β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Apache Server's httpd.conf file commentsThe reference here is the Apache Server.._win32 version- OLD STABLE VERSION
twitter.com/undercodeNews
π¦ππΌπ' π πππΈβπ :
1) ServerType standalone #Set whether the
server is started separately (standalone) or through the internet server inetd. The former is generally used.
2) ServerRoot "d: / Apache" #Set the
server's Home directory to store the server's configuration files, error files, and log files.
PidFile logs / httpd.pid #When the
program starts, store the process ID of the parent process httpd in this file. This file name can be changed with the PidFile command.
3) ScoreBoardFile logs / apache_status #Set
the log files of some execution programs of the WWW server on the network.
#ResourceConfig conf / srm.conf
#AccessConfig conf / access.conf #The
contents of these two files are already included in the httpd.conf file.
Timeout 300 #If the
client has not been connected for 300 seconds, or the server has not transmitted data to the client for 300 seconds, it will automatically disconnect.
KeepAlive On #Set
whether to support the resume function.
MaxKeepAliveRequests 100 #Set
the number of resume transmission functions. The larger the number, the more wasted hard disk space. Set to 0 for more than continuous transmission.
KeepAliveTimeout 15 #If
the user has not sent a request to the server after 15 seconds, he cannot resume the transmission.
MaxRequestsPerChild 0
#Set the number of child processes at the same time.
ThreadsPerChild 50 #Set
the number of processes used by the server.
#Listen 3000
#Listen 12.34.56.78:80 #Allow the
use of other ports or IPs to access the server. In this example, the Port is 3000 and the IP is 12.34.56.78:80.
#BindAddress * #Set
Apache to listen to all IPs, which can also be specified specifically.
#LoadModule anon_auth_module modules / ApacheModuleAuthAnon.dll
...... #Open
the module that is not currently activated for reservation.
#ExtendedStatus On #Set
the status information generated by the server.
The reference here is the Apache Server1_3_12_win32 version.
Port 80 #Set the port
used by the server.
ServerAdmin you@your.address #Set
the E-Mail address of the server administrator.
#ServerName new.host.name
#Host name of the server. If you have a fixed IP address, you do not need to set it.
DocumentRoot "d: / Apache / htdocs" #Set
the directory for storing site html files.
<Directory />
Options FollowSymLinks
AllowOverride None
</ Directory>
# Setup / Directory instructions. Specifically:
Option: defines the operations that can be performed in the directory. None means you can only browse, FollowSymLinks allows the page to connect to other places, ExecCGI allows you to perform CGI, MultiViews allows operations such as watching animation or listening to music, Indexes allows the server to return a formatted list of directories, and Includes allows the use of SSI. These settings can be checked. All can do anything, but does not include MultiViews.
AllowOverride: Add None parameter to indicate that anyone can browse the files in this directory. Other parameters are: FileInfo, AuthConfig, Limit.
UserDir "d: / Apache / users /"
#Define the directory where users store html files.
DirectoryIndex index.html #Define
the file to be displayed first.
AccessFileName .htaccess #Define
the name of each directory access control file.
#CacheNegotiatedDocs
Define that the proxy server should not cache your pages. Not recommended for use.
UseCanonicalName On #The
server uses the server name specified by ServerName and the port address specified by Port.
written by undercoders
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Apache Server's httpd.conf file commentsThe reference here is the Apache Server.._win32 version- OLD STABLE VERSION
twitter.com/undercodeNews
π¦ππΌπ' π πππΈβπ :
1) ServerType standalone #Set whether the
server is started separately (standalone) or through the internet server inetd. The former is generally used.
2) ServerRoot "d: / Apache" #Set the
server's Home directory to store the server's configuration files, error files, and log files.
PidFile logs / httpd.pid #When the
program starts, store the process ID of the parent process httpd in this file. This file name can be changed with the PidFile command.
3) ScoreBoardFile logs / apache_status #Set
the log files of some execution programs of the WWW server on the network.
#ResourceConfig conf / srm.conf
#AccessConfig conf / access.conf #The
contents of these two files are already included in the httpd.conf file.
Timeout 300 #If the
client has not been connected for 300 seconds, or the server has not transmitted data to the client for 300 seconds, it will automatically disconnect.
KeepAlive On #Set
whether to support the resume function.
MaxKeepAliveRequests 100 #Set
the number of resume transmission functions. The larger the number, the more wasted hard disk space. Set to 0 for more than continuous transmission.
