it's a raspberry pi

Editorials

 Setups & configurations

anchor life saver

 We got some boring movies

🎥 Cinematique

 Regarding unity3d

🙂 In-game char icons
Externals

 All about pirate games

⚓ Pirates ahoy!

 This is German language

💻 Linux - ubuntusers.de
Windward bathtub
Tasharen Windward Game

 Social news aggregation

🌍 Windward #reddit
Windward intensive

 Official Windward wiki

🛠 Wiki @gamepedia
Front desk clerk

No ads, no trackers,
no web beacons

rum barrel
Something else

 Get the weather widget

🌤 Weather code snippet

 Hotchpotch of weblinks

📖 Yellow pages
Archives
Tag cloud

Apache 2.4 web server | .htaccess


Apache Setup Raspberry Pi mini computer to dedicated game server. LAMP. Apache Raspberry Pi mini computer. Dedicated game server.
That is simply just another http web server powered by Apache Software
and the Raspberry Pi Foundation with Raspbian Debian OS Stretch Lite on it.


How to create one .htaccess files


You can create one by renaming a simple text document and giving it the name .htaccess. Upload this text document to root e.g. /var/www/html.

Eventually you need to CHMOD the .htaccess file to 644 or (rw-r–r–) so that the file is usable by apache and prevents it from being read by a web browser.

user@raspberry:~ $ sudo su
root@raspberrypi:# cd /var/www/html
root@raspberrypi:/var/www/html# chmod 644 .htaccess


One .htaccess will affect all sub-folders in which it is placed.

To make .htaccess working as expected, you need to edit the apache configuration file:


root@raspberry:~# nano /etc/apache2/apache2.conf


          <Directory /var/www/>
                ...
                AllowOverride None
                ...
          </Directory>
          

Change AllowOverride from None to All.

          <Directory /var/www/>
                ...
                AllowOverride All
                ...
          </Directory>
          

Save Ctrl O the file  apache2.conf  and close Ctrl X the nano editor.


root@raspberry:~# service apache2 restart


or if Apache requires

root@raspberry:~# systemctl daemon-reload
root@raspberry:~# service apache2 restart


Apache version 2.4 mod_rewrite directives

          
          Order, Allow, Deny
          
have changed to
          
          Require all granted
          Require all denied
          Require not ip
          Require not host
          


          RewriteCond %{http_USER_AGENT} ^Mozilla/5.0 zgrab/0.x
          RewriteCond %{http_REFERER} (facebook|twitter|amazon)
          
changed with " "
          
          RewriteCond "%{http_USER_AGENT}" "^Mozilla/5.0 zgrab/0.x"
          RewriteCond "%{http_REFERER}" "(facebook|twitter|amazon)"
          

Examples .htaccess | Apache 2.4 and higher


          # error handling, redirecting to a specific html document/domain
          ErrorDocument 404 /404.html
          ErrorDocument 403 https://duckduckgo.com 

          # disable directory browsing
          Options -Indexes

          # charset and language
          AddDefaultCharset UTF-8
          DefaultLanguage en-US

          # hide server OS and server IP in error pages
          ServerSignature Off
          
          # configuration HTML5 formats
          AddType video/mp4 .mp4
          AddType audio/mp3 .mp3
          


Method to ban unwanted beings & bots
If is a match, it is blocked via 403 Forbidden response.
          
          # individual
          <Limit GET> 
          	Require all granted
          	Require not ip 111.222.333.444
          	Require not ip 111.222.333
          	Require not ip 111.222
          	Require not ip 111.222.555.0/24
          	Require not host example.com
          	Require not host sub.example.com
          	Require not host example
          </Limit>
          
          # multiple
          <Limit POST PUT DELETE>
          	Require all granted
          	Require not ip 111.222.333.444
          	Require not ip 111.222.333
          	Require not ip 111.222
          	Require not host example.com
          	Require not host sub.example.com
          	Require not host example
          </Limit>
          

GET actually retrieves the resource. HEAD is similar to GET except that the message body is not returned. That is, it gets the file header information and not the entire resource. GET togehter with HEAD may give error 500 message Internal Server Error.


