Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

Apache Webserver

News Web servers Recommended Books Recommended Links .htaccess file mod rewrite Troubleshooting
Modules mod rewrite mod_security Apache .htaccess file Using deny directive in apache .htaccess Referrer Spam Apache Security
Installation Startup and shutdown Perl HTTP Logs Processing Scripts Apache authentication and authorization using LDAP     Server Side Includes (SSI)
HTTP Return Codes Using Apache 1.3 with Cygwin Compiling Apache 1.3 on AIX Compiling Apache 2.2.8 on AIX Content management Cheap Web hosting with SSH access Web site monitoring
Sysadmin Horror Stories The Corporate Jungles Of Cubonia  Communication Skills and Basic Competencies Courses for Programmmer's Wives Ten Commandments of the IT Slackers Society Humor Random Findings Etc

The Apache  Web Server was originally created in 1995. It was based on the earlier NCSA server, written by the National Center for Supercomputing Applications (which also developed the Mosaic browser, predecessor to most of today's browsers, with a direct line to Netscape and Mozilla).

Apache runs as a permanent background task: a daemon (UNIX) or service (Windows). Start-up is a slow and expensive operation, so for an operational server, it is usual for Apache to start at system boot and remain permanently up. Early versions of Apache had documented support for an inetd  mode (run from a generic superserver for every incoming request), but this mode was never appropriate for operational use.

The first applications development framework were dominated by Perl, under both CGI and mod_perl. Application developers concentrated on Perl, because mod_perl  presented the first really useful and easy-to-use API. The Java Servlet API and numerous other scripting languages, including the current market leader PHP, soon followed.

The native API is much improved and the APR library is a separate entity. This helps programmers overcome most of the drawbacks of C programming—in particular, the problems of cross-platform programming and resource management. Working with Apache  2, C programmers can expect levels of productivity more commonly associated with higher-level and scripting languages.

The downside of Apache 2 is that the API is not backward compatible with Apache 1.3, so many third-party modules and applications have been slow to upgrade to version 2.

Apache config file consists of directives in plain text configuration files. The main configuration file is usually called httpd.conf. The location of this file is set at compile-time, but may be overridden with the -f command line flag. Some sites also have srm.conf and access.conf files for historical reasons. In addition, other configuration files may be added using the Include directive. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache when it is started or restarted.

Starting with Apache 1.3.13 any configuration file can actually be a directory, Apache will enter that directory and parse any files (and subdirectories) found there as configuration files. One possible use for this would be to add VirtualHosts by creating small configuration files for each host, and placing them in such a configuration directory. Thus, you can add or remove VirtualHosts without editing any files at all, simply adding or deleting them. This makes automating such processes much easier.

The server also reads a file containing mime document types; the filename is set by the TypesConfig directive, and is mime.types by default.

Apache configuration files contain one directive per line. The back-slash "\" may be used as the last character on a line to indicate that the directive continues onto the next line. There must be no other characters or white space between the back-slash and the end of the line.

Directives in the configuration files are case-insensitive, but arguments to directives are often case sensitive. Lines which begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on a line after a configuration directive. Blank lines and white space occurring before a directive are ignored, so you may indent directives for clarity.

You can check your configuration files for syntax errors without starting the server by using apachectl configtest or the -t command line option.

Related Modules

Related Directives


Apache is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately and added at any time using the LoadModule directive. Otherwise, Apache must be recompiled to add or remove modules. Configuration directives may be included conditional on a presence of a particular module by enclosing them in an <IfModule> block.

To see which modules are currently compiled into the server, you can use the -l command line option.

Related Directives


Directives placed in the main configuration files apply to the entire server. If you wish to change the configuration for only a part of the server, you can scope your directives by placing them in <Directory>, <DirectoryMatch>, <Files>, <FilesMatch>, <Location>, and <LocationMatch> sections. These sections limit the application of the directives which they enclose to particular filesystem locations or URLs. They can also be nested, allowing for very fine grained configuration.

Apache has the capability to serve many different websites simultaneously. This is called Virtual Hosting. Directives can also be scoped by placing them inside <VirtualHost> sections, so that they will only apply to requests for a particular website.

Although most directives can be placed in any of these sections, some directives do not make sense in some contexts. For example, directives controlling process creation can only be placed in the main server context. To find which directives can be placed in which sections, check the Context of the directive. For further information, we provide details on How Directory, Location and Files sections work.

