Category Archives: Apache

Apache2 + PHP5-FPM + FastCGI + APC on Debian Wheezy

Make sure to read this post before continue: Package ‘libapache2-mod-fastcgi’ has no installation candidate Install all the required packages: apt-get install apache2-mpm-worker libapache2-mod-fastcgi php5-fpm php-apcapt-get install apache2-mpm-worker libapache2-mod-fastcgi php5-fpm php-apc Enable needed Apache modules: a2enmod actions alias fastcgi rewritea2enmod actions alias fastcgi rewrite Create the file /etc/apache2/conf.d/php5-fpm with this content: # Configure all that stuff […]

Negotiation: discovered file(s) matching request (None could be negotiated)

Today I analyzed the file error.log of a website and I noticed a lot of 404 errors with text like this: [Sun Nov 03 23:16:15 2013] [error] [client XX.XX.XX.XX] Negotiation: discovered file(s) matching request: /path/to/websute/another/path (None could be negotiated).[Sun Nov 03 23:16:15 2013] [error] [client XX.XX.XX.XX] Negotiation: discovered file(s) matching request: /path/to/websute/another/path (None could be […]

Package ‘libapache2-mod-fastcgi’ has no installation candidate

When you try to install the package libapache2-mod-fastcgi you may get this error: root@server:~# apt-get install libapache2-mod-fastcgi Reading package lists… Done Building dependency tree Reading state information… Done Package libapache2-mod-fastcgi is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available […]

Disable File Uploads with PHP.ini

Edit the PHP.ini file located in: /etc/php5/apache2/php.ini/etc/php5/apache2/php.ini Change this line: file_uploads = Onfile_uploads = On To: file_uploads = Offfile_uploads = Off Reload Apache: /etc/init.d/apache2 reload/etc/init.d/apache2 reload

Disable TRACE or TRACK method in Apache

TRACE and TRACK are HTTP request methods used for debugging purposes. Having these request methods enabled in your web server may lead to security risk that may compromise the security of your website and an attacker may manipulate these HTTP request methods to steal sensitive data of users. Disable Trace and Track with mod_rewrite Add […]

Change Apache Server Signature with mod_security

The Apache module mod_security allows us to change the server signature to a custom name, such as MyServer or PrivateServer. Install mod_security: apt-get install libapache-mod-securityapt-get install libapache-mod-security Enable the module: a2enmod mod-securitya2enmod mod-security Edit the file: vi /etc/apache2/conf.d/securityvi /etc/apache2/conf.d/security Change these values: ServerTokens Full SecServerSignature My_Server_NameServerTokens Full SecServerSignature My_Server_Name Reload Apache: /etc/init.d/apache2 reload/etc/init.d/apache2 reload Check […]

Disable Apache Access Log

Apache web server has the option (enabled by default) to log comprehensive and detailed activity, performance, and error messages about its operation to a log file. While logging error messages is useful for system administrators to troubleshoot possible the errors that may occur, the logging of the access of all visitors may be not needed […]

Disable PHP Notice: Undefined variable

Edit PHP.ini settings file: /etc/php5/apache2/php.ini/etc/php5/apache2/php.ini Set the value of error_reporting to: error_reporting = E_ALL & ~E_NOTICE | E_STRICTerror_reporting = E_ALL & ~E_NOTICE | E_STRICT Other info on error_reporting options: ; Error Level Constants: ; E_ALL – All errors and warnings (includes E_STRICT as of PHP 6.0.0) ; E_ERROR – fatal run-time errors ; E_RECOVERABLE_ERROR – […]