Pedro's blog: db2, mysql, php, linux and performance

iconize and apache mod_alias
01/03/2011, 21:01
Filed under: Apache,General,GNU/Linux | Tags: , , , ,

Iconize is a cool CSS layout with a set of icons to iconize each kind of link inside your webpage. As I decided to use them in one of my personal projects I found out a little trouble with it because it didn’t work on the first try. Thinking on how http works I tried to find if the directory icons/ had some visibility from the internet and what i discovered? it worked but… wasn’t the icons folder of Iconize. WTF! was the icons folder of Apache!! so… working on Ubuntu:

grep -R icons /etc/apache2/*

And there it goes:

/etc/apache2/mods-enabled/alias.conf:#Alias /icons/ “/usr/share/apache2/icons/”

I added a comment on the line like:

#Alias /icons/ “/usr/share/apache2/icons/

And rebooted Apache:

/etc/init.d/apache2 restart

Problem solved, everything working.

Thank you people! Iconize is a great work!

Protecting .svn folders with htaccess
09/04/2010, 21:01
Filed under: Apache,GNU/Linux,Security | Tags: , , ,

After configuring a subversion server for web projects you should take care about the .svn directories and files, ¿how may I secure them from the Internet savage? I found an easy way to do it with the .htaccess file:

RewriteEngine on
RewriteRule .*\.svn/.* – [F]

Don’t forget to enable mod_rewrite, and if you are already using some rule like

RewriteRule ^.*$

be sure of writing first the new rule:

RewriteRule .*\.svn/.* – [F]

RewriteRule ^.*$


phpMyAdmin and mod_security
15/03/2010, 21:08
Filed under: Apache,GNU/Linux,Security | Tags: , , , , ,

Sometimes a high level of security in a website can be painful. In my case, I lost some phpMyAdmin functionalities because the use of mod_security. The /var/log/httpd/modsec_debug.log said:

[15/Mar/2010:20:31:42 +0100] [][rid#80643ac0][/phpMyAdmin/import.php][2] Warning. Pattern match “(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(? …” at ARGS:prev_sql_query. [file “/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf”] [line “66”] [id “950001“] [msg “SQL Injection Attack“] [data “select * from `users`“] [severity “CRITICAL”] [tag “WEB_ATTACK/SQL_INJECTION”]

[15/Mar/2010:20:31:42 +0100] [][rid#80643ac0][/phpMyAdmin/import.php][2] Warning. Pattern match “(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makewebtask)|ql_(? …” at ARGS:sql_query. [file “/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf”] [line “66”] [id “950001“] [msg “SQL Injection Attack“] [data “select * from `users` where“] [severity “CRITICAL”] [tag “WEB_ATTACK/SQL_INJECTION”]

[15/Mar/2010:20:31:42 +0100] [][rid#80643ac0][/phpMyAdmin/import.php][1] Access denied with code 400 (phase 2). Pattern match “\%(?!$|\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})” at ARGS:sql_query. [file “/etc/httpd/conf/modsecurity/modsecurity_crs_20_protocol_violations.conf”] [line “64”] [id “950107“] [msg “URL Encoding Abuse Attack Attempt”] [severity “WARNING”]

So, I had to add some local rules to the file /etc/httpd/modsecurity.d/modsecurity_localrules.conf

<LocationMatch “/phpMyAdmin/import.php”>
SecRuleRemoveById 950107
SecRuleRemoveById 950001

I restarted the apache and everything is working!

Updated (16/03/2010):

I still had some troubles, so, I decided to disable mod_security totally on phpMyAdmin directory with the line:

SecRule REQUEST_URI ^/phpMyAdmin phase:1,allow,ctl:ruleEngine=off

In the file /etc/httpd/modsecurity.d/modsecurity_localrules.conf


Apache died after updating Ubuntu, and php_pdo_declare_long_constant
06/02/2010, 12:51
Filed under: Apache,DB2,GNU/Linux,PHP | Tags: , , , , ,

After some months I installed my Ubuntu Server, yesterday I decided to update it, so:

$ apt-get update

$ apt-get upgrade

Between all the packages I found out php5, php5-dev, php5-common, php5-cli and libapache2-mod-php5, none of them should be dangerous… or maybe yes. I reboot and… crap, Apache doesn’t work! I tried to restart the daemon and got nothing, didn’t want to work. I took a look to the /var/log/apache2/error.log and I found:

/usr/sbin/apache2: symbol lookup error: /usr/lib/php5/20060613/ undefined symbol: php_pdo_declare_long_constant

Something was wrong with the pdo_ibm module… I reinstalled again:

$ wget

$ tar zxvf PDO_IBM-1.2.5.tgz

$ cd PDO_IBM-1.2.5

(Removed the line with the PDO dependency from the package.xml file: <dep type=”pkg” rel=”has” version=”1.0.0″>PDO</dep>)

$ pecl uninstall package.xml

$ pecl install package.xml

I tried again /etc/init.d/apache start and still didn’t work, so I decided to reinstall PDO:

$ pecl uninstall pdo

$ pecl install pdo

And after started apache /etc/init.d/apache start it worked!