.htaccess Files

Apache allows for decentralized management of configuration via special files placed inside the web tree. The special files are usually called .htaccess, but any name can be specified in the AccessFileName directive. Directives placed in .htaccess files apply to the directory where you place the file, and all sub-directories. The .htaccess files follow the same syntax as the main configuration files. Since .htaccess files are read on every request, changes made in these files take immediate effect.

To find which directives can be placed in .htaccess files, check the Context of the directive. The server administrator further controls what directives may be placed in .htaccess files by configuring the AllowOverride directive in the main configuration files.

For more information on .htaccess files, see Ken Coar's tutorial on Using .htaccess Files with Apache, or the .htaccess tutorial in the Apache docs.

Top Visited
Past week
Past month


Old News

[Oct 21, 2017] Apache2 mod_rewrite and %{REQUEST_FILENAME} - Sysadmandine

February 23, 2010 admin
Notable quotes:
"... I must admit I read the description for REQUEST_FILENAME in apache2.2 several times before noticing that it was just the answer too used to read too fast! Thanks to this old post that made me re-read slower ! ..."
Oct 21, 2017 |

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^/(.*)$ /index.php?rt=$1 [L,QSA]

This means : if the requested file is not a real file, and isn't a directory, and isn't a symlink, then redirect to index.php.

I was really surprised to discover that it doesn't work. Though, everybody seems to use this syntax ! I checked my apache version : Apache/2.2.9 (Debian), nothing special with this one I guess.
To understand what Apache was doing with my rewrites, I activated the rewrite log :

RewriteLog /var/log/apache2/rewrite.log

Here's what I got (the interesting part, cause I got a looot more !) :

[blah blah blah] (2) init rewrite engine with requested uri /toto.htm
[blah blah blah] (3) applying pattern '^/(.*)$' to uri '/toto.htm'
[blah blah blah] (4) RewriteCond: input='/toto.htm' pattern='!-f' =&gt; matched
[blah blah blah] (4) RewriteCond: input='/toto.htm' pattern='!-d' =&gt; matched
[blah blah blah] (4) RewriteCond: input='/toto.htm' pattern='!-l' =&gt; matched
[blah blah blah] (2) rewrite '/toto.htm' -&gt; '/index.php?rt=toto.htm'

So apaches verifies only '/toto.htm' and not the whole path for "%{REQUEST_FILENAME}"? I thought though it was the whole path let's verify in the doc.
From , by habit (cause I used apache 2.0 a lot more than apache 2.2 from now on) :

REQUEST_FILENAME : The full local filesystem path to the file or script matching the request.

Hmm. But I use apache version 2.2, so what do they say here :

REQUEST_FILENAME : The full local filesystem path to the file or script matching the request, if this has already been determined by the server at the time REQUEST_FILENAME is referenced. Otherwise, such as when used in virtual host context, the same value as REQUEST_URI.


REQUEST_URI : The resource requested in the HTTP request line. (In the example above, this would be "/index.html".)

Ok, I understand, I use virtual hosts (like everybody, uh?), so the real syntax for my needs is :

RewriteRule ^/(.*)$ /index.php?rt=$1 [L,QSA]

This works even if it doubles the "/" between each variable (one / at the end of DOCUMENT_ROOT, and another at the beginning of REQUEST_FILENAME).

Here's the rewrite log showing that it works :

[blah blah blah] (2) init rewrite engine with requested uri /toto.htm
[blah blah blah] (3) applying pattern '^/(.*)$' to uri '/toto.htm'
[blah blah blah] (4) RewriteCond: input='/path/to/documentroot//toto.htm' pattern='!-f' =&gt; not-matched
[blah blah blah] (1) pass through /toto.htm

Now I can disable this log if I want to keep space on my disk.

I must admit I read the description for REQUEST_FILENAME in apache2.2 several times before noticing that it was just the answer too used to read too fast! Thanks to this old post that made me re-read slower ! 😉

[Mar 22, 2011] Google Speeds Up the Web with Apache Web Server Module -

Google this week launched the mod_pagespeed module for the Apache 2.2 web server. What mod_pagespeed promises is up to 50 percent improvement on page load times, by using more than 15 optimizations to accelerate website delivery. Currently, the mod_pagespeed technology is officially listed as the 0.9 Developer Preview version, although that shouldn't dissuade website administrators from trying it out.

"We expect that web masters and web developers will do their testing before turning it to production," Richard Rabbat, product manager at Google told "A number of websites have already starting using it in their production systems and have tweeted about it."

