Archive for the Apache Category

How to Install FFmpeg on CentOS via Yum

Posted in Apache, VPS/Dedicated server on September 18, 2012 by Aparna Murthy

The easiest way to install FFMPEG and other modules is through yum. Following are the steps given to install ffmpeg with yum command.

First we will have to install the DAG RPM repositories which includes amount of rpm packages. It’s very easy. Just install the latest rpmforge-release package for your distribution and architecture.

This will automatically install the configuration and GPG keys that are for safely installing RPMforge packages.

Please select the correct command from the following list:

* Supported Red Hat Enterprise Linux 5 / i386:

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

* Red Hat Enterprise Linux 5 / x86_64:

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Installing FFMPEG.

yum install ffmpeg ffmpeg-devel

Install FFMPEG-PHP Extension

FFmpeg-php is a very good extension and wrapper for PHP which can pull useful information about video through API interface. Inorder to install it you will need to download the source file and then compile and install extension in your server.

cd /usr/local/src

wget http://downloads.sourceforge.net/project/ffmpeg-php/ffmpeg-php/0.6.0/ffmpeg-php-0.6.0.tbz2?use_mirror=nchc

tar -xjf ffmpeg-php-0.6.0.tbz2

phpize

./configure
make
make install

Once you have done that without any problems then you will see the php extension file /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ffmpeg.so and you will need mention that extension in php.ini file.

vi  /usr/local/lib/php.ini OR /etc/php.ini

Put the below two lines at the end of the php.ini file

[ffmpeg]
extension=ffmpeg.so

Then restart apache using — service httpd restart

Installing Mplayer + Mencoder

Just issue the following yum commands to install the rest of the packages.

yum install mplayer mencoder

Installing FlvTool2

Flvtool2 is a flash video file manipulation tool. It can calculate metadata and can cut and edit cue points for flv files.

If you are on Centos 5 try yum install flvtool2 with dag repository and if you get package not found you will need to manually download and compile the flvtool2. You can download latest version of flvtool2 from:-  http://rubyforge.org/projects/flvtool2/

wget http://rubyforge.org/frs/download.php/17497/flvtool2-1.0.6.tgz

ruby setup.rb config
ruby setup.rb setup
sudo ruby setup.rb install

If you get command not found error, it probably means that you dont have ruby installed. Being a cpanel server you can do that using /scripts/installruby OR yum install ruby

You are done!!!!

How to Install Mod_Pagespeed on Centos+cPanel ?

Posted in Apache, Cpanel/WHM with tags on September 2, 2012 by Aparna Murthy

>> What is mod_pagespeed ?

mod_pagespeed is basically an open-source module for Apache which does the task of optimizing the web-pages and its resources. Its an automated process and makes use of the filters for enhancment of web performance by re-writing the resources. Performance enhancement for
Apache HTTP Server can easily be achieved using the module.
Installation ::

1. Login to your server using root login

2. Before you start the installation, make sure “mod_deflate” is enabled via easy apache.

3. Determine the version of your kernel via the command ::

# uname -a

In my case its a 64 bit version

root@server [~]# uname -ar
Linux server.server.com 2.6.18-028stab099.3 #1 SMP Wed Mar 7 15:20:22 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux
4. Once you deteemind the vesion, Go to the directory ::

root@server [~]# cd /usr/local/src

6. Create a directory mod_pagespeed

root@server [~]# mkdir mod_pagespeed
v# cd mod_pagespeed

7. Now download the source of mod_pagespeed using the link ::

>> Link :: http://code.google.com/speed/page-speed/download.html
>> Go to the link :: https://developers.google.com/speed/docs/mod_pagespeed/download
>> Right click on the “mod_pagespeed 64-bit .rpm (CentOS) and copy the link location

NOTE :: Location is :: https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_x86_64.rpm

8 . Download >>

# root@server [~]# wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_x86_64.rpm

9. Install the downloaded RPM ::

# root@server [~]# rpm2cpio mod-pagespeed-beta_current_x86_64.rpm | cpio -idmv

The outpu should be as below ::
root@server [~]rpm2cpio mod-pagespeed-beta_current_x86_64.rpm | cpio -idmv
./etc/cron.daily/mod-pagespeed
./etc/httpd/conf.d/pagespeed.conf
./usr/lib/httpd/modules/mod_pagespeed.so
./var/mod_pagespeed/cache
./var/mod_pagespeed/files
3135 blocks

10. Copy the mod_pagespeed.so to the apache modules ::

root@server [~]# cp /usr/local/src/mod_pagespeed/usr/lib64/httpd/modules/mod_pagespeed.so /usr/local/apache/modules/

