.htaccess URL redirect

# This allows you to redirect your entire website to any other domain
Redirect 301 / http://mt-example.com/

# This allows you to redirect your entire website to any other domain
Redirect 302 / http://mt-example.com/

# This allows you to redirect index.html to a specific subfolder
Redirect /index.html http://example.com/newdirectory/

# Redirect old file path to new file path
Redirect /olddirectory/oldfile.html http://example.com/newdirectory/newfile.html

# Provide Specific Index Page (Set the default handler)
DirectoryIndex index.html


Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives

You can easily hide Apche (httpd) version number and other information. There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules. By setting this to Prod you only displays back Apache as server name and no version number displayed back.

Open your httpd.conf file using text editor such as vi:

vi httpd.conf

Append/modify config directive as follows:

ServerSignature Off
ServerTokens Prod

Save and close the file. Restart Apache web server:

# /etc/init.d/httpd restart


Securing directory using .htaccess file

First make sure your Apache configuration is set for allowing .htaccess. Read this Article first before you move to the next steps.

.htaccess File Creation:

Let's assume /test-dir1 is to be password protected.

$ cd /var/www/html/test-dir1

$ vi .htaccess

Write the following lines into this file:

AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile /etc/httpd/conf/.htpasswd
require user testusr

Telling Apache About Users:
Now we have to inform Apache about the user and its password.

$ htpasswd -c /etc/httpd/conf/.htpasswd testusr

The above command will work if you have htpasswd in your /usr/local/bin and it happens if you install Apache from RPM. /etc/httpd/conf/.htpasswd is the location of file that will contain the authenticated/trusted user password. Continue reading “Securing directory using .htaccess file” »


Apache Web Server .htaccess File functional

.htaccess is Apache's directory-level configuration file. It allows end user to configure authentication and other options without editing main httpd.conf file.

Make sure AccessFileName set to .htaccess

Search httpd.conf for AccessFileName directive. It defines name of the distributed configuration file:

# grep -i AccessFileName httpd.conf

Make sure users are allowed to use .htaccess file

What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives will be honored if they are found in a .htaccess file. If this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.

# grep -i AllowOverride httpd.conf

When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files:

AllowOverride ALL

Save and close the file. Restart httpd:

# service httpd restart


Force HTTPS / SSL using .htaccess and mod_rewrite

Sometimes you may need to make sure that the user is browsing your site over securte connection. An easy to way to always redirect the user to secure connection (https://) can be accomplished with a .htaccess file containing the following lines:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Please, note that the .htaccess should be located in the web site main folder.

In case you wish to force HTTPS for a particular folder you can use:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]

The .htaccess file should be placed in the folder where you need to force HTTPS.


Adjust Apache ServerLimit and MaxClient

MaxClients actually tells the apache to allow this many concurrent clients.

Normally this limit is at 150. You can change this limit by editing your httpd.conf file.

httpd.conf is normally located at /etc/httpd/conf/httpd.conf

nano /etc/httpd/conf/httpd.conf

ServerLimit directive to let the value of MaxClients above 256 work.
By deafult ServerLimit is 256 (and is usually not already there in httpd.conf). If it is in your httpd.conf increase it above 256 or if it is not there add it in your httpd.conf Continue reading “Adjust Apache ServerLimit and MaxClient” »


Windows Apache SSL

Step 1 – What You Need

A copy of Apache that includes SSL support.
A copy of OpenSSL.
An openssl.cnf file.

The copy of Apache that I had installed on my machine did not include SSL support, so I moseyed on down to the Apache download page. You’ll notice on that page that there are files named something like apache_2.2.11-win32-x86-openssl-0.9.8i.msi, as well as files named something like apache_2.2.11-win32-x86-no_ssl.msi. You need to have the openssl version installed, not the no_ssl version (duh). I couldn’t find any reliable info on manually adding SSL support to a no_ssl install, so I simply downloaded the most up-to-date version of the openssl installer and ran it. It successfully upgraded my version of Apache without overwriting any of my existing config files.

The nice thing about that installer is that it includes a copy of OpenSSL, so you don’t need to download that separately.

Finally, you need an openssl.cnf file, which doesn’t come with the package. I downloaded one that works from Neil’s site. If that link is broken you can find a copy attached to this blog post. I have Apache installed in C:\Apache\, which means that I can find OpenSSL in C:\Apache\bin\, so I copied the openssl.cnf file into that directory.
Step 2 – Create a Self-Signed Certificate

This step will create a number of files related to your certificate. Each of those files has the same name, with a different extension. In the example commands below I’ve used the name bob. Feel free to replace that with anything you like.


Setting up an Apache Web Server as a proxy in front of EJBCA

This section will show you how to use an Apache Web Server Proxy in front of EJBCA. The resulting server will

  • Display EJBCA public web at https://ca-server.company.local/
  • Redirect all HTTP-requests to HTTPS, except for OCSP and CRL.
  • Require a client SSL certificate when accessing https://ca-server.company.local/adminweb/
  • Be able to loadbalance requests
  • Still answer to requests on https://ca-server.company.local/ejbca/*

This example was created on Ubuntu 64-bit Server 7.10 using the Apache Web Server 2.2 package, but should be easy to adapt to any system able to run Apache.

Start by installing EJBCA as normal. If you intend to have the CA on the same machine as the proxy you should modify $EJBCA_HOME/conf/web.properties to only listen to localhost Continue reading “Setting up an Apache Web Server as a proxy in front of EJBCA” »


Deploying a J2EE application behind an Apache server in a production environment

You have created a Web application using a JBoss application server and you are going to put it in production. Great!

But deploying your application with JBoss serving the Web requests directly may not be the optimal solution. First because the Tomcat web server embedded within JBoss is not the best server to serve static files and second because configuring Tomcat and JBoss for best performance and security is in general a complex and tedious task.

Instead, it is a good practice to use an Apache server (2.0 or 2.2) in front of your JBoss/Tomcat. This Apache server can serve static files, take care of your SSL security and manage for you all the details of HTTP headers (Expires and other headers) and more….

In a production environment, you should not put your JBoss application as a Web front-end. Instead, you should use an Apache server and configure it to redirect specific Web application requests to your J2EE server. There are many many advantages in doing this:

    The Apache server can serve static files (CSS, images, javascript files) faster than JBoss/Tomcat.
    When you need it, you can activate SSL on Apache without having to change your application.
    The Apache SSL implementation is faster compared to the Tomcat implementation (and a lot easier to configure!).
    You can have a better control of HTTP headers. No need to develop any servlet filter for that.
    You can get compression out of the box. No need to develop another servlet filter either (no need to configure Tomcat connector either!).

I assume here that the Apache server is already installed with the following modules and these modules are enabled. Continue reading “Deploying a J2EE application behind an Apache server in a production environment” »


mod_jk for RHEL6


If you have a RHEL6 box which ships both Apache and Tomcat6 you might want to connect the two together. You probably have looked around for mod_jk as a RHEL6 RPM or SRPM (src.rpm).

You find that It isn't in EPEL, and it isn't in Red Hat Optional Server 6 RHN channel, etc.

It seems that the new way forward with RHEL/Fedora world is to use mod_proxy_ajp. For example, the RH/Fedora project Spacewalk switched from mod_jk to mod_proxy_ajp.

Note that mod_proxy_ajp is a core module of Apache 2.2 and newer so this should be a rather definitive/final change in recommended connector for Tomcat and Apache. Continue reading “mod_jk for RHEL6” »