Apache troubleshooting tips

Is your server actually running?

Believe it or not, this has happened to plenty of administrators. You take the server down, do some maintenance, and when you go to check out the server you're getting errors. The first thing you do, naturally, is check out that /etc/apache2/apache.conf file to make sure your syntax is correct. But it's perfect! What's up? The first thing you might want to check is to make sure the server is running. But you don't want to just issue the command to start the server or reload the server. Instead, issue the command:

sudo /etc/init.d/apache2 status

Which should return something like:

* apache is running (pid 9751).

If not, start the server with either:

sudo /etc/init.d/apache2 start


sudo apache2ctl start

NOTE: If you are using a distribution like Fedora, SuSE, or Mandriva you will need to first su to the root user and issue the above commands WITHOUT using sudo.

It's not running and it won't start

Did you just make changes to your Apache configuration file? Are the changes correct? If you're not sure, you can use the apache2ctl command to check the syntax of your configuration file. This is done with the command:

sudo apache2ctl configtext

The above command should report:

Syntax OK

If you don't get an OK, you will get information that points to the errors in your configuration file.

Apache wants to download .php files!

This is another common issue. When you add a new tool on your web server (such as Drupal), if your configuration file is set up properly, any .php file might not be displayed. Instead any attempt to view a .php file will instead have your browser trying to download the file. Why is this? Apache must be informed that certain extensions are to be displayed, not downloaded. This is done from within the Apache configuration file. Open up that file (in the Ubuntu server it will be /etc/apache2/apache2.conf) and first look for the following line:

DirectoryIndex index.html

If that file doesn't include index.php nearly all sites that use php will be rendered useless.

The second line to look for is:

AddHandler application/x-httpd-php .php

If you find this line, and it is commented out, make sure you uncomment it by removing the "#" character. If it is not there add it to the bottom of the configuration file.

And, as always, when you make a change to the configuration file, restart Apache.

Know where to look for problems

Finally, it is crucial that you know where to first turn when the above doesn't help you out. Any time I have an issue with Apache where Occam's Razor does not apply, the first place I turn is the log files.

If you look in /var/log/apache2 you will find, at least, the following files:

Of course, as your site evolves so will your available log files. Regardless of what you find in /var/log/apache2, that is where you should always first turn when you have problems. Even before you google.

Final thoughts

Now you should be able to handle some of the more common issues with the Apache server. And if your problem isn't common, you also know where to turn to find clues that will lead you down the right path to correction.

[Jun 20, 2008] root@nti2273/ # find / -name "*.phtml"


[Jun 20, 2008] root@nti2273/apache/cgi-bin # ll

total 9584
drwxr-xr-x 2 www ahdsup 4096 Feb 8 2003 ./
drwxr-xr-x 15 sys sys 4096 Mar 26 2007 ../
-rwxr-xr-x 1 ahd system 3570 Feb 11 2002*
-rwxr-xr-x 1 ahd system 1618327 Feb 11 2002 pdm_cgireport*
-rwxr-xr-x 1 ahd system 3217366 Feb 11 2002 pdm_graph*
-rwxr-xr-x 1 root ahdsup 10250 Feb 11 2002 pdmcgi*
-rwxr-xr-x 1 root ahdsup 8159 Feb 8 2003 pdmcgi.ahd45*
lrwxrwxrwx 1 root ahdsup 6 Apr 28 16:42 pdmcgi02@ -> pdmcgi*
lrwxrwxrwx 1 root ahdsup 6 Apr 28 16:42 pdmcgi_cat@ -> pdmcgi*
-rwxr-xr-x 1 www ahdsup 120 Jun 29 2000 printenv*
-rwxr-xr-x 1 www ahdsup 757 Apr 7 1999 test-cgi*
-rwxr-xr-x 1 ahd system 21712 Feb 11 2002*

[Jun 20, 2008] How to see what modules are compiled: ./httpd -l

root@nti2273/home/bezroun/Apache/bin #
Compiled in modules:

[Dec 28, 2006] Apache and Lighttpd server send error 503 when web site is under maintenance

(nixCraft)When you are updating website you may need to send error 503 to client. Error 503 indicates that web server is temporary out of service or down. This is useful if you are running popular database driven website such as a forum or e-commerce site. So when the site is under maintenance you can send user a good message indicating that site is down for some work.

This tip will help you to disable a site for maintenance using mod_rewrite without redirecting url.

