install. I've just finished migrating one of my customer's sites to a new CentOS 5.0 install with Apache 2.2 and PHP 5.1.6, and there's one single PHP script in the site which uses the SoapClient class.
Naturally I'd forgotten to test this particular function until after the migration was complete, and was wondering why the script had failed. A quick look in the Apache error log file revealed the following error message: PHP Fatal error: "Class 'SoapClient' not found"
I was moving a customer's website from its old dedicated web server to a shiny new one, installing CentOS 5 on it with Apache 2.2 and MySQL 5.0. They already had a secure certificate running on the old site, so I copied the certificate files over and the secure server settings into the appropriate configuration file.
I run AWStats on one of my servers and it copies files over from some of the other servers I manage every 15 minutes and processes them. However, I had a server issue yesterday with the machine that AWStats runs on, and it meant the auto process which copies the files over and runs AWStats stopped running for about 12 hours. The end result was some lost information and needing to regenerate stats for the month to date. I needed to override the AWStats LogFile configuration directive on the command line to be able to do this.