Apache Tips & Tricks

Security Tips | Logging | mod_rewrite | mod_ssl

Tips and tricks for Apache 1.3. See also mod_perl logging notes.

Security Tips

Logging

Use httplog to automatically write logs into files by date. This avoids problems with traditional log rotation methods.

mod_rewrite

The mod_rewrite module allows flexible Uniform Resource Locator (URL) handling. Apache will need to be compiled with mod_rewrite support or the module loaded dynamically.

$ httpd -l | grep mod_re
mod_rewrite.c

<IfModule mod_rewrite.c>
RewriteEngine on

?
</IfModule>

Uses of mod_rewrite include presenting clean URL to external visitors. Some web applications make use of ? in the URL; with mod_rewrite, this can be renamed. With ? (or cgi-bin) removed from the URL, web proxies like squid can cache the pages.

hierarchy_stoplist cgi-bin ?

Additional mod_rewrite tips:

mod_ssl

Disable old Transport Layer Security (TLS) protocols and weak ciphers by default. This may block outdated clients.

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:-SSLv2:-RC4:+EXP

Encryption types allowed by the SSLCipherSuite statement can be listed with the OpenSSL ciphers utility.

$ openssl ciphers 'ALL:!ADH:!EXPORT56:+HIGH:+MEDIUM:-SSLv2:-RC4:+EXP' \
| perl -ple 's/:/\n/g'