I am trying to utilize the mod_evasive for apache2 for one virtualhost only but it appears no matter what i do the module is loaded on the entirety of apache.
I looked through the docs and i cannot find any switch to disable mod evasive in it's own configuration allowing me to enable it only for specific vhosts.
I understand that i could simply do put the default config to ridiculous numbers making it never trigger/ban on the default and then do specific configurations for certain areas i would want it to trigger but that would be a performance hog having evasive run on everything.
How do i go about this? Do i need to put the site that needs to be behind mod evasive on a completely separate apache2 server?
Ran into the same problem with proxying Jira and Confluence. They send so many requests it was always blocking. Ended up leaving mod_evasive at the global level and putting the following for vhosts I don't want to block and it has been working:
<IfModule mod_evasive24.c>
DOSBlockingPeriod 0
</IfModule>
Related
My main domain is subdomain.domain.tld, and I want to rewrite all the traffic from subdomain1.domain.tld to the first one. Meaning if someone accesses subdomain1.domain.tld/whatever.php, he actually accesses subdomain.domain.tld/whatever.php, however, he's still shown subdomain1 in the browser's navigation bar.
I did some research, but I couldn't find something too promising.
You don't need rewriting for this, in fact internal rewriting is not possible between separate hosts...
Assuming that both "subdomains" (those are actually hostnames) are served by the same http server you can simply configure the same DocumentRoot for both hosts. That way they serve exactly the same file system which obviously means that the same scripts will be called.
Maybe you can get away even more simple if you just use the ServerAlias command for your virtual host. This obviously is only possible if you do not need separate configurations for both hosts.
Just take a look into the documentation of the apache http server. This is explained and good examples are offered:
https://httpd.apache.org/docs/2.4/vhosts/examples.html
In case those two hosts are not served by the same http server you could use an internal proxy setup: subdomain1.domain.tld acts as a front end proxy for subdomain.domain.tld, so it just relays all incoming requests and also the outgoing responses. That is easily done with a combination of the ProxyPass and the ProxyPassReverse rules offered by apaches proxy module: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
This setup can even be used if the two http servers operate on different IP addresses or even completely separate systems.
I found one documentation here to run multiple node application on single port using proxypass, I understood the concept, it just forward the request to node application port unsing ProxyPass. In that example, they used httpd, and I am using tomcat.
My question is, how can I do same configuration in tomcat?
simply I am expecting tomcat configuration for this httpd configuration.
ProxyPass /node http://host.xyz.com:3000
You really should consider using Apache httpd (or any other frontend) for this purpose. This is the software that handles the requirement best - and tomcat best serves application data.
Also, Apache httpd knows how to handle port 80 or 443, something that needs some extra work with tomcat (if you don't want to run it as root. And you actually don't want to run it as root)
It doesn't require so many extra resources, use the appropriate tool for the job. And, when you use mod_proxy, look up all the related options and understand what they're there for. You probably also want ProxyPreserveHost On, but I'll stop here.
I hope the document will be helpful.
I have used Apache HTTPD mod_jk and Tomcat for a high availability solution. Here is the workers.properties for it.
worker.list=myworker
worker.myworker1.port=8009
worker.myworker1.host=host1
worker.myworker1.type=ajp13
worker.myworker1.lbfactor=1
worker.myworker2.port=8009
worker.myworker2.host=host2
worker.myworker2.type=ajp13
worker.myworker2.lbfactor=1
worker.myworker.type=lb
worker.myworker.balance_workers=myworker1,myworker2
worker.myworker.sticky_session=True
Right now, the requests are equally distributed among the workers and applications are working fine. What I want is, all the requests must go to myworker1. Only if myworker1 is down, it should be redirected to myworker2.
Is there a way possible with mod_jk for this?
Redirect to myworker2 in case myworker1 fails
Disable myworker2 for all the requests except for failover
These two lines must be added to your file
worker.myworker1.redirect=myworker2
worker.myworker2.activation=disabled
See:
https://salonegupta.wordpress.com/2014/08/27/apache-load-balancer-setup-with-failover-mechanism/ for more information
I have to redirect bulk of pages to new URL's and if I put all them in .htaccess file, will it get overload and decrease site's performance..??
Please let me know if there are any alternatives to dynamically edit .htaccess file.
Thanks
First notice that using .htaccess files or even allwing the use of .htaccess file is decreasing performances. As you are telling Apache to make I/O on the filesystem, seeking for .htaccess files on the directory tree. So for a better performance having a AllowOverride None on a <Directory /> (so from the root directory) is better, and of course you should'nt modify the AllowOverride setting in any subdirectory.
Now, if you a .htacess with a lot of rules, or a <Directory /path/to/my/directory> with a lot of rules, which is quite the same, except the second version will be read on startup and not for every request, then you will of course slow down youyr apache process as he must check all the rules. But this is usually quite fast. The best thing is to track it via some tools like autobench, httpperf, webinject, ab, etc.
There is a way in mod_rewrite to speed up the rewriting process when you all a lot of rules using the same scheme. It's RewriteMap. When using rewriteMap with a hash file you will of course have something with better speed. But rewriteMap requires that you forget about .htaccess dumb files and that you really use apache configuration files to edit your apache configuration (/etc/apache/*). So you need an adminisstrative access on this configuration.
And at the end of your question you are talking about editing dynamically your .htaccess. If your rewrites are really dynamic I would forget about using the webserver to handle that, and push the rewriting policy into the application code (PHP/C#/etc). Or you could also use the prg: option of rewriteMap and write your own perl, python or anything else daemon script, called by apache's mod-rewrite on each request, providing the rewrite policy. And the rewriting performance will then depend on your programing skills.
I belived, it will not degrade the perfomance in huge , althout the overload on apache server will definately increses....It's also depend on your bandwidth and speed of RAM on your server, if it is good then, I belived you will find any mager issue..
In my local environment, I am using WAMP, which allow me add /remove module dynamically, you can use cpanel also, which allow you add/edit many items dynamically for your apache server
http://docs.cpanel.net/twiki/bin/view/EasyApache3/WebHome
In Addition, you can active and set your virtual host setting uncommeting below lines from your httpds.conf file
LoadModule vhost_alias_module modules/mod_vhost_alias.so
Virtual hosts
Include conf/extra/httpd-vhosts.conf and afterword you can add you all your hundres of virtual host in same file i.e conf/extra/httpd-vhosts.conf
i'm using Debian 4.3.2-1 and Apache 2 in my production server. Watching the logs I noticed apache is resolving client's hostnames with 'HostnameLookups Off' in apache2.conf. I want to avoid these lookups so i'm guessing apache is making this dns queries because i have mod_authz_host enabled. When i try to unlink this module i get several modules complaining because they use "Order" directive.
How is the clean way to go? Should I comment all Order directives like
Order allow,deny
Deny from all
Is this the only way to stop apache making dns requests ?
thank you!
One option is to have the DNS server quickly answer any requests to convert an IP in to a hostname with a "this IP has no hostname" responses. MaraDNS 1.x supports this via "reject_ptr"; I could add this capability to Deadwood (MaraDNS 2.0) in about 10 minutes if there was demand for it.