CyberKeeda In Social Media
Showing posts with label HTTP. Show all posts
Showing posts with label HTTP. Show all posts

How to Install OCi8 extension within PHP and Apache



Necessity is the mother of Invention ( * googling ).

I get to know this how to install oci8 from various blogs and forums, hence consolidated all the points from different blogs and forums, so that you don't have to look for it.

Oracle extension has a dependency of Oracle Client Packages.

Download the oracle client packages from Oracle Offcl website


I have downloaded the below mentioned packages

oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
oracle-instantclient12.1-basiclite-12.1.0.2.0-1.x86_64.rpm
oracle-instantclient12.1-devel-12.1.0.2.0-1.x86_64.rpm
oracle-instantclient12.1-odbc-12.1.0.2.0-1.x86_64.rpm
oracle-instantclient12.1-sqlplus-12.1.0.2.0-1.x86_64.rpm

Ignore the package conflicts between old and new, hence use U with rpm

# rpm -Uvh oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm
# rpm -Uvh  oracle-instantclient12.1-basic-12.1.0.2.0-1.x86_64.rpm

Same way, install the remaining packages too.

Once done, confirm the ORACLE_HOME as it will be required for oci8 installation

# echo $ORACLE_HOME

If it shows the old versions path as 10.1 or 9.01 path or any other, atleast for the installation we have to set the path temporarily to new location where Oracle client package exists

Set environment variable temporarily for Oracle clinet 12 version

# export ORACLE_HOME="/usr/lib/oracle/12.1/client64/"

Verify using command

# echo $ORACLE_HOME

It must show  /usr/lib/oracle/12.1/client64/

-* It might be even required to set the set the LD_LIBRARY_PATH

# export LD_LIBRARY_PATH=/usr/lib/oracle/12.1/client64/lib


*** Remember it is temporary environment variable not permanent, once user exits from the terminal it will show the permanent path

You can set the permanent path in bash environment files.

Installation of oci8 package from PECL.
Now Download the oci8 packages from Pecl official website


Remember, you must download the linux package with an extension of tgz else pecl will not recognize the package provided to it for installation.


Run the last command to install and enable oci8 extension.
# pecl install  oci8-2.0.5.tgz 

If the installation completed successfully, locate your php.ini and add the following line.

extension=oci8.so

#locate php.ini

In my case, i found it within /usr/local/lib/php.ini, run the below command to add the above line

# echo "extension=oci8.so" >>  php.ini

That’s it !!! Enough

But for me, it was not even enough for the installation I got some additional errors as

checking Oracle ORACLE_HOME install directory... /usr/lib/oracle/12.1/client64/lib/
checking ORACLE_HOME library validity... configure: error: Expected an ORACLE_HOME top level directory but /usr/lib/oracle/12.1/client64/lib/ appears to be an Instant Client directory. Try --with-oci8=instantclient,/usr/lib/oracle/12.1/client64/lib/
ERROR: `/var/tmp/oci8/configure --with-oci8=/usr/lib/oracle/12.1/client64/lib/' failed

Here is the fix for it, again a temporary path for PECL

# echo "instantclient,/usr/lib/oracle/12.1/client64/lib" | pecl install oci8-2.0.5.tgz

Here I just passed , what it is asking for :)

Confirm the same, using phpinfo.php page you must get a category of oci8 extension like the below mentioned screenshot.



Read more ...

How to enable PHP LDAP module / extension in XAMP



Before proceeding,do check whether LDAP module is enabled by default or not, you can verify the same using phpinfo.php page.

To check create the a php file within htdocs folder as phpinfo.php

create a notepad file and rename it as phpinfo.php

paste the below mentioned code into it and save it into  htdocs folder

<?php
        phpinfo();
?>


Open the browser and hit, https://localhost/phpinfo.php

If you find the below mentioned screenshot, Well !!! you don't need to do anything PHP_LDAP module is already enabled within your XAMP server.



Now, if you can't find anything like that just follow the steps.


  • Change directory to C :  -- xampp -- php

  • Find and Copy the listed files 
  1.      libeay32.dll
  2.      libsasl.dll
  3.      ssleay32.dll
  • Copy into C:\Windows\System32

  • Now again toggle / change directory into C :  -->  xampp -->  php
  • Find and open file named   php.ini 
  • Again find and UnComment the below mentioned line to enable it.
       ;extension=php_ldap.dll


and make it look like the below screenshot by removing the  ;
to look it as extension=php_ldap.dll


Now restart Apache from XAMP control pannel



Read more ...

Configuring A High Availability Cluster (Heartbeat) On CentOS

This guide shows how you can set up a two node, high-availability HTTP cluster with heartbeat on

CentOS. Both nodes use the Apache web server to serve the same content.

