All Blogs
Ikke's Blog
- Life (56)
- Technology (131)
- Coding Corner (64)
- Docbook (7)
- Summer of Code 06 (0)
- Desktop (93)
- Ivman (3)
- Linux (90)
- Networks (14)
- Coding Corner (64)
Fedora Stateless @ UGent
- General (10)
- Nifty solutions (3)
- Problems we encounter (9)
- Project status and progress (13)
RealNitro's Blog
Peter's Blog
- Free Software (9)
- Jabber (4)
- Linux (9)
- My Gentoo (19)
- Ubuntu@AMD64 (4)
- Workgroup Free Software (4)
- Internet & Blogs (12)
- Life & Fun (47)
- Politics (16)
- EU Software Patents (8)
- N-VA (4)
- Studies (23)
- Siemens (13)
- UGent & Stuver (18)
- VTK (10)
- - louboutin on Crosswords
- - rhinestone motif on OOo2 on 770
- - richard on OpenOffice rant
- - Tom on GOB signals walkthrough
- - Tom on GOB signals walkthrough
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| << < | Current | > >> | ||||
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
- December 2007 (2)
- November 2007 (3)
- October 2007 (2)
- September 2007 (3)
- August 2007 (4)
- May 2007 (2)
- April 2007 (4)
- March 2007 (5)
- February 2007 (2)
- January 2007 (3)
- October 2006 (2)
- August 2006 (1)
- More...
Who's Online?
- Guest Users: 356
Archives for: December 2005, 02
12/02/05
Lately I've been working on the new webserver machine for VTK. Today I configured mod_security for Apache2, partially by using the rules one can find on gotroot.com.
On the site a little script is provided to update the rules automagicly (in a cronjob or something alike), but when I started using the script I didn't like it for several reasons.
So I decided to rewrite it to suit my needs. You can find my enhanced version here.
The machine now also runs PHP4 and PHP5 side by side thanks to this great documentation (and the Gentoo PHP herd developers, obviously). PHP4 as an Apache module (because this is the "default", so it must run as efficient as possible), PHP5 using the CGI interface for all .php5 files.
We can't make "the big switch" to a PHP5-only server due to our bloody PhpBB forum which is not PHP5 compatible. And as our forum is one of the biggest PHP consumers on the server, I don't want to run PHP4 as CGI and only run the forum this way.
[edit]
I enhanced the script a little more, here's a diff:
--- update_mod_security_rules.sh 2005-12-02 14:46:02.000000000 +0100
+++ update_rules_v2.sh 2005-12-04 14:34:33.000000000 +0100
@@ -15,6 +15,7 @@
APACHESTART="/etc/init.d/apache2 restart"
MODSECPATH="/etc/modsecurity"
APACHEPID="/var/run/apache2.pid"
+APACHECTL="/usr/sbin/apache2ctl"
#Modules
#If you want the "exclude" rules, they should be the first entry in the list
@@ -59,10 +60,21 @@
echo "Make sure you got \"Include ${MODSECPATH}/all.conf\" somewhere in your Apache config"
+${APACHECTL} configtest > /dev/null 2>&1
+if [ ! "x$?" = "x0" ]; then
+ echo
+ echo "There's something wrong in Apache's configuration:"
+ echo
+ ${APACHECTL} configtest
+ echo
+ echo "Exiting, not restarting Apache"
+ exit 1
+fi
+
# try restart
if [ "$UPDATED" -gt "0" ]; then
echo -n "Restarting apache: "
- /bin/kill -HUP ${PID} 2>/dev/null
+ ${APACHECTL} graceful
# did it work?
if `/bin/kill -CHLD ${PID} >/dev/null 2>&1`; then
echo "ok."
