Archive for May 12th, 2010

Fix “Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration” on Debian Squeeze Apache 2.2

Wednesday, May 12th, 2010

I am enabling http gzipping on Apache 2.2.9-10+lenny7 I included the following Apache directives in my /etc/apache2/apache2.conf

<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems…BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html

# Don’t compress images
SetEnvIfNoCase Request_URI
.(?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

Then I tried restsarting the Apache Webserver:

debian-server:~# /etc/init.d/apache2 restart
Syntax error on line 56 of /etc/apache2/apache2.conf:

and I ended up with the following error:

Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration

A quick look through my Apache module configurations and consultation with Google shown I’m missing the mod_deflate module along my Apache server loaded modules.

To enable the module to resolve the error issue:

Invalid command ‘Header’, perhaps misspelled or defined by a module not included in the server configuration all I did was:

debian-server:~# ln -sf /etc/apache2/mods-available/headers.load /etc/apache2/mods-enabled/headers.load

Then I restarted the Apache:

debian-server:~# /etc/init.d/apache2 restart

Hooray now html content passed from the Apache webserver to the end users is transferred in a gzip format ! 🙂

Tags: ,
Posted in System Administration | 8 Comments »

How to change webmin user password

Wednesday, May 12th, 2010

I had to change a webmin username’s password recently. After spending few minutes Googling I came to the answer here is a quote from Webmin Website

How do I change my Webmin password if I can't login?

Included with the Webmin distribution is a program called changepass.pl to solve erecisely this problem. Assuming you have installed Webmin in
/usr/libexec/webmin, you could change the password of the admin user to foo by running
/usr/libexec/webmin/changepass.pl /etc/webmin admin foo

This works like a charm and I was able to change a certain username’s password on a CentOS 5.3 right out of the box.
Probably on other Linux distrubutions as well as freebsd it’s quite probable that the changepass.pl webmin changepassword script is located in different location.
So if you are about to change webmin’s password on other Linux or BSD architecture just either find the script using the gnu find command or use the locate command to search for it and execute the script changing the script location in the foreshown example.

Tags:
Posted in System Administration | 3 Comments »

Installing mod antiloris on x86 and x86_64 bit CentOS 4 and 5 to protect from the recent slowloris DoS attack

Wednesday, May 12th, 2010

I had to install mod antiloris in order to be sure the Apache is secureagainst the slowloris Denial of Service attack that emerged in the summer of 2008.
Luckily David Hrbac has already prepared an rpm packages for CentOS so the installation is really simple.
The installation of the module of course is dependant on the exact Linux architecture you’re installing it on.
David has done a great work preparing the rpm packages for both x86 and x86_64 CentOS.
Even better he has prepared packages for both CentOS 4 and 5 releases.

Here is what the uname command returns on the CentOS server where I install the module.

Linux centos 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

Here is how I did the install in a really simple and quick way on a CentOS 5 runing an x86_64 CentOS release:
1. Download the prepackaged rpm of mod_antiloris in rpm for CentOS from this link

1. Install it using the command

[root@centos-server~ ]# rpm -ivh mod_antiloris-0.3-2.el5.hrb.x86_64.rpm

2. Check the configuration syntax is fine

[root@centos-server~ ]# /etc/init.d/httpd configtest

3.Restart the Apache webserver [root@centos-server~ ]# /etc/init.d/httpd restart

Test it using the slowloris script issuing the command:

[root@centos-server~ ]# perl slowloris.pl -dns yourdomainname.com -port 80 -timeout 1 -num 300 -cache

On my installation it worked like a charm you don’t need to do any configuration settings or anything for slowloris to takeaffect just the Apache restart as marked above is all necessary to load the anti slowloris module on your CentOS Linux.
In case need to install the mod antiloris to another architecture than the one described in this article, just download theappropriate rpm centos version from the list below:

Download links to rpm packages of mod antiloris for x86 and x86_64 for Centos 5.

Download mod_antiloris rpm CentOS5 x86

Download mod_antiloris rpm CentOS5 x86_64

Download mod_antilrois rpm CentOS4 x86

Download mod_antiloris rpm CentOS4 x86_64

Of course this is just one of they ways you can do it. You can always use mod_qos or something similar as well as I’ve mentioned in one of my previous posts.
Here is also an article on How to defend from slowloris Denial of service using mod_qos on CentOS

Tags:
Posted in System Administration | 2 Comments »