Both Lighttpd and Apache webserver allows you to send this message to client using server side rewriting using mod_rewrite and php.

Error 503 means
=> Server is too busy to serve your request
=> Server is slashdotted or dugg to death
=> Server is forced to send this message etc

But why to send error 503?
Error 503 informs search engine that site is temporary out of service. This is quite important for site which is heavily depends upon search engine for selling products and services.

[Dec 21, 2006] Solaris Open Source Stack (SAMP=Solaris 10 OS, Apache 2.0.52, MySQL 5.0, and PHP 5) Quick-Start guide by Viet Pham

November 2006 (Bigadmin) This guide serves as a starting point for users to install, configure, and perform basic tuning of the open source stack SAMP (Solaris 10 OS, Apache 2.0.52, MySQL 5.0, and PHP 5). The article also covers PostgreSQL and Tomcat. The Solaris Zones feature (part of Solaris Containers technology in the Solaris 10 OS) is discussed to help users with scalability in mind.

Download the document as PDF.

[Nov 25, 2006] David's blog/FastCGI becoming the new leader in server technologies?

Until now FastCGI was behind mod_php, java and mod_perl in terms of popularity among web server administrators and web developers. But times have changed and changed for good.

In the early days of web development when the CGI interface was the leader and web servers were quite slow, developers felt that they needed a faster server technology, that can be used to run their web applications on high-traffic web sites. The solution to the problem seemed obvious – the developers had to take their CGI-based code and put it into the web server process.

With this solution, the operating system didn't have to start a new process every time a request had been received, which is very expensive, and you could write your application with a persistent functionality in mind and ability to cache data between several different http requests.

These were the days when some of the most popular web server APIs were born – Internet Information Server's ISAPI, Netscape Server's NSAPI, and Apache's module API. This trend created some of the best known and quite often used technologies in web development like mod_php, mod_python, java servlets (and later jsp), asp. But the conception that stays behind these technologies is not flawless. There are many problems with applications that run inside your average web server.

For example mod_perl's high memory usage per child process can suck the available ram, php's problems with threads can kill the whole web server, and many security problems arising from the fact that the most popular web server (Apache) can't do simple things like changing the OS user it executes the request with. For quite some time there have been solutions, like putting a light-weight proxy server in front of apache, installing third-parity software for IIS or using php's safe mode and OpenBasedir (Oh GOD!) on apache, but these are not elegant and pose other problems on their own. Also the hardware progress in the last few years made the server modules obsolete.

In the mean time, when the server modules were gaining glory and fame, a little-known technology with a different conception and implementation was born. It was called FastCGI and the basic problem it was designed to solve was to make CGI programs run faster. Later, it became clear that FastCGI solves many other problems and design flaws that the server modules had.

How FastCGI works?
FastCGI runs in the web server process, but doesn't handle the request itself. Instead it manages a pool of the so-called FastCGI servers outside of the web server process and when a request arrives, the FastCGI manager sends the http data through a socket to one of the available fastcgi servers to handle this request. This strategy is quite simple and has the following advantages:

In the beginning FastCGI was not so popular, because its use of external processes and communication through sockets required more resources to be allocated on the host system. Today this is not the case, because for the last few years the hardware development made huge leaps ahead and system memory is not so expensive anymore. In present days many of the web servers have full support for FastCGI and the trend is to migrate the current web applications to run under it. These are some of the most popular web servers that have support for FastCGI: In November Microsoft announced support for FastCGI on IIS 5, IIS 6 and IIS 7 (Beta). Click here to read the announcement.

[May 5, 2006] Apache Hits Version 2, Cubed By ServerWatch Staff

The Apache Software Foundation released a maintenance update to the 2.2 httpd branch. Version 2.2.2 is now considered the gold standard that outfits running Apache should be using. It is available for download, here.

As usual, the full cadre of release notes are online. Changes have been made to mod_deflate, so that it works correctly in an internal redirect; mod_proxy_balancer, which now initializes members of a balancer correctly; mod_proxy, so that it no longer releases connections from the connection pool twice; prevent the reading uninitialized memory while reading a line of protocol input; mod_dbd, whose defaults have been updated and error reporting improved; and mod_dbd, which creates its own pool and mutex to avoid problem use of process pool in request processing.

Version 2.2 was initially released in December 2005. Core enhancements include, refactored authentication and authorization modules; a host of changes to mod_cache, mod_disk_cache, and mod_mem_cache; a simplified and modularized default configuration layout; and graceful shutdown for prefork, worker, and event MPMs. Changes were also made to the mod_auth, mod_authnz_ldap, mod_authz_owner, mod_version, mod_info, mod_ssl, and mod_imagemap modules.

