Securing Website through .htaccess behind CloudFlare or CDN

access-denied

By default, when you want to block or allow some IP(s) from your website, you may simply do it as the following rules from .htaccess,

order deny,allow
deny from all
allow from 1.1.1.1
allow from 2.2.2.2

However, if you are using service like CloudFlare or other CDN service, you can not do like this as Apache do not understand your visitor IP.

To do that, you need to do like rules below,

SetEnvIf X-FORWARDED-FOR 1.1.1.1 allow
SetEnvIf X-FORWARDED-FOR 2.2.2.2 allow
order deny,allow
deny from all
allow from env=allow

If you need it for IP ranges or network block such as 1.1.1.0/24, you may do it like,

SetEnvIf X-FORWARDED-FOR "^1\.1\.1\.*" allow
order deny,allow
deny from all
allow from env=allow

cPanel: How to install mod_geoip

There are many ways to install mod_geoip in the web but the easiest way to compile it with cPanel server is to compile it through the easyapache.

To get it done, run the following command as root,

cd /var/cpanel/easy/apache/custom_opt_mods/
wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/custom_opt_mod-mod_geoip.tar.gz
tar -zxf custom_opt_mod-mod_geoip.tar.gz

Next compile it with easyapache,

/scripts/easyapache

Then select the Mod_GeoIP in the Short Options List.

Howto: Password protected a folder from Apache .htaccess

To protect a folder from your website, you may actually use the htpasswd feature available from the server.

To create a password protected folder to /home/user/public_html/important with user named admin, run the following command.

[[email protected] ~]# htpasswd -c /home/user/public_html/.htpasswd admin
New password:
Re-type new password:
Adding password for user admin
[[email protected]ver ~]#

Then, add the following code to your .htaccess file located at /home/user/public_html folder.

AuthUserFile /home/user/public_html/.htpasswd
AuthName "important"
AuthType Basic
Require valid-user

Now, access to your folder with the credential created.

Install and configure AWStats on Centos

Assume that you have Apache installed and it is working, you want to apply AWStats to your Centos server.

1. Install AWStats with yum.
yum install awstats
2. Edit the file named /etc/httpd/conf.d/awstats.conf with line below,

Alias /awstats/icon/ /var/www/awstats/icon/

ScriptAlias /awstats/ /var/www/awstats/

        DirectoryIndex awstats.pl
        Options ExecCGI
        order deny,allow
        allow from all

Alias /awstatsclasses "/var/www/awstats/lib/"
Alias /awstats-icon/ "/var/www/awstats/icon/"
Alias /awstatscss "/var/www/awstats/examples/css"

3. Edit the following line from /etc/awstats/awstats.localhost.localdomain.conf.

SiteDomain="domain.com"
HostAliases="www.domain.com"

4.Rename the configuration file to the correct one,
mv /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.domain.com.conf
5. Update the statistic,
/usr/bin/awstats_updateall.pl now -confdir=”/etc” -awstatsprog=”/var/www/awstats/awstats.pl”

cPanel: Uninstall CloudLinux

It is not hard to install CloudLinux, but you will found more step to uninstall it.

Before you convert CloudLinux back to normal Centos, you shall check if your box come with CloudLinux,
/usr/local/cpanel/bin/cloudlinux_system_install -c

1. Update CentOS RPMs.
yum upgrade -y
2. Rebuild Apache
/usr/local/cpanel/scripts/easyapache –build
3. Reinstall a non-CloudLinux kernel.
yum –disableexcludes=all install kernel
4. Remove the CloudLinux-provided kernel.
rpm -qa |awk ‘/^kernel.*lve/ {print $1|”xargs yum -y erase”}’ Continue reading cPanel: Uninstall CloudLinux

cPanel: Assigned dedicated IP to subdomain

You might want to assign dedicated IP to your subdomain for some reason such as apply SSL to your subdomain.

If you are using cPanel and wish to set dedicated IP to your subdomain, you will find no else where to do that.

However, this could still be able to fix as this article.

Scenario,
– You have domain domain.com and subdomain blog.domain.com.
– You wish to set dedicated IP for blog.domain.com which originally 100.100.100.100 and result as blog.domain.com resolve to 10.0.0.1.

Continue reading cPanel: Assigned dedicated IP to subdomain

Install Memcache with cPanel that running CentOS

I was trying to install Memcache from cPanel from yesterday night but it seems to be sucks when installing from cPanel control panel.

Hence, I am sharing the step as below which I used to compiled manually from the shell.

Create a temporary folder
1. As it is a manually work, you might want to clear the source file after the installation, so create a folder as command below.

mkdir ~/memcache

Install LibEvent
To install memcache, you will need LibEvent, go to their site to get the latest version.

cd ~/memcache
wget http://monkey.org/~provos/libevent-1.4.14b-stable.tar.gz
tar zxvf libevent-1.4.14b-stable.tar.gz
cd libevent-1.4.14b-stable
./configure
make
make install

Install Memcache
Now, install the memcache and get the latest version from their site.

cd ~/memcache
wget http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
tar zxvf memcached-1.4.5.tar.gz
cd memcached-1.4.5
./configure --with-lib-event=/usr/local/
make
make install

Install PHP Memcache
Now, install PECL Memcache and get the latest version.

cd ~/memcache
wget http://pecl.php.net/get/memcache-2.2.6.tgz
tar zxvf memcache-2.2.6.tgz
cd memcache-2.2.6
phpize
./configure
make
make install
vi /usr/local/lib/php.ini

Find the extension as below and if it is not existed, add it in the php.ini.

extension=memcache.so

Restart the Apache services.

service httpd restart

cPanel Fantastico not able to install any apps

Today I found out that the cPanel do not working well with the Fantastico DeLuxe and I have no idea what it is going on at first as there do not have any error from the server.

Symptoms:
1. Fantastico showing installation configuration file and database with ERROR.
2. No web file in the public_html folder.
3. Database is not configured properly(no table and data).

After long time tested and checked. Finally I am able to get some hint from the cPanel error_log.
=================
PHP Warning:  shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1289814352.9866F8Ane8kVMm on line 979
=================

I have immediate go to php.ini file and check for the disable_function and found out shell_exec and system is being listed.

To overcome it, I have putting a semi-colon “;” to the line of disable_function and restart the Apache HTTPD services and it is working fine.

Using URLRewrite mappings in separate file

Nowadays, Programmer rarely know that .Net Framework could actually do the rewrite through the .Net URL Rewrite itself without using the third-party application to call the .htaccess rules from Apache and do not need to use APE to run the rules.

But do you know that with URL Rewrite rules that applied to the web.config file, you could actually call it externally without messed up such as the .htaccess.

By right, the format of the URL rewrite rules could as simply as below.

<rewriteMaps>
<rewriteMap name=”Redirects”>
<add key= “/ oldurl” value=”/newurl” />
<add key= “/ otheroldurl” value=”/othernewurl” />
</rewriteMap>
</rewriteMaps>

You could applied the above rules to your web.config file, however you could do the below calling function from external file.
<rewriteMaps configSource=”rewritemaps.config” />

We named the another file called rewritemaps.config, and you may applied all of the rewrite rules over there.