flyinweb's blog

How do I configure nginx as failover reverse proxy load balancer in front of two Apache web servers under CentOS / RHEL 5.x?

nginx is a Web and Reverse proxy server. Nginx used in front of Apache Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the nginx proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.

This article describes how to configure the FastCGI module and PHP to host PHP applications on IIS 7.

IMPORTANT: This article provides instructions on how to install and use the FastCGI component on Windows Server 2008 and Windows Vista SP1. SP1 is required on Windows Vista.

Table of Contents

• Overview
• Enabling FastCGI support in IIS 7
  • Windows Server 2008
  • Windows Vista SP1
  • Update for the FastCGI module
  • Administration Pack for IIS 7
• Install and Configure PHP
• Configure IIS to handle PHP requests
  • Using IIS Manager
  • Using command line
• Best practices for configuring FastCGI and PHP
  • Security Isolation
  • Process recycling
  • PHP versioning
  • Security recommendations
• Per-site PHP configuration
• URL rewriting for PHP applications
• Related Resources

There are few commands I usually use to track if my server is possibly under a Denial of Service attack or under Distributed Denial of Service

Sys Admins who still have not experienced the terrible times of being under a DoS attack are happy people for sure …

Recently has become publicly known for the serious hole found in all Apache webserver versions 1.3.x and 2.0.x and 2.2.x. The info is to be found inside the security CVE-2011-3192 – https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

Apache remote denial of service is already publicly cirtuculating, since about a week and is probably to be used even more heavily in the 3 months to come. The exploit can be obtained from exploit-db.com a mirror copy of #Apache httpd Remote Denial of Service (memory exhaustion) is for download here

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

          Apache HTTPD Security ADVISORY
          ==============================
                    UPDATE 2

Title:       Range header DoS vulnerability Apache HTTPD 1.3/2.x

CVE:         CVE-2011-3192
Last Change: 20110826 1030Z
Date:        20110824 1600Z
Product:     Apache HTTPD Web Server
Versions:    Apache 1.3 all versions, Apache 2 all versions

Changes since last update
=========================
In addition to the 'Range' header - the 'Range-Request' header is equally
affected. Furthermore various vendor updates, improved regexes (speed and
accommodating a different and new attack pattern).

Description:
============

A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server:

     http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tool has
been observed.

The attack can be done remotely and with a modest number of requests can
cause very significant memory and CPU usage on the server.

The default Apache HTTPD installation is vulnerable.

There is currently no patch/new version of Apache HTTPD which fixes this
vulnerability. This advisory will be updated when a long term fix
is available.

It’s probably mod_php, and try recompiling PHP without zend_multibyte. If you have WITH_MULTIBYTE=true in /var/db/ports/php5/options, change it to WITHOUT_MULTIBYTE=true and rebuild the port.

The apache web server has become the predominant web server on the Internet for it's scalability, standards compliance and the numerous features that come bundled with the server. As more and more features are added to apache, and as web applications evolve to meet new demands, bugs will periodically surface in applications and the web server code base itself. Since application and server bugs can lead to service failures and downtime, it is important to have a good set of tools to assist with isolating and locating problems. This article provides an introduction to debugging apache web server problems, and covers several tools and techniques that can help troubleshoot problems when they arise.