In case I'm not around.
On an AWS EC2 instance I needed to find the contents of the X-Forwarded-For header of incoming requests, send by CloudFront. The easiest way was to dump all incoming traffic on port 80:
sudo tcpdump -s 0 -X 'tcp dst port 80' -w dump.pcapI then copied the dump.pcap to my local machine and loaded it into Wireshark to read its contents.
During development of a javascript webapp I found that the updated javascript was not picked up by my webbrowser. Even using ctrl+F5 would not always work to refresh the files. In order to make development easier I added the following cache headers to the Apache VirtualDirectory configuration in order to make the browser always fetch the latest version of the file from my development server.
<FilesMatch "\.(html|htm|js|css)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>
Browse to the Apache configuration folder on disk. On Ubuntu this is for example /etc/apache2/sites-available. Edit the file default.
Look for the section that looks similar to:
<Directory /[some directory name]>
and you should see something like the following in the next line:
Options Indexes FollowSymLinks
To disable directory listing, just remove Indexes from this line or change Indexes to -Indexes to disable it.
Make sure to restart your Apache server after making the change to make it effective. That’s it! Directory listing should be disabled now by default!
If you want to enable directory listing for a specific directory added Index to the
An Apache .htaccess file can be used to set specific configuration values for PHP in a website. This is a useful feature when looking for a temporary PHP setting specific to that website; for example when doing an upgrade.
To set a value use: _php_value _. Setting a boolean value is done using php_flag Off|On. An unlimited execution time can be set for example by placing php_value_time_limit 0 in the .htaccess file.
Overriding a PHP setting via .htaccess is not always allowed in the site configuration. To allow this the Options option must be added to the AllowOverride directive in the Virtualhost configuration of the site.
Have you ever been struggling to secure a website domain by both IP address whitelist and a password file? This means the user has to have a specific IP address to even be allowed, and after allowance the user must enter his/her password for access.
The solution to do this in a Apache .htaccess file is listed below.
Important things to notice are:
AuthType Basic AuthName "Secure site" AuthUserFile /home/domains/www.example.com/secure.passwd Require valid-user Order deny,allow Deny from all #Repeat the line below for all allowed IP addresses. Allow from 127.0.0.1 Satisfy All
After installing a Git repository on a webserver I’d also like to browse it using my webbrowser. We can do this via the gitweb package and some additional configuration in Apache. The assumption is that this is done on a Ubuntu system.
The result will be that repositories can be cloned via /git/repos/[name].git and browsed via /git/, within the same VirtualHost. It is assumed that your VirtualHost is set up similar to the previous blog post on git on this blog.
First install gitweb via the apt-get package manager:
apt-get install gitweb
The configuration for gitweb is located at _/etc/gitweb.conf. _Only one line needs to be changed, at the beginning of the file; change the $projectroot value to the root of your git repository.:
# path to git projects (<project>.git)
$projectroot = "/var/git/repository";The installation of the gitweb packace has placed a configuration file in /etc/apache2/conf.d/gitweb:
Alias /gitweb /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
This causes the URL /gitweb/ to be mapped to the gitweb script, causing it to show up on every VirtualHost. We want it to show up only on the git.example.com VirtualHost. In order to do so, remove this configuration file. Modify the git.example.com (or any VirtualHost you have configured for git access) and add the following lines:
Alias /git /usr/share/gitweb
<Directory /usr/share/gitweb>
Options FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
Also remove the line
#ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
and replace it with:
ScriptAliasMatch \
"(?x)^/git/(.\*/(HEAD | \
info/refs | \
objects/(info/\[^/\]+ | \
\[0-9a-f\]{2}/\[0-9a-f\]{38} | \
pack/pack-\[0-9a-f\]{40}\\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/lib/git-core/git-http-backend/$1This causes all requests from the git commandline (push, pull, clone, etc) to be forwarded to the git-http-backend script, while all other requests are handled by gitweb.
This guide lists all the step you need to take to install a git server which is accessible via http. If you have no need for https you can skip this part in the tutorial. After following all the steps it did not work immediately, I did have to tweak the apache configuration a little and install additional packages, the end result can be found below.
The git-core package was also installed using apt-get install git-core.
This VirtualHost configuration also limits access to only IP addresses in the subnet 192.168.*.* and requires a password, stored in the htpasswd file located at /var/www/git.example.com/git.passwd
Pay special attention to this line: ScriptAlias /git/ /usr/lib/git-core/git-http-backend/ and verify that the location of the git-core directory is correct. On some installations the path might be /usr/libexec/git-core/git-http-backend or something similar.
<VirtualHost>
ServerAdmin webmaster@localhost
ServerName git.example.com
DocumentRoot /var/www/git.example.com/htdocs
<Directory>
Options FollowSymLinks
AllowOverride None
</Directory>
SetEnv GIT\_PROJECT\_ROOT /var/git/repository
SetEnv GIT\_HTTP\_EXPORT\_ALL
SetEnv REMOTE\_USER=$REDIRECT\_REMOTE\_USER
ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
<Location>
Deny from all
Allow from 127.0.0.1
Allow from 192.168
</Location>
<Location /git>
AuthType Basic
AuthName "Git Repository"
AuthUserFile /var/www/git.example.com/git.passwd
Require valid-user
</Location>
ErrorLog ${APACHE\_LOG\_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog ${APACHE\_LOG\_DIR}/access.log combined
</VirtualHost>Read the next git blog post to learn how to also browse the git repositories using your webbrowser.
To create a new git repository execute:
git init <span class="hljs-comment">--bare name_of_project.git</span>
On a remote machine you can checkout this project by executing:
git <span class="hljs-keyword">clone</span> <span class="hljs-title">http</span>://git.example.com/git/name_of_project.git
On the first push command to send the changes to the server, you need to specify that you were working on the master. The original repository was bare, so git does not know that yet. The command below takes care of that:
git <span class="hljs-built_in">push</span> <span class="hljs-built_in">origin</span> master
A very good and readable howto is available at http://www.howtoforge.com/debian_subversion_websvn. I have made some additional changes after following this guide. The guide requires you to manually add each repository manually to the dav_svn.conf file. It is possible to do this differently, in a VirtualHost configuration. Do not enable the lines in dav_svn.conf but add the following lines to your desired VirtualHost configuration, in this example with ServerName svn.example.com:
<Location>
Deny from all
Allow from 192.168
</Location>
<Location /svn>
DAV svn
SVNParentPath /var/svn/repository/
SVNListParentPath on
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /var/www/svn.example.com/dav_svn.passwd
Require valid-user
</Location>In this configuration there are the following things to keep in mind: