• Apache Hints
  • Turning off directory listings
  • Benchmarking
  • Log entries of "HTTP (internal dummy connection)"
    • Apache Configuration Changes
  • Debugging mod_rewrite
  • ModSecurity Rule Changes
    • ModSecurity 1.9
    • ModSecurity 2.0
  • Enabling Modules in Debian

Apache Hints

Turning off directory listings

Add the following directive to your .htaccess file or <directory> directives

   Options -Indexes

Benchmarking

Have a look at 'ab' the Apache HTTP Server Benchmarking Tool.

Log entries of "HTTP (internal dummy connection)"

These entries are caused by Apache waking up child processes.

Apache Configuration Changes

Fix by including the following in your Apache2 config:

         <IfModule mod_rewrite.c>
           RewriteEngine on
           RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
           RewriteRule ^/$ /robots.txt [L]
         </IfModule>

         # Don't log requests from local interface
         SetEnvIf Remote_Addr "127\.0\.0\.1" loopback
         CustomLog /var/log/apache2/access.log combined env=!loopback

Debugging mod_rewrite

mod_rewrite has 8 debug levels from trace1 through to trace8.

Enable logging with:

    LogLevel alert rewrite:trace3

ModSecurity Rule Changes

ModSecurity 1.9

     # Require HTTP_USER_AGENT and HTTP_HOST headers
     # Exclude Apache internal dummy connection from test
     SecFilterSelective REQUEST_URI "^/$" "chain"
     SecFilterSelective REMOTE_ADDR "^(127\.0\.0\.1|::1)$" "chain"
     SecFilterSelective HEADER_User-Agent "^HTTP \(internal dummy connection\)$" "skip"
     SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

ModSecurity 2.0

     # Require HTTP_USER_AGENT and HTTP_HOST headers
     # Exclude Apache internal dummy connection from test
     SecRule REQUEST_URI "^/$" "chain,skip:2"
     SecRule REMOTE_ADDR "^127\.0\.0\.1$" "chain"
     SecRule REQUEST_HEADERS:User-Agent "^HTTP \(internal dummy connection\)$" "t:none"
     SecRule &REQUEST_HEADERS:Host "@eq 0" \
        "deny,log,status:403,msg:'Request Missing a Host Header'"
     SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
        "deny,log,status:403,msg:'Request Missing a User-Agent Header'"

See also:

• http://wiki.apache.org/httpd/Logs/InternalDummyConnection
• Mail-Archive Re: Apache dummy connection
• http://www.fi.muni.cz/~kas/blog/index.cgi/2007/01/index.html
• http://www.modsecurity.org/documentation/modsecurity-apache/2.1.0/modsecurity2-apache-reference.html

Enabling Modules in Debian

A useful utility called 'a2enmod' is included in Debian 4.0 (Etch) to enable or disable modules in Apache 2.

It's in the 'apache2.2-common' package, so should be already installed with Apache 2 installation.

$ man a2enmod

e.g. to enable mod_userdir

$ a2enmod userdir

---

-- Frank Dean - 17 Mar 2004

Related Topics: ApacheSpringSecurity

• Viki
• Business
• Tech