KeepAliveTimeout 15 #If
the user has not sent a request to the server after 15 seconds, he cannot resume the transmission.
MaxRequestsPerChild 0
#Set the number of child processes at the same time.
ThreadsPerChild 50 #Set
the number of processes used by the server.
#Listen 3000
#Listen 12.34.56.78:80 #Allow the
use of other ports or IPs to access the server. In this example, the Port is 3000 and the IP is 12.34.56.78:80.
#BindAddress * #Set
Apache to listen to all IPs, which can also be specified specifically.
#LoadModule anon_auth_module modules / ApacheModuleAuthAnon.dll
...... #Open
the module that is not currently activated for reservation.
#ExtendedStatus On #Set
the status information generated by the server.
The reference here is the Apache Server1_3_12_win32 version.
Port 80 #Set the port
used by the server.
ServerAdmin you@your.address #Set
the E-Mail address of the server administrator.
#ServerName new.host.name
#Host name of the server. If you have a fixed IP address, you do not need to set it.
DocumentRoot "d: / Apache / htdocs" #Set
the directory for storing site html files.
<Directory />
Options FollowSymLinks
AllowOverride None
</ Directory>
# Setup / Directory instructions. Specifically:
Option: defines the operations that can be performed in the directory. None means you can only browse, FollowSymLinks allows the page to connect to other places, ExecCGI allows you to perform CGI, MultiViews allows operations such as watching animation or listening to music, Indexes allows the server to return a formatted list of directories, and Includes allows the use of SSI. These settings can be checked. All can do anything, but does not include MultiViews.
AllowOverride: Add None parameter to indicate that anyone can browse the files in this directory. Other parameters are: FileInfo, AuthConfig, Limit.
UserDir "d: / Apache / users /"
#Define the directory where users store html files.
DirectoryIndex index.html #Define
the file to be displayed first.
AccessFileName .htaccess #Define
the name of each directory access control file.
#CacheNegotiatedDocs
Define that the proxy server should not cache your pages. Not recommended for use.
UseCanonicalName On #The
server uses the server name specified by ServerName and the port address specified by Port.
written by undercoders
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ One way to solve the increasing expansion of the Apache log file ACCESS.LOG:
Change the CustomLog logs / access.log common in httpd.conf to CustomLog "| c: / apache / bin / rotatelogs c: /apache/logs/%Y_%m_%d.access.log 86400 480" common
restart Apache
where c : / apache / is
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ One way to solve the increasing expansion of the Apache log file ACCESS.LOG:
Change the CustomLog logs / access.log common in httpd.conf to CustomLog "| c: / apache / bin / rotatelogs c: /apache/logs/%Y_%m_%d.access.log 86400 480" common
restart Apache
where c : / apache / is
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP disguiseThe first part of the characteristics of various proxy methods and package rewriting process
t.me/undercodeTesting
1) Squid traditional proxy and transparent proxy: The
most widely used traditional proxy and transparent proxy on Linux is Squid. The default Squid is configured as a traditional proxy.
In this way, the windows client has to set the proxy server address and port number in the browser, and the client has
very little work to do . You only need to specify the IP address and port number of the proxy server, and everything else is left to the proxy server
to do. An obvious feature in this way is that when a Windows client browses a webpage and enters a URL, the DNS is also done by the proxy
server.
2) The DNS resolution process is based on the resolution order in the /etc/host.conf file set in the Linux server.
The general order is to find / etc / hosts first, then find the DNS database bind. An interesting example in this case is that if you set the
domain name of a site as a server in your intranet, then go to the intranet server first. If you set
192.168.11.3 www.yahoo.com, it is impossible for your browser to access the yahoo site on the Internet.
3) But if you set up a transparent proxy, the DNS order of resolution will become
windowshosts and then the DNS database of Linux. It is no longer possible to check the / etc / hosts file on the Linux server.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP disguiseThe first part of the characteristics of various proxy methods and package rewriting process
t.me/undercodeTesting
1) Squid traditional proxy and transparent proxy: The
most widely used traditional proxy and transparent proxy on Linux is Squid. The default Squid is configured as a traditional proxy.
In this way, the windows client has to set the proxy server address and port number in the browser, and the client has
very little work to do . You only need to specify the IP address and port number of the proxy server, and everything else is left to the proxy server
to do. An obvious feature in this way is that when a Windows client browses a webpage and enters a URL, the DNS is also done by the proxy
server.
