1) From the Plesk control panel.  Login to Plesk >> click “Domains” >> click “domainname.tld”  >> click “WebSite Settings” >> make sure PHP support is checked, but “safe_mode” is  unchecked >> click Save.

2) The second way is to turn off sqfe_mode using vhost.conf file. Create a vhost.conf file under “/var/www/vhosts/domainname.tld/conf/” directory and place the following lines:

<Directory /home/httpd/vhosts/<domain.com>/httpdocs>
php_admin_flag safe_mode off
</Directory>

Now, in order for Plesk to read these changes, execute

/usr/local/psa/admin/bin/websrvmng -a
service httpd restart

You can enable “register_globals” for a domain the same way mentioned in the 2nd step but make sure to execute the 2 commands for the changes to take effect.

You can check if mod_rewrite is compiled in with Apache doing:

httpd -l | grep mod_rewrite.c

If it’s not then you should re-compile Apache.

You could also enable mod_rewrite logging:

RewriteLog “/var/log/httpd/rewrite.log”
RewriteLogLevel 9 # Maximum debug level, should be disabled on production environment

Note that this must be added on the VirtualHost or at the httpd.conf and *NOT* in the .htaccess.

After this you can check the file /var/log/httpd/rewrite.log to see what happens when you try to access an URL that should be rewritten.

Incoming search terms:

• accessing a website with network programming (1)
• download httpd-2 2 17 for linux (1)

In this exclusive series, you will learn more about:

• Securing an Apache 2 web server under Red Hat Enterprise Linux / CentOS Linux using mod_chroot
• Virtual hosting configuration under chrooted jail.
• Troubleshooting Chrooted Apache jail problem.

Requirements

1. Server: Apache 2 Web server.
2. Jail directory: /httpdjail.
3. User / Group: apache / apache (never ever run chroot using root user).
4. Virtual domain directory for all domain inside jail: /home/httpd.
5. PHP is configured via default mod_php.
6. Instructions are tested under CentOS / RHEL 5.x.

More about Jail directory: /httpdjail

Create a jail directory as follows:
# J=/httpdjail
# mkdir $J

1. Do not create /dev directory inside your jail.
2. Do not create special device files inside jail.
3. Do not copy shell or any other single executable files inside your jail.
4. Do not run httpd or php / perl / python as root user.
5. If possible mount $J using a separate partition with nosuid, nodev and noexec options. This will improve security as user will not able to run suid enabled programs and device files inside a jail.

Install Apache, PHP and MySQL

Install required packages using yum command, enter:
# yum install mysql mysql-server httpd php-mysql php-pear php-xml php-mysql php-cli php-imap php-gd php-pdo php-devel php-mbstring php-common php-ldap php httpd-devel
Now, create required directories inside your jail:
# mkdir -p $J/var/run
# chown -R root.root $J/var/run
# mkdir -p $J/home/httpd
# mkdir -p $J/var/www/html
# mkdir -p $J/tmp
# chmod 1777 $J/tmp
# mkdir -p $J/var/lib/php/session
# chown root.apache $J/var/lib/php/session


1. $J/var/run will store PID and other files.
2. $J/var/lib/php/session PHP session file path (configured in php.ini).
3. $J/tmp – Used by many scripts and cms software to upload files.

Install mod_chroot

mod_chroot makes running Apache in a secure chroot environment easy. You don’t need to create a special directory hierarchy containing /dev, /lib, /etc. mod_chroot allows you to run Apache in a chroot jail with no additional files. The chroot() system call is performed at the end of startup procedure – when all libraries are loaded and log files open. Download mod_chroot using wget command:
# cd /opt/
# wget http://core.segfault.pl/~hobbit/mod_chroot/dist/mod_chroot-0.5.tar.gz
Untar it:
# tar -zxvf mod_chroot-0.5.tar.gz
Compile and install mod_chroot for using apxs, enter:
# cd mod_chroot-0.5
# apxs -cia mod_chroot.c

Configure Apache mod_chroot

Open /etc/httpd/conf/httpd.conf file, type:
# C=/etc/httpd/conf/httpd.conf
# vi $C
Set PidFile path in which the server should record its process identification number when it starts. Find line that reads as follows:

PidFile run/httpd.pid

Replace with:
PidFile /var/run/httpd.pid
Next add ChrootDir directive, enter:
ChrootDir /httpdjail
Find line that read as follows:
ServerRoot "/etc/httpd"
Append following lines:


LockFile /var/run/httpd.lock
CoreDumpDirectory /var/run
ScoreBoardFile /var/run/httpd.scoreboard

