Apache Notes


###########################################################
# Apache 2.0.x Compile and Install:

"./configure" \
"--prefix=/usr/local/apache-2.0.52" \
"--enable-so" \
"--enable-rewrite=shared" \
"--enable-ssl=shared" \
"--enable-proxy=shared" \
"--enable-auth-digest=shared" \
"--enable-deflate=shared" \
"--enable-expires=shared" \
"--enable-headers=shared" \
"--enable-status=shared" \
"--enable-cgi=shared"

make
make install

cd /usr/local/
ln -s apache-2.0.46 apache

mkdir /var/log/httpd
chown web:web /var/log/httpd

Bonus Note: To get the ssl module to compile on Red Hat 9, run the following commands first:
cd /usr/include/openssl/
ln -s /usr/kerberos/include/* ./

###########################################################
# SSL Configuration for Apache 2.0.x
# (condensed from http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html)
 
1. Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
    openssl genrsa -des3 -out server.key 1024
 
2. Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
    openssl req -new -key server.key -out server.csr

# Now that you've got a CSR, you have two choices:
#   Choice A:  You can send the CSR to Verisign or Thawte (or somewhere else) to be signed, 
#              in which case they would send you back the SSL certificate.
#   Choice B:  Create your own certificate authorityi (CA) and sign it yourself by following the next three steps:

1. Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted):
    openssl genrsa -des3 -out ca.key 1024
 
2. Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted):
    openssl req -new -x509 -days 365 -key ca.key -out ca.crt
 
3. Now you can use this CA to sign the server CSR and create a SSL certificate:
    ./sign.sh server.csr (sign.sh comes from the mod_ssl source tarball. Go get one from www.modssl.org)

###########################################################
# PHP Compile and Install:

./configure --with-apxs2 --enable-mbstring --with-mysql --with-imap --with-pgsql --with-kerberos --with-imap-ssl

###########################################################
# Interesting mod_rewrite Example:

Can anyone identify this http exploit? Seen in the apache logs:
foo.bar.com - - [30/May/2004:02:45:28 -0400] "SEARCH  /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb...

This is an older IIS WebDAV exploit.  More info athttp://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
You can mod_rewrite these attempts to /dev/null

RedirectMatch permanent (.*)\/x90\/(.*)$ /dev/null

###########################################################