2) The DNS resolution process is based on the resolution order in the /etc/host.conf file set in the Linux server.
The general order is to find / etc / hosts first, then find the DNS database bind. An interesting example in this case is that if you set the
domain name of a site as a server in your intranet, then go to the intranet server first. If you set
192.168.11.3 www.yahoo.com, it is impossible for your browser to access the yahoo site on the Internet.
3) But if you set up a transparent proxy, the DNS order of resolution will become
windowshosts and then the DNS database of Linux. It is no longer possible to check the / etc / hosts file on the Linux server.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The package rewriting process of traditional proxy and transparent proxy: see the following situation
> t.me/undercodeTesting
[PC] A [Linux squid server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦situation 1
Set the proxy to 192.168.11.5 and the port number to 3128 on the browser of the user of machine A, and use B to access the Internet.
If you visit www.linuxforum.net, in fact, as long as you set up a proxy, the user's browser only
communicates with the Linux Squid server and never talks to the www.linuxforum.net server on the Internet. The Squid proxy server first
www.linuxforum.net for parsing (find the parsing sequence in /etc/host.conf, first / etc / hosts and then DNS lookup)
to the IP address 202.106.124.185, and finally the proxy server replaces the IP address for the client For HTTP access, the returned
information is first cached in the Squid cache, and a copy is also copied to the client. If the user or another user visits the same page next time,
it can be saved from the Squid cache.
The process of transparent proxy is similar to traditional proxy, the difference is
1. The DNS resolution process is different, as already mentioned
2. The transparent proxy gateway must be set to the IP address of the Squid proxy server, which is not required for traditional proxy.
3. The transparent proxy needs to set the input rules of the fire chain. The
rest is the same as the traditional proxy method of Squid.
plug-gw:
plug-gw is a general agent program included in FWTK. Can be used to proxy application layer services like POP3, HTTP, etc.
[PC] A [Linux POP3] C [Linux plug-gw] B
192.168.11.12_ | ______ | 192.168.11.1 ____ 192.168.11.5 | ___ 1.2.3.4__Internet
π¦situation 2
If there is a Linux on the internal network segment POP3 server C (192.168.11.1), the user can wish to receive an external message
may be set in the plug-gw POP3 proxy machine B as follows:
place the following line to /etc/rc.d/rc.local
/ usr / local / etc / plug-gw -daemon 1.2.3.4:110 -name plug-gw-pop3 &
file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 * -plug-to 192.168. 11.1 -port 110
, the user sets the POP3 server address in outlook express to 1.2.3.4. When receiving mail, the external
interface of the B machine is to accept the user request on the 110 port of 1.2.3.4, and then it is plug-gw Processing, on the internal network segment,
192.168.11.5 sends a request to port 110 of 192.168.11.1. Copy the obtained data to
external users through the 1.2.3.4 interface .
Apache reverse proxy.
The package rewriting process is similar to plug-gw.
Note: In the above three cases, the request process is divided twice, and the middle is usually the Squid proxy server or
Plug-gw, Apache server, the data is copied between the two network cards of the server, but
the source address of the two request processes is a randomly assigned high-end address, which is different. Between 1024 and 65535. But generally speaking,
the random high-end addresses allocated by TCP / IP are mostly allocated between 1024-5000. For example: For plug-gw:
If the IP address of an external dial-up user is 5.6.7.8. If the address and port are as follows: the
source address and port number and the destination address port
sum are: 5.6.7.8 1038 1.2.3.4 110
rewritten by plug-gw request:
192.168.11.5 1045 192.168.11.1 110
The data returned by 192.168.11.1 is Copy to external customers.
However, not all the randomly assigned addresses on the high end of the source are between 1024 and 5000. IP masquerading is the exception:
IP masquerading:
[PC] A [Linux MASQ server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦ situation 3
As shown above, PC A is going to surf the Internet through B masquerade. If you want to visit www.linuxforum.net, the package rewriting process in disguise is as follows:
π¦ The package rewriting process of traditional proxy and transparent proxy: see the following situation
> t.me/undercodeTesting
[PC] A [Linux squid server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦situation 1
Set the proxy to 192.168.11.5 and the port number to 3128 on the browser of the user of machine A, and use B to access the Internet.