And then copy the mod_pagespeed.conf to the apache conf directory ::

root@server [~]# cp /usr/local/src/mod_pagespeed/etc/httpd/conf.d/pagespeed.conf /usr/local/apache/conf/

11. Give permissions ::

root@server [~]# chmod 755 /usr/local/apache/modules/mod_pagespeed.so

12. Create cache files for the mod_pagespeed ::

root@server [~]# mkdir /var/mod_pagespeed/{cache,files} -p

13. Change ownership of cache files ::

root@server [~]# chown nobody:nobody /var/mod_pagespeed/*

>> Mod_pagespeed needs mod_deflate to be loaded in Apache. If it is not loaded tyou can include it using the command below ::
/usr/local/apache/bin/apxs -c -i /home/cpeasyapache/src/httpd-2.2.22/modules/filters/mod_deflate.c

NOTE :: the apache version “httpd-2.2.16” could be change according to your server. In my case its httpd-2.2.22.

14. After that, we’ll have to edit the mod_pagespeed configuration file located at /usr/local/apache/conf/pagespeed.conf to reflect the correct paths,

root@server [~]# vi /usr/local/apache/conf/pagespeed.conf
=================
<IfVersion < 2.4>
LoadModule pagespeed_module /usr/local/apache/modules/mod_pagespeed.so
</IfVersion>
=================

=================
<IfModule !mod_deflate.c>
LoadModule deflate_module /usr/local/apache/modules/mod_deflate.so
</IfModule>
=================

15. After that, we’ll need to include the mod_pagespeed configuration in Apache’s configuration file (/usr/local/apache/conf/httpd.conf):

=================
Include “conf/pagespeed.conf”
=================

In order to keep the changes permanant run the command below ::

root@server [~]#/usr/local/cpanel/bin/apache_conf_distiller –update

This will then ensure that your changes are integrated into the templates which WHM cPanel uses to regenerate the httpd.conf file after an automatic update.

You’re done now restart the apache ::

root@server [~]# service httpd restart

If everything is fine, apache will start normally and as your domains begin to get hits, you will see data being written in to /var/mod_pagespeed/*.

ModSecurity: Rule execution error – PCRE limits exceeded (-8)

Posted in Apache, Cpanel/WHM on December 8, 2010 by Aparna Murthy

Today while working on one of client’s issue of getting blank page while browsing the website and apache error logs were showing following logs (tail -f /usr/local/apache/logs/error_log):

Error :

==============================================================================[Wed 08 12:15:37 2010] [error] [client XX.XX.XX.XX] ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). [hostname “www.testing.com”] [uri “/forum/login.php”] [unique_id “TDMQWW3LaKoAAGiQ0EYAAAAP”]

==============================================================================

Solution :

In order to solve this error I followed the steps given below :

1) Login to the server as root.

2)Go to directory /usr/local/apache/conf.

Run :

# [root@server~] # cd /usr/local/apache/conf
3)Then Create a file “pcre_modsecurity_exceeded_limits.conf” and paste following lines in it.

Run :

# [root@server conf]# vi pcre_modsecurity_exceeded_limits.conf

Code need to be paste :

#——————————

SecPcreMatchLimit 150000

SecPcreMatchLimitRecursion 150000

#——————————
4) Save and quit the file.(Esc+:wq!)

5) Make sure that the permissions assigned for the file are 600.

Run :

#[root@server ~]# chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf

6) Now open the file /usr/local/apachec/conf/modsec2.user.conf .

Run :

# [root@server ~]# vi /usr/local/apachec/conf/modsec2.user.conf

7) Find the line “<IfModule mod_security2.c>“

8 ) Add following line just below the above mentioned line that is “<IfModule mod_security2.c>“
—————————————————–

Include “/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf”

—————————————————–

9)Save and quit the file.(Esc+:wq!)

10) Now just restart your apache and mysql service.

Run :

# [root@server ~]# /etc/init.d/httpd restart

# [root@server ~]# /etc/init.d/mysqld restart
The issue should be fixed now.


Install Mod_Security On Plesk Server(Centos)

Posted in Apache on October 7, 2009 by Aparna Murthy

Install mod_security with YUM. This tool can prevent a lot of problems, file injections, attacks etc to apache.

# wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh
# yum install mod_security

You can get the Free Mod_Security Rules.

# cd /etc/httpd/modsecurity.d/

Download rules:
# wget http://downloads.prometheus-group.com/delayed/rules/modsec-2.5-free-latest.tar.gz

Extract it :

#tar -zxvf modsec-2.5-free-latest.tar.gz

Note: Make sure that 00_asl_rbl.conf, 00_asl_whitelist.conf will be uninstalled, renamed or deleted. You can disable some rules what you do not need or create problems. After you done all with your modification restart the apache.

#/etc/init.d/httpd restart

Have a fun 🙂

How to configure httpd to listen multiple ports?