Pre-Configuration Requirements

1. Assign hostname node01 to primary node with IP address 10.64.61.80 to eth0.

2. Assign hostname node02 to slave node with IP address 10.64.61.81.

Run the commands now...

Note: on node01

#uname –n

must return node01.

On node02

#uname –n

must return node02.

10.64.61.82 is the virtual IP address that will be used for our Apache webserver (i.e., Apache will

listen on that address).

Configuration

1. Download and install the heartbeat package. In our case we are using CentOS so we will install heartbeat with yum:

#yum install heartbeat

or download these packages:

heartbeat-2.08

heartbeat-pils- 2.08

heartbeat-stonith- 2.08

2. Now we have to configure heartbeat on our two node cluster. We will deal with three files. These are:

authkeys

ha.cf

haresources

3. Now moving to our configuration. But there is one more thing to do, that is to copy these files to the /etc/ha.d directory. In our case we copy these files as given below:

#cp /usr/share/doc/heartbeat-2.1.2/authkeys /etc/ha.d/

#cp /usr/share/doc/heartbeat-2.1.2/ha.cf /etc/ha.d/

#cp /usr/share/doc/heartbeat-2.1.2/haresources /etc/ha.d/

4. Now lets start configuring heartbeat. First we will deal with the authkeys file, we will use authentication method 2 (sha1). For this we will make changes in the authkeys file as below.


#vi /etc/ha.d/authkeys

Then add the following lines:

auth 2
2 sha1 test-ha

Change the permission of the authkeys file:

chmod 600 /etc/ha.d/authkeys

5. Moving to our second file (ha.cf) which is the most important. So edit the ha.cf file with vi:

#vi /etc/ha.d/ha.cf

Add the following lines in the ha.cf file:

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node node01
node node02

Note: node01 and node02 is the output generated by #uname -n

6. The final piece of work in our configuration is to edit the haresources file. This file contains theinformation about resources which we want to highly enable. In our case we want the webserver (httpd) highly available:


#vi /etc/ha.d/haresources

Add the following line:

node01 10.64.61.82 httpd

7. Copy the /etc/ha.d/ directory from node01 to node02:

#scp -r /etc/ha.d/ root@node02:/etc/

8. As we want httpd highly enabled let&#39;s start configuring httpd:

#vi /etc/httpd/conf/httpd.conf

Add this line in httpd.conf:

Listen 10.64.61.82:80

9. Copy the /etc/httpd/conf/httpd.conf file to node02:

#scp /etc/httpd/conf/httpd.conf root@node02:/etc/httpd/conf/

10. Create the file index.html on both nodes (node01 &amp; node02):

On node01:

echo &quot;node01 apache test server&quot; &gt; /var/www/html/index.html

On node02:

echo &quot;node02 apache test server&quot; &gt; /var/www/html/index.html


11. Now start heartbeat on the primary node01 and slave node02:

#/etc/init.d/heartbeat start

12. Open web-browser and type in the URL:

http://10.64.61.82

It will show node01 apache test server.

13. Now stop the hearbeat daemon on node01:

#/etc/init.d/heartbeat stop

In your browser type in the URL http://10.64.61.82 and press enter.

It will show node02 apache test server.

14. We don't need to create a virtual network interface and assign an IP address (10.64.61.82)

to it. Heartbeat will do this for you, and start the service (httpd) itself. So don;t worry about

this.

Don't use the IP addresses 10.64.61.80 and 10.64.61.81 for services. These addresses are used

by heartbeat for communication between node01 and node02. When any of them will be used

for services/resources, it will disturb hearbeat and will not work. Be carefull!!!

Read more ...

Protect your website from DDOS attacks using apache modules ( mod_evasive )



Below mentioned apache module is quiet famous in terms of security


mod_evasive


mod_evasive works very efficiently, it takes one request to process and processes it very well. It prevents DDOS attacks from doing as much damage. This feature of mod_evasive enables it to handle the HTTP brute forceand Dos or DDos attack. This module detects attacks with three methods.
  1. If so many requests come to a same page in a few times per second.
  2. If any child process trying to make more than 50 concurrent requests.
  3. If any IP still trying to make new requests when its temporarily blacklisted.
Find and un comment the line within your http.conf file to make it as
LoadModule evasive20_module modules/mod_evasive24.so

Read more ...

Protect website from brute force attacks using apache modules ( mod_security )



Below mentioned apache module is quiet famous in terms of security

mod_security


  • It works as a firewall and it is used to monitor real traffic
  • It protects websites from brute force attack
Install on Redhat/CentOS
       # yum install mod_secuirty
       # service httpd restart

Find and un comment the line within your http.conf file to make it as

LoadModule security2_module modules/mod_security2.so

          


    Read more ...