Make sure mod_chroot.so line exists. For example, 64 bit Linux should have line as follows:

LoadModule chroot_module /usr/lib64/httpd/modules/mod_chroot.so

32 bit Linux config line:

LoadModule chroot_module /usr/lib/httpd/modules/mod_chroot.so

Save and close the file.
Disable SELinux for Apache

You need to disable SELinux for apache, enter:
# setsebool httpd_disable_trans 1
See article “disabling SELinux for only Apache / httpd in Linux” for further details.
Patch up /etc/init.d/httpd

Open /etc/init.d/httpd file, enter:
# vi /etc/init.d/httpd
Find out line that read as follows:

# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}

Add following line (set ROOT to $J):

ROOT=/httpdjail

Find stop() that read as follows:

stop() {
echo -n $"Stopping $prog: "
killproc -d 10 $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

Replace it as follows (you need to link /var/run/httpd.pid to $J/var/run/httpd.pid; so that stop operation works):

stop() {
/bin/ln -s $ROOT/var/run/httpd.pid /var/run/httpd.pid
echo -n $"Stopping $prog: "
killproc -d 10 $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}

Save and close the file. Set immutable permission on /etc/init.d/httpd so that file cannot be modified, updated by yum, deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute:
# chattr +i /etc/init.d/httpd
How do I start chrooted httpd?

Type the following command:
# /etc/init.d/httpd start
You should not see any error in /var/log/httpd/error_log file:

[Sun Dec 21 18:43:09 2008] [notice] core dump file size limit raised to 18446744073709551615 bytes
[Sun Dec 21 18:43:09 2008] [notice] SELinux policy enabled; httpd running as context root:system_r:initrc_t
[Sun Dec 21 18:43:09 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Dec 21 18:43:09 2008] [notice] Digest: generating secret for digest authentication …
[Sun Dec 21 18:43:09 2008] [notice] Digest: done
[Sun Dec 21 18:43:10 2008] [notice] mod_chroot: changed root to /httpdjail.
[Sun Dec 21 18:43:10 2008] [notice] Apache/2.2.3 (CentOS) configured — resuming normal operations

How do I stop chrooted httpd?

# /etc/init.d/httpd stop

How do I restart chrooted httpd?

# /etc/init.d/httpd restart

Incoming search terms:

• centos router (1)

A module provides variety of features for apache such as security, perl and php support etc. To configure apache for additional modules you need to add LoadModule directive in httpd.conf or modules.conf file. For example you can add session management and tracking through consistent identifiers using mod_session. You need to add following entry to Apache 1.3.xx server (under Debian Linux you need to add to /etc/apache-perl/modules.conf file):

LoadModule auth_module /usr/lib/apache/1.3/mod_session.so

Please note that your Apache server must configure for Dynamic Shared Objects (DSOs). Let us assume you have downloaded the module called mymodule.c and you would like to compile and use this module, then you can use Apache apxs utility to compile and install this module:

Build and install a third-party Apache module, say mod_foo.c, into its own DSO mod_foo.so outside of the Apache source tree using apxs:

# apxs -c mymodule.c
# apxs -i -a -n mymodule mymodule.la

Then open your httpd.conf file and add mymodule using top LoadModule Directive:

# vi  httpd.conf

Append following line to server config context (this means that the directive may be used in the server configuration files (e.g., httpd.conf), but not within any or containers. It is not allowed in .htaccess files at all).

LoadModule mymodule /usr/lib/httpd/modules/mymodule.so

If you find compile and install procdure difficult to use then try Apachetoolbox utility to install your Apache modules easily. See official Apache documentation for more information.

If you are a Web developer then do not forget to check out book review of PHP Hacks Tips & Tools for Creating Dynamic Websites.

Incoming search terms:

• apache loadmodule garbled (1)

This module help visitor to get correct content instead of error 404 – document not found and you can also omit file extension such as .pl, .php, .html etc in urls references. It attempts to correct misspellings of URLs that users might have entered, by ignoring capitalization and by allowing up to one misspelling. This must be configured on massive web hosting server by ISP and web hosting service providers so the hosting customer can take advantage of this module.

Following steps demonstrates how to activate this module under Debian GNU/Linux:

A) Open your Apache modules configuration file:
# vi /etc/apache-perl/modules.conf

B) Append following line to this file:
LoadModule speling_module /usr/lib/apache/1.3/mod_speling.so

C) Save the file.

D) This module need to be configured via httpd.conf via CheckSpelling directive. You can configure it for entire site, particular virtual host or even via .htaccess file. Open your /etc/apache-perl/httpd.conf and add followint line in server config context:

CheckSpelling on

E) Restart the apache:
# /etc/init.d/apache-perl restart

Please note that above steps are same under FreeBSD/Solaris for Apache web server except for file location i.e. httpd.conf and modules.conf. Please refer man page for more info.