The ASF also recommends anyone still running the 2.0 or 1.3 forks that does not plan to upgrade be sure to patch to 2.0.58 and 1.3.37, respectively.

mod_perl Configure Apache with Perl Example

With mod_perl, Perl code can be embedded directly in the Apache configuration file. Perl in httpd.conf is commonly used to dynamically configure Apache, but anything from URL translation to content generation can be accomplished directly in the configuration file within <Perl> sections.

This example reads configuration settings from a text file and configures Apache's virtual hosts.

The httpd.conf setup:

      my $config = "/etc/apache/vhosts.txt";
      open HOSTS, $config or die "Failed to open $config: $!";
      while (<HOSTS>) {
          my %config;
          my @params = qw/ServerName DocumentRoot ErrorLog TransferLog ServerAdmin/;
          @config{ @params } = split /\t/;
          $config{ Directory }{ $config{DocumentRoot} } = { Allow => 'from all' };
          push @{ $VirtualHost{''} }, \%config;
      close HOSTS;

See The Guide for other examples of configuring Apache with mod_perl.

Zones for ASF projects - The Apache Software Foundation

This document is a quick overview of Solaris 10's zones, intended for use by ASF infrastructure to establish zones and for PMCs to manage their zones.

Some quasi-helpful resources:

These are notes to assist the root people at ASF infrastructure to create Solaris zones for certain PMCs. See the other notes below for PMCs to manage zones.

Please add notes about your zone to the file (PMC name, root name and other maintainers, docs reference). See the notes for other zones.

Creating a zone

[Nov 22, 2005] Life on the OutSide Installing Perl & Apache on Solaris 10

One of the first things you will want to setup on your new Solaris/OpenSolaris operating system is a web server, even though Solaris now comes with Perl and Apache installed by default, it is still worth installing your own version. New versions of Perl and Apache will always be ahead of the Solaris version, plus you will never damage the pre-installed version.

The procedure has been test on:

The following steps will install:

Basic Apache 2 Solaris 10 Startup

Articles and FAQs Apache 2.xx is included with Solaris 10. A few configuration details need to be addressed prior to starting Apache 2.xx (you need to be root):
  1. Copy the file, /etc/apache2/httpd.conf-example to /etc/apache2/httpd.conf
         # cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf    
  2. Edit /etc/apache2/httpd.conf
    • Set ServerName if necessary (default is
    • Set ServerAdmin to a valid email address
  3. From the command line type:
         # svcadm enable apache2    

The Apache 2 web service should persist through server and/or zone boots. The actual web pages are located in the /var/apache2/htdocs directory by default.

[Apr 10, 2005] Sun Microsystems

I installed on m sun solaris 10, just the core sdistribution

I installed packages:

system SUNWapch2d Apache Web Server V2 Documentation
system SUNWapch2r Apache Web Server V2 (root)
system SUNWapch2u Apache Web Server V2 (usr)

But when i try to enable apache

svcadm enable apache2

i get:

svcadm: Pattern 'apache2' doesn't match any instances

i looked all day in doc's the internet, but no good solution.

Who has got the answer for me.

hey rebooting a unix box worked????????

svcs -a | grep apache2

no showed disabled ???

before rebooting i didn't show up.


[Nov 06, 2003] Apache, a guide in how to optimally compile and install Apache in Sun Solaris, with support for Perl, Python, PHP+MySQL, faster CGI's, etc.

Posted by timothy on Sunday October 19, @08:19AM
from the driven-by-the-forces-of-evil dept.
ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."

O'Reilly Network Installing an Apache RPM [September 11, 2002]

I should preface this by noting that I usually install Apache from source for this very reason. It's often not clear where the contents of an RPM will end up and Apache is a prime example.

There is, however, a nifty way to do a little digging BEFORE you install an RPM. On the command line, type:

rpm -qpil path/to/apache-xyz.rpm | more

where 'path/to/apache-xyz.rpm' is the location of the RPM you wish to install.

Running this on apache-1.3.9-4.i386.rpm under RH6.1 reveals...


% rpm -qpil apache-1.3.9-4.i386.rpm | more

[uninteresting bits and general verbosity deleted]



The Apache program itself is /usr/sbin/httpd. You can either run that from the command-line thusly:

% /usr/sbin/httpd

or by rebooting your server since all those files in /etc/rc.d will start Apache automagically when you start your server.