    Basic Apache Server Hardening



    These are few modules within Apache ( httpd ) daemon which are supposed to be commented with respect to various Security concern


    Don't give away too much information about all the sub components  we are running. Comment out this line if you don't mind remote sites
    finding out what major optional modules you are running and edit or comment it.

    Hide OS and Apache Version

    • ServerTokens OS    

               Make it  ---- ServerTokens Prod


    • ServerSignature On

               Make it  ---   ServerSignature Off

    Disable listing of Directories and Files

    By default Apache Lists all directories within html directory

    Append these lines within http.conf file to disable listing of directories and files


    <Directory /var/www/html>
        Options -Indexes
    </Directory>
    Read more ...

    Flush or Clear Varnish Cache without restarting Vanish server



    I believe Linux Folks and developers create a cheat code to apply each effect without restarting the server.
    So on Varnish Server too have a command to flush all cache without restarting at all
    varnishadm -T 127.0.0.1:6082 url.purge .
    
    That will flush the cache.
    Read more ...

    Varnish Cache Server Configuration





    Varnish is now installed under the /usr/local directory.
    The full path to the main binary is /usr/local/sbin/varnishd.
    The default configuration file is /usr/local/etc/varnish/default.vcl.



    You can start Varnish by running the varnishd binary. Before you can do that though, you have to tell Varnish which back-end server it's caching for. Let's specify the back end in the default.vcl file. Edit the default.vcl file as shown below, substituting the values for those of your Web server:

    Note -:  Important is 1st to Change your Apache's http.conf  Listen port to 8080 

    I assume varnishd is in your path. You might want to run pkill varnishd to make sure varnishd isn't running. Become root and type:


    [root@cyberkeeda etc]# vim /usr/local/etc/varnish/default.vcl

     backend default {
         .host = "127.0.0.1";
         .port = "8080";
     }

    # pkill varnishd

    Now you can start Varnish with this command:

    [root@cyberkeeda etc]# /usr/local/sbin/varnishd -f /usr/local/etc/varnish/default.vcl -a :6081 -P /var/run/varnish.pid -s malloc,256m

    Here Apache is using Varnish Cache using port 6081 -- http:/localhost:6081

    The moment you want to move it under production replace it by port 80

    # pkill varnishd

    [root@cyberkeeda etc]# /usr/local/sbin/varnishd -f /usr/local/etc/varnish/default.vcl -a :80 -P /var/run/varnish.pid -s malloc,256m

    Now you can directly open --: http://localhost


    If you installed Varnish from your package manager, it may be running already. In that case, you can stop it first, then use the command above to start it manually. Otherwise, the options it was started with may differ from those in this example. A quick way to see if Varnish is running and what options it was given is with the pgrep command:
    
    /usr/bin/pgrep -lf varnish
    
    Varnish now will relay any requests it receives to the back end you specified, possibly cache the response, and deliver the response back to the client. Let's submit some simple GET requests and see what Varnish does. First, run these two commands on separate terminals:
    
    /usr/local/bin/varnishlog
    /usr/local/bin/varnishstat
    
    
    To view communication between Varnish and the client (omitting the back end):
    
    /usr/local/bin/varnishlog -c
    
    To view communication between Varnish and the back end (omitting the client):
    
    /usr/local/bin/varnishlog -b
    
    To view the headers received by Varnish (both the client's request headers and the back end's response headers):
    
    /usr/local/bin/varnishlog -i RxHeader
    
    Same thing, but limited to just the client's request headers:
    
    /usr/local/bin/varnishlog -c -i RxHeader
    
    Same thing, but limited to just the back end's response headers:
    
    /usr/local/bin/varnishlog -b -i RxHeader
    
    To write all log messages to the /var/log/varnish.log file and dæmonize:
    
    /usr/local/bin/varnishlog -Dw /var/log/varnish.log
    
    To read and display all log messages from the /var/log/varnish.log file:
    
    /usr/local/bin/varnishlog -r /var/log/varnish.log

    Read more ...

    Vulnerabilities : HTTP TRACE Method Enabled Fix.

    Here I believe you too have been forced by your Vulnerability Scanner to look for it :)



    Normally you will have this enabled by default, but if you want to test if it is really enabled on your server you just have to telnet on the port your web server is running and request for “TRACE / HTTP/1.0” if you get a positive reply it means TRACE is enabled on your system. The output of a server with TRACE enabled will look like:

    telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. TRACE / HTTP/1.0

    HTTP/1.1 200 OK Date: Sat, 20 Oct 2015 20:39:36 GMT


    Disable HTTP TRACE Method for Apache.



    Method - 1

    Add this lines to your httpd.conf file.

    RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

    Method - 2
    Applies: apache 1.3.x / apache 2.0.x Required apache module

    Add the below mentioned line to your httpd.conf file

    TraceEnable off








    Read more ...
    Designed By Jackuna