Apache installation, log analysis and basic firewall settings

greens-beach-196825_640Apache is the most popular HTTP server since 1996. It is used everywhere. I installed Apache, made some log entries, analysed them and finally added some rules with iptables.

Hardware:

  • Motherboard: Asus Z87-C
  • CPU: Intel Core i5-4670K 3.40GHz
  • RAM: 8GB DDR3 1600MHz
  • HDD: 120GB SSD Sata 3.0
  • GPU: Geforce GTX 560 Ti Phantom, 2GB GDDR5 (Gainward)
  • Asus cd/dvd

All tests made with Xubuntu 12.04 LTS Precise Pangolin 32bit using live mode(live cd)

Apache installation

I started by updating package list from default repositories.
$ sudo apt-get update

Apache2 installation and testing
$ sudo apt-get install apache2
$ firefox http://localhost

Firerfox opened page starting with “It works!, This is the default web page for this server.”. I noticed that apache installation was succeeded.

Log entries

By default apache is storing log to: /var/log/apache2

There is thee .log files access.log, error.log and other_vhosts_access.log. I wanted to do entry to error.log. Default user in my live-cd is called xubuntu. I tried to access xubuntus homepage.
$ firefox http://localhost/~xubuntu

That led to the 404 Not Found page so I need to check from error.log what is wrong.
$ less /var/log/apache2/error.log
At the bottom of the error.log was this line:
[Thu Mar 06 13:16:04 2014] [error] [client 127.0.0.1] File does not exist: /var/www/~xubuntu

It told me that apache did not find any files from /var/www/~xubuntu. That is not the place where I want store users homepages.

I decided to enable userdirs.
$ sudo a2enmod userdir
$ sudo service apache2 restart

After that I tried to enter xubuntus homepages again.
$ firefox http://localhost/~xubuntu

Same 404 Not Found page again. Then I checked the logs.
$ less /var/log/apache2/error.log
[Thu Mar 06 13:24:35 2014] [error] [client 127.0.0.1] File does not exist: /home/xubuntu/public_html
It told me that userdirs are now working put there is nothing in that location.

I fixed the problem by making public_html direcotry in to the xubuntus home directory and added file containing some random text.
$ cd
$ mkdir public_html
$ nano index.html

Typed: random text -> ctrl+x -> Y -> ENTER
$ firefox http://localhost/~xubuntu

Finally the 404 page is beated and there is page with “random text”.

Then I oppened apaches acces.log. Time is now 13:32.
$ less /var/log/apache2/access.log
Line at the bottom was
127.0.0.1 – – [06/Mar/2014:13:29:55 +0000] “GET /~xubuntu/ HTTP/1.1” 200 366 “-” “Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0”

What does this means?

/etc/apache2/apache2.conf is the main configuration file. There is section LogFormat where it is specified which information to log and which order. In my case the order was:

LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined

127.0.0.1: IP addres of the client. This is my own ip since I did the testing with same computer where apache is running. Specificly it is my loopback adapters ip.

– – : Hyphens are there to inform that requested info is not available. Remote logname and Remote user should be dispalyed.

[06/Mar/2014:13:29:55 +0000]: Timestamp

“GET /~xubuntu/ HTTP/1.1”: Request line from the client

” 200 366 “: Status code sent from the server to the client

“-“: Hyphen again. It should get information about the size of the response to the client

“Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0”: Page that linked to this url and user-agent

Iptables

My goal is set firewall to block all inputs except requests to apache. What I needed to do is drop everything except input to port 80.

First I dropped all inputs.
$ sudo iptables -P INPUT DROP

Then added except to accept inputs to port 80.
$ sudo iptables -I INPUT -s 0.0.0.0/0 -p tcp –dport 80 -j ACCEPT

I did test with my macbook pro which is in same network. I started firefox and entered the linux machines ip-addres(10.0.1.11) to url field and pressed enter. Everything worked fine and I was watching apaches default page “It works!”.

Finally I wanted to test is the firewall really working. I installed ssh server and tried to take ssh connection from my macbook.

I removed firewall rules and installed openssh-server.
$ sudo iptables -P INPUT ACCEPT
$ sudo iptables -F
$ sudo apt-get install openssh-server

Then on mac I did connection.
$ ssh xubuntu@10.0.1.11
$ exit
It worked fine.

After test I re-added the firewall rules.
$ sudo iptables -P INPUT DROP
$ sudo iptables -I INPUT -s 0.0.0.0/0 -p tcp –dport 80 -j ACCEPT

Then again on mac I tried to do ssh connection.
$ ssh xubuntu@10.0.1.11
No answer!

Now I am pretty sure that firewall is working. Atleast port 22 is blocked! :p

Sources:

Karvinen, Tero: Lessons 2013-03-03, Linux as server

Merilinna, Juhani: Lessons 2013-02-28, Linux basics

http://httpd.apache.org/docs/1.3/logs.html

http://stackoverflow.com/questions/9234699/understanding-apache-access-log

http://en.wikipedia.org/wiki/Apache_HTTP_Server

Leave a Reply