Category: Webserver

Posted on

[eZPublish] HostMatchMapItems

When adding a new domain name to an eZPublish website, the site.ini file must be modify to assign the domain to an existing siteaccess.

Simply add a new entry into the HostMatchMapItems array:

vi settings/override/site.ini.append.php
HostMatchMapItems[]=<domain_one><siteaccess_fr>
HostMatchMapItems[]=<domain_two><siteaccess_en>
Posted on

[eZPublish] Clear app cache

To clear eZPublish cache you can use the ezcache.php script, inside the /bin directory.

php bin/ezcache.php --clear-all

For ez4.X add the --purge option too.

To delete only a portion of the cache, use the --clear-tag option:

php bin/ezcache.php --clear-tag=template

You can list all the tags with the --list-tags option.

It’s also possible to delete the cache of a single siteaccess:

php bin/ezcache.php --clear-tag -s automobile_magazine
Posted on

[Apache] Discard QUERY_STRING

Apache_mod_rewrite is a lot of fun but sometime it syntax is very “twisted”. For example let say you want to make a conditional rewrite on the url, query string included. You will probably write something like this:

RewriteCond %{HTTP_HOST} ^www.foobar.com$
RewriteCond %{QUERY_STRING}  ^queryType=3&item=services&itemId=47$
RewriteRule ^/initial/cms/php/workflow.php?$ http://www.foobar.com/Home/Our-services/Business [NC,R=301,L]

Now problem right ? Yep except as the destination url doesn’t have it own query string mod_rewrite will keep the original query string ! Damned. To prevent this, write instead this:

RewriteCond %{HTTP_HOST} ^www.foobar.com$
RewriteCond %{QUERY_STRING}  ^queryType=3&item=services&itemId=47$
RewriteRule ^/initial/cms/php/workflow.php?$ http://www.foobar.com/Home/Our-services/Business? [NC,R=301,L]

or append the QSD flag.

Posted on

[Apache] Basic tips for security

The Debian’s default apache.conf is quite good, but there is some parameters i like to redefine in order to improve security a little:

Disable apache signature

ServerSignature Off
ServerTokens Prod

Disable HTTP trace request

TraceEnable Off

Disable Unnecessary Modules

Look for lines that begin with LoadModule. To disable the module just comment them. Here are some modules that are typically enabled by default but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex.

Posted on

[OpenSSL] Generate a self-signed SSL certificate

First let generate an RSA key for the server:

openssl genrsa -out server.key 2048

Next, for a “true” certificate, we must generate a certificate request (CSR).
But for a self-signed certificate, we can generate it directly like this: 

openssl req -new -days 3650 -key server.key -out server.csr

Here we will generate a x509 certificate valid for ten year. You don’t have to respond to any question beside the “Common Name ( eg, YOUR name )“. Correct value is the domain name you are going to use the certificate for.

Posted on

HTTP return code

  • 200 : request completed
  • 201 : object created, reason = new URI
  • 202 : async completion (TBS)
  • 203 : partial completion
  • 204 : no info to return
  • 205 : request completed, but clear form
  • 206 : partial GET furfilled
  • 300 : server couldn’t decide what to return
  • 301 : object permanently moved
  • 302 : object temporarily moved
  • 303 : redirection w/ new access method
  • 304 : if-modified-since was not modified
  • 305 : redirection to proxy, location header specifies proxy to use
  • 307 : HTTP/1.1: keep same verb
  • 400 : invalid syntax
  • 401 : access denied
  • 402 : payment required
  • 403 : request forbidden
  • 404 : object not found
  • 405 : method is not allowed
  • 406 : no response acceptable to client found
  • 407 : proxy authentication required
  • 408 : server timed out waiting for request
  • 409 : user should resubmit with more info
  • 410 : the resource is no longer available
  • 411 : the server refused to accept request w/o a length
  • 412 : precondition given in request failed
  • 413 : request entity was too large
  • 414 : request URI too long
  • 415 : unsupported media type
  • 500 : internal server error
  • 501 : required not supported
  • 502 : error response received from gateway
  • 503 : temporarily overloaded
  • 504 : timed out waiting for gateway
  • 505 : HTTP version not supported
Posted on

[Apache] LogFormat with X-Forwarded-For

If you use apache behind a reverse-proxy you need to modify the combined log format to use the X-forwarded-For header. Simply replace:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

by

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
Posted on

[Debian] Installing APC

APC is a PHP accelerator (like eAccelerator or XCache) but dedicated for PHP5. It can reduce PHP script runtime by a factor 5 to 10. Unfortunately it’s not packaged in Debian Etch but you can still install it easily using pear’s repositories.

Install PEAR

aptitude install php-pear
aptitude install php5-dev apache2-prefork-dev build-essential

Install APC module

pecl install apc

PEAR configuration

vi /etc/php5/conf.d/apc.ini
extension=apc.so
apc.enabled=1
apc.shm_size=30

Adapt the values depending your applications requirements. Then restart apache. You can check if apc is correctly loaded by creating a page with a phpinfo(); call.