Before doing so, however, be sure to make the appropriate configuration changes in the /etc/httpd/conf/httpd.conf,
srm.conf, and access.conf files -- newer versions of Apache only use httpd.conf.

There are some instructions available on RedHat's site; while they're not particularly geared toward a first time user, they may be of some help in initial Apache configuration...

Re: Latest Apache RPM; undefined symbol

Hi Arend,

Thank you.

I replaced the original httpd.conf file and restarted manually without error.

I am wearing my dunce's hat with pride...



>>> 03 July 2002 17:46:50 >>>
On Tue, 2 Jul 2002, Geoff Amabilino wrote:

> Hi all,
> We have just upgraded our Apache packages to the latest RH version 
>(1.3.22-5.7.1) to avoid the recent security problem.
> We are now getting a problem starting the web server as follows:
> Syntax error on line 212 of /etc/httpd/conf/httpd.conf:
> Cannot load /etc/httpd/modules/ into server: 
> / undefined symbol: ap_escape_logitem
> I cannot find any clues around the web, and for the moment have had to 
>disable custom logging to get the site going again.
> Has anyone else seen this?  Any help would be welcome.

Hi Geoff,

With the recent update, you need to stop and then restart apache by hand 
the first time, then the -HUP at 4:00 will work from then on.

So do this:

/etc/init.d/httpd stop
/etc/init.d/httpd start

then check the logs.

Hope this helps,

Recommended Links

Google matched content

Softpanorama Recommended

Top articles


Commercial Support

Tomcat Support, Apache Support, Apache Tomcat, Apache Tomcat Support, Apache Geronimo Support, Apache Roller Blog Server Support and Apache Axis Support to the Enterprise - Covalent Technologies

For information on pricing, contact SpringSource's sales staff by emailing or calling 650/425-3515.

Random Findings

This sounds like a great idea. (Score:2)

by daviddennis (10926) <> on Sunday October 19, @12:26PM (#7254633)
( To try and pull the subject away from the usual trolls, this sounds like something I really need on my web server.

Has anyone tried it? Any success or failure stories?


powerful umbrella shielding apps from attacks" (Score:2)
by brlewis (214632) on Tuesday October 21, @12:25PM (#7272502)
( The article's description of mod_security as a "powerful umbrella shielding applications from attacks" seems to oversell it. If you have a known app with a known exploit, you can use mod_security instead of fixing the app. But even the mod_security docs themselves say it's better to fix the app.

For apps which accept arbitrary text input (most do!) a general filter against, e.g. "insert into", is a bad idea? This slashdot post includes those two words together; you have to be specific about which inputs get filtered how. Again, this is better done in the app itself.

Another neat module I've never heard of before... (Score:2)
by WoTG (610710) on Tuesday October 21, @02:07PM (#7273748)
( | Last Journal: Monday August 04, @12:43AM)

I had to browse the site to see what this does, this overview page [] was good.
It reminds me of URLScan [] for MS's IIS - but with extra features.

For those who don't want to do this on the server (Score:1)
by jjeffrey (558890) <> on Wednesday October 22, @08:20AM (#7280159)
( can of course spin up Apache on another box, preferably not the firewall, and set it up in proxy mode to forward the requests. Though this generates some SSL issues. Mabye you could even use mod_balance and have a security appliance / load balancer?

Of course Checkpoint already offer this functionality in FW-1 NG to a limited degree, and Netscreen are introducing it across their range as a free update (for those with a software subscription) in ScreenOS 5 later this year or early next.

mod_security evaluation by Tegatai Systems (Score:1)
by konduct (691763) on Wednesday October 29, @06:06AM (#7336442)
( Tegatai Systems [] has been using mod_security [] in its development labs recently. It has been determined through white and blackbox testing that mod_security needs more work before it will be stable enough for wide-spread production use.

Similar to Microsoft's URLScan... (Score:1)
by sk3tch (165010) on Wednesday October 29, @12:46PM (#7339210)
( lscan.asp []

Nice to see Apache adding this functionality. As a web admin, the availability of another layer of security is always appreciated.

RSA SecurID module for Apache

About: The mod_securid Apache module implements RSA SecurID authentication for the Apache Web server. It allows administrators to restrict access to Web sites (or parts of Web sites) to users authenticated using a SecurID token and an ACE server.



Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2020 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: January 09, 2020