Incoming search terms:

• suphp_module in file /latest/apache/modules/mod_suphp so is garbled - expected signature 41503232 but saw 41503230 - (2)
• problem with url in apache linux (1)

/usr/lib64/apr-1/build/libtool –silent –mode=compile gcc -prefer-pic -DLINUX =2 -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/include -I/usr/include/apache -I/usr/include/apr-1 -I/usr/include/apache -O2 -g -Wall -DWITH_PCRE _STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 – I/usr/include/apache -I/usr/include/apache -I. -I/usr/local/directadmin/custombuild/httpd-2.2.17/srclib/apr/include -I/usr/local/directadmin/custombuild/httpd-2.2.17/srclib/apr-util/include -I/usr/local/directadmin/custombuild/httpd-2.2.17/ srclib/apr-util/xml/expat/lib -I/usr/local/include -I/usr/include -I/usr/kerberos/include -I/usr/local/include -I/usr/local/include/libxml2 -c -o msc_pcre.lo m sc_pcre.c && touch msc_pcre.slo
msc_pcre.c: In function ‘msc_pregcomp_ex’:
msc_pcre.c:73: error: invalid application of ‘sizeof’ to incomplete type ‘pcre_extra’
msc_pcre.c:77: error: invalid application of ‘sizeof’ to incomplete type ‘pcre_extra’
msc_pcre.c:98: warning: ignoring #pragma message
msc_pcre.c:119: warning: ignoring #pragma message
apxs:Error: Command failed with rc=65536
.
make: *** [mod_security2.la] Error 1

the solution is simple:

Copy the pcre.h from /usr/include/
TO /usr/include/apache and replace the old pcre.h (always backup)

Incoming search terms:

• msc_pcre c: in function `msc_pregcomp_ex: (1)
• msc_pcre c:70: error: invalid application of `sizeof\ to incomplete type `/usr/local/apache2/include/pcre h (1)

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I’m assuming that you have a running Fedora 12 system with a working Apache2. In addition to that I assume that you have one or more web sites set up within the /var/www directory (e.g. if you use ISPConfig).

2 Installing mod_chroot

There’s no mod_chroot package for Fedora 12, therefore we must build it ourselves. First we install the prerequisites:

yum groupinstall 'Development Tools'

yum groupinstall 'Development Libraries'

yum install httpd-devel

Now we build mod_chroot as follows:

cd /tmp
wget http://core.segfault.pl/~hobbit/mod_chroot/dist/mod_chroot-0.5.tar.gz
tar xvfz mod_chroot-0.5.tar.gz
cd mod_chroot-0.5
apxs -cia mod_chroot.c

Then we restart Apache:

/etc/init.d/httpd restart

3 Configuring Apache

I want to use the /var/www directory as the directory containing the chroot jail. Fedora’s Apache uses the PID file /var/run/httpd/httpd.pid; when Apache is chrooted to /var/www, /var/run/httpd/httpd.pid translates to /var/www/var/run/httpd/httpd.pid. Therefore we create that directory now:

mkdir -p /var/www/var/run/httpd
chown -R root:apache /var/www/var/run/httpd

Now we must tell Apache that we want to use /var/www as our chroot directory. We open /etc/httpd/conf/httpd.conf, and right below the PidFile line, we add the line ChrootDir /var/www; also comment out the PidFile run/httpd.pid line and add the line PidFile /var/run/httpd/httpd.pid:

vi /etc/httpd/conf/httpd.conf

    [...]
    #
    # PidFile: The file in which the server should record its process
    # identification number when it starts.
    #
    #PidFile run/httpd.pid
    PidFile /var/run/httpd/httpd.pid
    ChrootDir /var/www
    [...]

Next we must tell our vhosts that the document root has changed (for example, a DocumentRoot /var/www translates now to DocumentRoot /). We can do this either by changing the DocumentRoot directive of each vhost, or more easier, by creating a symlink in the file system.

3.1 First Method: Changing The DocumentRoot

Let’s assume we have a vhost with DocumentRoot /var/www. We must now open the vhost configuration of that vhost and change DocumentRoot /var/www to DocumentRoot /. Accordingly, DocumentRoot /var/www/web1/web would now translate to DocumentRoot /web1/web, and so on. If you want to use this method, you must change the DocumentRoot for every single vhost.