If you visit www.linuxforum.net, in fact, as long as you set up a proxy, the user's browser only
communicates with the Linux Squid server and never talks to the www.linuxforum.net server on the Internet. The Squid proxy server first
www.linuxforum.net for parsing (find the parsing sequence in /etc/host.conf, first / etc / hosts and then DNS lookup)
to the IP address 202.106.124.185, and finally the proxy server replaces the IP address for the client For HTTP access, the returned
information is first cached in the Squid cache, and a copy is also copied to the client. If the user or another user visits the same page next time,
it can be saved from the Squid cache.
The process of transparent proxy is similar to traditional proxy, the difference is
1. The DNS resolution process is different, as already mentioned
2. The transparent proxy gateway must be set to the IP address of the Squid proxy server, which is not required for traditional proxy.
3. The transparent proxy needs to set the input rules of the fire chain. The
rest is the same as the traditional proxy method of Squid.
plug-gw:
plug-gw is a general agent program included in FWTK. Can be used to proxy application layer services like POP3, HTTP, etc.
[PC] A [Linux POP3] C [Linux plug-gw] B
192.168.11.12_ | ______ | 192.168.11.1 ____ 192.168.11.5 | ___ 1.2.3.4__Internet
π¦situation 2
If there is a Linux on the internal network segment POP3 server C (192.168.11.1), the user can wish to receive an external message
may be set in the plug-gw POP3 proxy machine B as follows:
place the following line to /etc/rc.d/rc.local
/ usr / local / etc / plug-gw -daemon 1.2.3.4:110 -name plug-gw-pop3 &
file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 * -plug-to 192.168. 11.1 -port 110
, the user sets the POP3 server address in outlook express to 1.2.3.4. When receiving mail, the external
interface of the B machine is to accept the user request on the 110 port of 1.2.3.4, and then it is plug-gw Processing, on the internal network segment,
192.168.11.5 sends a request to port 110 of 192.168.11.1. Copy the obtained data to
external users through the 1.2.3.4 interface .
Apache reverse proxy.
The package rewriting process is similar to plug-gw.
Note: In the above three cases, the request process is divided twice, and the middle is usually the Squid proxy server or
Plug-gw, Apache server, the data is copied between the two network cards of the server, but
the source address of the two request processes is a randomly assigned high-end address, which is different. Between 1024 and 65535. But generally speaking,
the random high-end addresses allocated by TCP / IP are mostly allocated between 1024-5000. For example: For plug-gw:
If the IP address of an external dial-up user is 5.6.7.8. If the address and port are as follows: the
source address and port number and the destination address port
sum are: 5.6.7.8 1038 1.2.3.4 110
rewritten by plug-gw request:
192.168.11.5 1045 192.168.11.1 110
The data returned by 192.168.11.1 is Copy to external customers.
However, not all the randomly assigned addresses on the high end of the source are between 1024 and 5000. IP masquerading is the exception:
IP masquerading:
[PC] A [Linux MASQ server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦ situation 3
As shown above, PC A is going to surf the Internet through B masquerade. If you want to visit www.linuxforum.net, the package rewriting process in disguise is as follows:
source address / port number and destination address / port number are:
192.168.11.12 1047 202.106.124.185 80
The
source address and port number and The target address / port number is:
1.2.3.4 62334 202.106.124.185 80 The
returned packet is
202.106.124.185 80-1.2.3.4 62334
and then rewritten to PC A as:
202.106.124.185 80-192.168.11.12 1047
Generally speaking, the IP masquerade The source address is usually> 60,000 and is between 61000--64999.
A comparison table of IP disguise is maintained on the firewall. You can see with the command / sbin / ipchains -M -L -n
:
[root @ proxy etc] # / sbin / ipchains -M -L -n
IP masquerading entries
prot expire source destination ports
UDP 02: 18.86 192.168.11.12 205.188 .179.41 1215 (62615)-> 4000
TCP 17: 03.20 192.168.11.12 205.188.248.57 1049 (62584)-> 80
From the ports column you can compare the matching of two source addresses.
Port forwarding (port forwarding):
See another article in the blend article, "port forwarding by the internal network of external network services,"
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
192.168.11.12 1047 202.106.124.185 80
The
source address and port number and The target address / port number is:
1.2.3.4 62334 202.106.124.185 80 The
returned packet is
202.106.124.185 80-1.2.3.4 62334
and then rewritten to PC A as:
202.106.124.185 80-192.168.11.12 1047
Generally speaking, the IP masquerade The source address is usually> 60,000 and is between 61000--64999.