Posted in Apache on September 5, 2009 by Aparna Murthy

Problem

By default, httpd in Red Hat Enterprise Linux 5 listens on http port 80. In some cases, httpd needs to listen on other http ports besides 80.

Solution :

In the configuration file /etc/httpd/conf/httpd.conf, the “Listen” directive tells the server to accept incoming requests on the specified port. Multiple “Listen” directives may be used to specify a number of ports to listen to.

Modify the configuration file /etc/httpd/conf/httpd.conf to add multiple “Listen” directives.

# Vi etc/httpd/conf/httpd.conf

Example:
Listen 80
Listen 88
Listen 98

Port numbers 80, 88 and 98, in this example, are the ports that httpd would listen to. To make this change effective, restart the httpd service:

# service httpd restart

ou can verify that httpd is listening on all three ports with the command netstat:

# netstat -anp | grep httpd
tcp 0 0 :::80 :::* LISTEN 5278/httpd
tcp 0 0 :::88 :::* LISTEN 5278/httpd
tcp 0 0 :::98 :::* LISTEN 5278/httpd

If your output is similar to the above, the httpd web server is configured to listen on the specified ports. If your browser can not connect to these ports, check the firewall settings on the server or intermediate servers between the client and the httpd server.

Install DDoS Deflate

Posted in Apache on August 24, 2009 by Aparna Murthy

Description:

When you run this Perl script, it will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.

Installing:
chmod 0700 install.sh
./install.sh

Installing:

wget http://www.inetbase.com/scripts/ddos/install.sh

chmod 0700 install.sh

./install.sh

configuration:

The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:

FREQ=1

NO_OF_CONNECTIONS=50

APF_BAN=1

KILL=1

EMAIL_TO=”root”

BAN_PERIOD=600

Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.


Uninstalling:

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos

chmod 0700 uninstall.ddos

./uninstall.ddos

What is Mod_evasive and how to install it on server in order to prevent DDOS Attack.

Posted in Apache on August 17, 2009 by Aparna Murthy

What is Mod_evasive:

One way to stop one of the more basic attacks on a server is mod_evasive.This article will assist you the process of installing and configuring mod_evasive. This apache module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.

Installation :

Follow this commands for Apache 1.3.x.
cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/local/apache/bin/apxs -cia mod_evasive.c

======================================

Follow this commands for Apache 2.0.x.
cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evas/mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c

===========================================

Configuration:

If you are adding the is module to apache 1.3.x the following lines need to be added to the httpd.conf below the AddModule section.

<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>

If you are using apache 2.0.x you need to scroll to below the LoadModule section in the httpd.conf and add the following:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600
</IfModule>

Exit and save out of the httpd.conf

Now it should be ready to go. Exit out of vi and restart apache.

service httpd restart

It is installed 🙂

Note:

DOSHashTableSize

The hash table size defines the number of top-level nodes for each child’s hash table. Increasing this number will provide faster performance by decreasing the number of iterations required to get to the record, but consume more memory for table space. You should increase this if you have a busy web server. The value you specify will automatically be tiered up to the next prime number in the primes list (see mod_evasive.c for a list of primes used).

DOSPageCount

This is the threshhold for the number of requests for the same page (or URI) per page interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.

DOSSiteCount

This is the threshhold for the total number of requests for any object by the same client on the same listener per site interval. Once the threshhold for that interval has been exceeded, the IP address of the client will be added to the blocking list.

DOSPageInterval

The interval for the page count threshhold; defaults to 1 second intervals.

DOSSiteInterval

The interval for the site count threshhold; defaults to 1 second intervals.

DOSBlockingPeriod

The blocking period is the amount of time (in seconds) that a client will be blocked for if they are added to the blocking list. During this time, all subsequent requests from the client will result in a 403 (Forbidden) and the timer being reset (e.g. another 10 seconds). Since the timer is reset for every subsequent request, it is not necessary to have a long blocking period; in the event of a DoS attack, this timer will keep getting reset.

error: No space left on device: mod_rewrite: could not create rewrite_log_lock No space left on device: mod_rewrite: could not create rewrite_log_lock

Posted in Apache on July 11, 2009 by Aparna Murthy

When you see the error: No space left on device: mod_rewrite: could not create rewrite_log_lock No space left on device: mod_rewrite: could not create rewrite_log_lock in your Apache logs or when Apache fails to start, try the following; in your Apache logs or when Apache fails to start.

try the following:

Run:

# ipcs -s

If you see more than 5 of them, you may need to clear them with the following command;

Run:

# ipcs -s | perl -ane ‘/^0x00000000/ && `ipcrm -s $F[1]`’

Restart apache.

Run:

#/etc/init.d/httpd restart