Apache is the most popular HTTP server since 1996. It is used everywhere. I installed Apache, made some log entries, analysed them and finally added some rules with iptables.
Hardware:
- Motherboard: Asus Z87-C
- CPU: Intel Core i5-4670K 3.40GHz
- RAM: 8GB DDR3 1600MHz
- HDD: 120GB SSD Sata 3.0
- GPU: Geforce GTX 560 Ti Phantom, 2GB GDDR5 (Gainward)
- Asus cd/dvd
All tests made with Xubuntu 12.04 LTS Precise Pangolin 32bit using live mode(live cd)
Apache installation
I started by updating package list from default repositories.
$ sudo apt-get update
Apache2 installation and testing
$ sudo apt-get install apache2
$ firefox http://localhost
Firerfox opened page starting with “It works!, This is the default web page for this server.”. I noticed that apache installation was succeeded.
Log entries
By default apache is storing log to: /var/log/apache2
There is thee .log files access.log, error.log and other_vhosts_access.log. I wanted to do entry to error.log. Default user in my live-cd is called xubuntu. I tried to access xubuntus homepage.
$ firefox http://localhost/~xubuntu
That led to the 404 Not Found page so I need to check from error.log what is wrong.
$ less /var/log/apache2/error.log
At the bottom of the error.log was this line:
[Thu Mar 06 13:16:04 2014] [error] [client 127.0.0.1] File does not exist: /var/www/~xubuntu
It told me that apache did not find any files from /var/www/~xubuntu. That is not the place where I want store users homepages.
I decided to enable userdirs.
$ sudo a2enmod userdir
$ sudo service apache2 restart
After that I tried to enter xubuntus homepages again.
$ firefox http://localhost/~xubuntu
Same 404 Not Found page again. Then I checked the logs.
$ less /var/log/apache2/error.log
[Thu Mar 06 13:24:35 2014] [error] [client 127.0.0.1] File does not exist: /home/xubuntu/public_html
It told me that userdirs are now working put there is nothing in that location.
I fixed the problem by making public_html direcotry in to the xubuntus home directory and added file containing some random text.
$ cd
$ mkdir public_html
$ nano index.html
Typed: random text -> ctrl+x -> Y -> ENTER
$ firefox http://localhost/~xubuntu
Finally the 404 page is beated and there is page with “random text”.
Then I oppened apaches acces.log. Time is now 13:32.
$ less /var/log/apache2/access.log
Line at the bottom was
127.0.0.1 – – [06/Mar/2014:13:29:55 +0000] “GET /~xubuntu/ HTTP/1.1” 200 366 “-” “Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0”
What does this means?
/etc/apache2/apache2.conf is the main configuration file. There is section LogFormat where it is specified which information to log and which order. In my case the order was:
LogFormat “%h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined
127.0.0.1: IP addres of the client. This is my own ip since I did the testing with same computer where apache is running. Specificly it is my loopback adapters ip.
– – : Hyphens are there to inform that requested info is not available. Remote logname and Remote user should be dispalyed.
[06/Mar/2014:13:29:55 +0000]: Timestamp
“GET /~xubuntu/ HTTP/1.1”: Request line from the client
” 200 366 “: Status code sent from the server to the client
“-“: Hyphen again. It should get information about the size of the response to the client
“Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0”: Page that linked to this url and user-agent
Iptables
My goal is set firewall to block all inputs except requests to apache. What I needed to do is drop everything except input to port 80.
First I dropped all inputs.
$ sudo iptables -P INPUT DROP
Then added except to accept inputs to port 80.
$ sudo iptables -I INPUT -s 0.0.0.0/0 -p tcp –dport 80 -j ACCEPT
I did test with my macbook pro which is in same network. I started firefox and entered the linux machines ip-addres(10.0.1.11) to url field and pressed enter. Everything worked fine and I was watching apaches default page “It works!”.
Finally I wanted to test is the firewall really working. I installed ssh server and tried to take ssh connection from my macbook.
I removed firewall rules and installed openssh-server.
$ sudo iptables -P INPUT ACCEPT
$ sudo iptables -F
$ sudo apt-get install openssh-server
Then on mac I did connection.
$ ssh xubuntu@10.0.1.11
$ exit
It worked fine.
After test I re-added the firewall rules.
$ sudo iptables -P INPUT DROP
$ sudo iptables -I INPUT -s 0.0.0.0/0 -p tcp –dport 80 -j ACCEPT
Then again on mac I tried to do ssh connection.
$ ssh xubuntu@10.0.1.11
No answer!
Now I am pretty sure that firewall is working. Atleast port 22 is blocked! :p
Sources:
Karvinen, Tero: Lessons 2013-03-03, Linux as server
Merilinna, Juhani: Lessons 2013-02-28, Linux basics
http://httpd.apache.org/docs/1.3/logs.html
http://stackoverflow.com/questions/9234699/understanding-apache-access-log
http://en.wikipedia.org/wiki/Apache_HTTP_Server