A comparison table of IP disguise is maintained on the firewall. You can see with the command / sbin / ipchains -M -L -n
:
[root @ proxy etc] # / sbin / ipchains -M -L -n
IP masquerading entries
prot expire source destination ports
UDP 02: 18.86 192.168.11.12 205.188 .179.41 1215 (62615)-> 4000
TCP 17: 03.20 192.168.11.12 205.188.248.57 1049 (62584)-> 80
From the ports column you can compare the matching of two source addresses.
Port forwarding (port forwarding):
See another article in the blend article, "port forwarding by the internal network of external network services,"
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦the second part of the application of ways and the advantages and disadvantages of various agents of
the role of various agents of ways:
1. IP Disguised, Squid's traditional proxy and transparent proxy are suitable for users with no real IP address on the LAN to access the Internet.
2. Apache reverse proxy, plug-gw general proxy, port forwarding is suitable for external users to access
the server without real IP address in the LAN .
π¦ The advantages and disadvantages of various proxy methods:
1. The advantage of Squid is that it requires few clients, as long as it can connect to the Squid server.
However, it is necessary to set the proxy server IP address and port number for each machine.
The advantage of Squid transparent proxy is that it does not require each client to set the proxy address and port, simplifying the client
configuration. However, the default gateway of each client needs to be set to the Squid proxy server, and the client needs to do
DNS resolution
. 3. IP masquerading can be suitable for most application layer services, unlike Squid which only supports http and ftp. But also requires the client βs The default
gateway is set to the address of the firewall. And unlike Squid has a cache function
4. plug-gw can proxy various servers like HTTP, POP3, etc. But Apache reverse proxy can only proxy http reverse request
5. Port forwarding is suitable for most services. It has nothing to do with the specific application. It is fast and implemented at the core IP layer without requiring special
application layer services to run. But it may be necessary to recompile the kernel.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦the second part of the application of ways and the advantages and disadvantages of various agents of
the role of various agents of ways:
1. IP Disguised, Squid's traditional proxy and transparent proxy are suitable for users with no real IP address on the LAN to access the Internet.
2. Apache reverse proxy, plug-gw general proxy, port forwarding is suitable for external users to access
the server without real IP address in the LAN .
π¦ The advantages and disadvantages of various proxy methods:
1. The advantage of Squid is that it requires few clients, as long as it can connect to the Squid server.
However, it is necessary to set the proxy server IP address and port number for each machine.
The advantage of Squid transparent proxy is that it does not require each client to set the proxy address and port, simplifying the client
configuration. However, the default gateway of each client needs to be set to the Squid proxy server, and the client needs to do
DNS resolution
. 3. IP masquerading can be suitable for most application layer services, unlike Squid which only supports http and ftp. But also requires the client βs The default
gateway is set to the address of the firewall. And unlike Squid has a cache function
4. plug-gw can proxy various servers like HTTP, POP3, etc. But Apache reverse proxy can only proxy http reverse request
5. Port forwarding is suitable for most services. It has nothing to do with the specific application. It is fast and implemented at the core IP layer without requiring special
application layer services to run. But it may be necessary to recompile the kernel.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Verified Scribd Premium Accounts :
tamiko_tauka95@yahoo.com:luvmiko4e
luis_alvarezf@hotmail.com:lea121262
moy.cnc@gmail.com:M01535is
lukasr_nqn@hotmail.com:lukasr89
yslee92001@gmail.com:2ljuljou
lucas.wong18@gmail.com:jermaine18
escipion84@gmail.com:pincha06
johnathanemanuel1993@gmail.com:Jj47554755
olivathio@yahoo.co.id:230605
saul.lino.sil@gmail.com:980623As
toriol64@gmail.com:tato6446
catslack@gmail.com:minesweeper
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Verified Scribd Premium Accounts :
tamiko_tauka95@yahoo.com:luvmiko4e
luis_alvarezf@hotmail.com:lea121262
moy.cnc@gmail.com:M01535is
lukasr_nqn@hotmail.com:lukasr89
yslee92001@gmail.com:2ljuljou
lucas.wong18@gmail.com:jermaine18
escipion84@gmail.com:pincha06
johnathanemanuel1993@gmail.com:Jj47554755
olivathio@yahoo.co.id:230605
saul.lino.sil@gmail.com:980623As
toriol64@gmail.com:tato6446
catslack@gmail.com:minesweeper
β β β ο½ππ»βΊπ«Δπ¬πβ β β β