3.2 Second Method: Creating A Symlink In the File System

This method is easier, because you have to do it only once and don’t have to modify any vhost configuration. We create a symlink pointing from /var/www/var/www to /var/www:

mkdir -p /var/www/var
cd /var/www/var
ln -s ../../ www

Finally, we have to stop Apache, delete the directory /var/run/httpd, create a symlink from /var/run/httpd to /var/www/var/run/httpd, and start it again:

/etc/init.d/httpd stop

rm -fr /var/run/httpd
ln -sf /var/www/var/run/httpd /var/run/httpd
/etc/init.d/httpd start

That’s it. You can now call your web pages as before, and they should be served without problems, as long as they are static HTML files or using mod_php.

If you are using CGI, e.g. Perl, suPHP, Ruby, etc., then you must copy the interpreter (e.g. /usr/bin/perl, /usr/sbin/suphp, etc.) to the chroot jail together with all libraries needed by the interpreter. You can find out about the required libraries with the ldd command, e.g.

ldd /usr/sbin/suphp

    [server2:/var/www/web1/log]# ldd /usr/sbin/suphp
    linux-gate.so.1 =>  (0xffffe000)
    libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7e34000)
    libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7e0f000)
    libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xb7e03000)
    libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7cd2000)
    /lib/ld-linux.so.2 (0xb7f23000)
    [server2:/var/www/web1/log]#

If you’ve copied all required files, but the page still isn’t working, you should take a look at the Apache error log. Usually it tells you where the problem is. Also read http://core.segfault.pl/~hobbit/mod_chroot/caveats.html for known problems and solutions.

Incoming search terms:

• apache mod_chroot howto (1)
• cpanel mod_chroot (1)
• directadmin jailed ssh libgcc_s so 1 (1)
• howto apache mod_chroot (1)

Fatal error: Call to undefined function mysql_connect() in filename.php on line xx

on your website though the database details mentioned in the configuration file are correct. In order to solve the problem, install the “php-mysql” package using yum

    # yum install php-mysql

Once installed, restart the httpd service

    # service httpd restart

To check if the package is installed properly, create a phpinfo.php file under your account with the following contents

<?php
phpinfo();
?>

and browse the phpinfo file.

http://yourdomainname.tld/phpinfo.php

You will see a separate Mysql section in the PHP information. Your website should no longer receive the “Call to undefined function” error message.

Incoming search terms:

• Call to undefined function mysql_connect() Centos (19)
• call to undefined function mysql_connect() linux (5)
• centos fatal error: call to undefined function mysql_connect() (5)
• PHP Fatal error: Call to undefined function mysql_connect() (4)
• linux Call to undefined function mysql_connect() (3)
• fatal error: call to undefined function mysql_connect() centos (3)
• centos undefined function mysql_connect() (3)
• php fatal error: call to undefined function mysql_connect() centos (3)
• Fatal error: Call to undefined function mysql_connect() (2)
• ngix mysql_connect (2)

If  you have these module installed, you need to edit your Apache configuration file locate at “/etc/httpd/conf/httpd.conf” file and add the following lines to it:

<Location />
SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI  \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
</Location>

Save the file and restart the httpd service. This will compress all the files except the .gif, .jpe, .jpeg and .png files.

Incoming search terms:

• centos how to enable gzip compression plesk (1)
• enable compression centos httpd (1)
• http compression in apache linux cpanel (1)

1) Download and untar the package

    # wget http://pecl.php.net/get/Fileinfo-1.0.4.tgz
    # tar -zxf Fileinfo-1.0.4.tgz
    # cd Fileinfo-1.0.4

2) Generate the extension for compiling

# phpize

3) Configure the module

# ./configure

4) generate the install files and install it

# make # make install

5) Once done, the extension will be available under the /usr/lib64/php/modules directory.
You now need to add the extension somewhere in the php configuration file. Edit /etc/php.ini and add the following:

extension=fileinfo.so

6) Save the file and restart the webserver

# service httpd restart

To check if “fileinfo” is enabled on the server, execute:

# php -i | grep fileinfo fileinfo
fileinfo support => enabled

Alternate method

Just an FYI, the module can also be installed using the PECL command i.e.

# pecl install fileinfo

Once done, just follow steps 5 and 6 mentioned above. That’s it.

Incoming search terms:

• htaccess php_fileinfo (4)
• centos 6 cpanel fileinfo (2)
• fileinfo cpanel (2)
• install fileinfo centos (2)
• install fileinfo whm (2)
• plesk install fileinfo (2)
• install module fileinfo whm (1)
• installing fileinfo on plesk (1)
• install extension file info cpanel (1)
• php check if fileinfo extension is installed on server (1)