Categories
HowTos Linux

Install Mod_Proxy Apache module on WHM/CPanel CeEntOS Linux Server Without Recompiling Apache

Scenario :
Our client required mod_proxy module for their application. Apache is already installed on WHM/CPanel CentOS Linux Server that run few websites. We thought recompiling Apache is not a good option that will require a down time for maintenance window and a small error can put our contract at risk and lost for our client.

What is ModProxy?

Mod_proxy is an Apache module that implements a proxy for your Apache web server. It is divided into further modules for different purposes. For example mod_proxy_http, mod_proxy_connect, mod_proxy_ftp, mod_proxy_ajp, mod_proxy_balancer. In our case we will compile few of them that are required for our application.

Installation :

Check Apache current version :

/usr/local/apache/bin/httpd -v

Output :
Server version: Apache/2.2.19 (Unix)
Server built: Jul 4 2011 06:24:27

Go to http://archive.apache.org/dist/httpd/ and pick your matched apache version. In our case it is Apache 2.2.19

cd /tmp/
wget http://archive.apache.org/dist/httpd/httpd-2.2.19.tar.bz2
tar -jxvf httpd-2.2.19.tar.bz2
cd httpd-2.2.19
./configure --enable-mods-shared="proxy proxy_http proxy_connect"

Note : You can add additional mod_proxy modules inside inverted commas.
In our case "proxy proxy_http proxy_connect"

cd modules/proxy/
/usr/local/apache/bin/apxs -i -a -o mod_proxy.so -c mod_proxy.c proxy_util.c
/usr/local/apache/bin/apxs -i -a -o mod_proxy_http.so -c mod_proxy_http.c proxy_util.c
/usr/local/apache/bin/apxs -i -a -o mod_proxy_connect.so -c mod_proxy_connect.c proxy_util.c
/etc/init.d/httpd restart

Installation is completed.

You can verify modules under Apache modules directory.

ls -l /usr/local/apache/modules/mod_proxy*

Output :
/usr/local/apache/modules/mod_proxy_connect.so
/usr/local/apache/modules/mod_proxy_http.so
/usr/local/apache/modules/mod_proxy.so

If you have any question, feel free to comment below.

Categories
HowTos Linux Troubleshootings

How to enable mod_rewrite module in apache2.2 on Ubuntu/Debian/backtrack 5

BackTrack 5 is the most popular Penetration testing among Security Analysts. We have also been using it for a very long time.

Today we were testing one application on our back track 5 Linux. It has Apache installed but with a limited modules. I couldn’t access any page of my application because all URLs were rewritten using mod_rewrite. I performed following troubleshooting and finally installed mod_rewrite module.

mod_rewrite module is actually available under back track 5 Linux, but you 
have to just activate it.

How to check module if it is already available?

Module path :
ls -l /usr/lib/apache2/modules/mod_rewrite.so

Module config path :
ls -l /etc/apache2/mods-available/rewrite.load

How to Enable mod_rewrite now?

a2enmod rewrite

Output :
Enabling module rewrite.
Run ‘/etc/init.d/apache2 restart’ to activate new configuration!

Restart Apache
/etc/init.d/apache2 restart

Test you application, all URLs that is rewritten should work now!

Categories
General News

Apache released patch for ApacheKiller.pl Range Byte Flaw

Apache have released Patch for the recent range bytes request flaw which we published few days ago. This patch fix the Security flaw and

Change Log :

SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests
to use less memory, to avoid denial of service. If the sum of all ranges in a
request is larger than the original file, ignore the ranges and send the complete
file. PR 51714.

You can download latest stable release here

If you are running CEntOS, you can update it in this way;

Check update using Yum Utility
yum check-update httpd

Install it
yum update httpd

If don’t want to update it, you can see this post for mitigation techniques.

Categories
Penetration Testing Web Exploitation Tools

Apache Killer – Denial of Service Flaw in Apache WebServer

We were following a thread , it was related to apache flaw which was discovered by KingCope.

What is ‘Apache Killer’ Flaw?

It sends multiple GET requests with dozens of “Byte Ranges” that will eat up server’s memory. Byte Range helps browswer or downloading applications to download required parts of file. This helps reduce bandwidth usage. While this script sends dozen of unsorted components in request header to cause apache   server to malfunction.

It is DoS condition on Apache web Server. I performed a test with a script written by @KingCope and can confirm that it will eat up Server resource in seconds.

Although the patch isn’t available from apache.org yet, we are still waiting for an update from Apache.

When some one execute this attack on your server, it will eat up your 1 GB RAM in 10 seconds, your CPU load will hit 10 average load and our server will finally freeze. Test it out before Apache release the fix 😀