POST requests are used for HTML/PHP form data, likely be the typical username & password form.



Method to ban unwanted beings & bots
          
          <RequireAll>
          	Require all granted
          	Require not ip 111.222.333.444
          	Require not ip 111.222.333
          	Require not ip 111.222
          	Require not host example.com
          	Require not host sub.example.com
          	Require not host example
          </RequireAll>
          

Source: apache.org Access Control, 2017


Method to ban unwanted user agents, referers & IPs
          
          # user agents, referers
          RewriteEngine on      
          RewriteCond "%{http_USER_AGENT}" "^.*Mozilla/5.0 zgrab/0.x.*$" [NC,OR]
          RewriteCond "%{http_REFERER}" "^.*(ru|ua|io|gov).*$" [NC]
          RewriteRule "^/$" "-" [F,L]
          
          RewriteEngine on      
          RewriteCond "%{http_USER_AGENT}" "^.*(YandexBot|SemrushBot|Wget).*$" [NC,OR]
          RewriteCond "%{http_REFERER} "^.*(ru|ua|kz|by).*$" [NC,OR]
          RewriteCond "%{http_REFERER} "^.*(facebook|twitter|amazon|etc.net).*$" [NC]
          RewriteRule "^/$" "-" [F,L]
          
          
          # IPs
          RewriteEngine on
          RewriteCond "%{REMOTE_ADDR}" "111\.222\.333\.444"
          RewriteRule "^/$" "-" [F,L]
          
          RewriteEngine on
          RewriteCond "%{REMOTE_ADDR}" "111\.222" [OR]
          RewriteCond "%{REMOTE_ADDR}" "333\.444\.555" [OR]
          RewriteCond "%{REMOTE_ADDR}" "666\.777\.888\.999"
          RewriteRule "^/$" "-" [F,L]
          

That requires to activate the mod_rewrite module. To enable mod_rewrite if it's not already.

Apache2 enable module:


root@raspberry:~# a2enmod rewrite

          
          Module rewrite (already) enabled
          

root@raspberry:~# service apache2 restart


Reloads all the Apache config files.

Or as per new unified system control way:


root@raspberry:~# systemctl restart apache2




Disable php, Perl, CGI execution

          # directive preferred
          <FilesMatch ".*\.(php|pl|cgi)$">
            Require all denied
          </FilesMatch>
          


Send unwanted sniffers away


Most probably you detect in apache.log entries like ...

          
          120.27.35.11 - - [16/Jan/2018:11:58:42 +0100] 
               "GET / http/1.1" 200 25057 "-" "-"
          120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] 
               "GET /xmlrpc.php http/1.1" 404 379 "-" "-"
          120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] 
               "HEAD /wp-login.php http/1.1" 404 379 "-" "-"
          120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] 
               "HEAD /mysql.php http/1.1" 404 379 "-" "-"
          

... and you don't use Wordpress, php, CGI-scripts or other features, then send the hackers & spies away by deploying the RedirectMatch 302 directive. A 302 redirect means that the page has moved to other location.

          
          RedirectMatch 302 ^/xml.*$ https://duckduckgo.com
          RedirectMatch 302 ^/wp-.*$ https://duckduckgo.com
          RedirectMatch 302 ^/mysql.*$ https://duckduckgo.com
          

But handle carefully with ^/abc.*$.
That may exclude any URI if it has a /abc .


16-Jan 2018


To be with http://www. or not to be with http://www.


This all depends to your internet service provider support. Point out that without the www. it’s simply not necessary. Neither is better than the other. But it is recommended that you use only one format. Either of the format is equally good. Without www. all URLs are shorter, easier to read and quicker to type.


root@raspberry:# nano /var/www/html/.htaccess


Implement this snipped beyond of others on top of the .htaccess file.
Of course replace wih your own second level domain name (SLD) and top level domain name (TLD).


        RewriteEngine on
        Options +FollowSymLinks
        RewriteCond "%{http_HOST}" "^www\.example\.com$" [NC]
        RewriteRule (.*) "http://example.com/$1" [R=301,L]
        

08-Apr 2018

Hafenzoll 2019