[HELP] Beaf up security - and using variables

Post your questions about Web Server usage and Apache + PHP + MySQL/SQLite web applications.
Post Reply
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

[HELP] Beaf up security - and using variables

Post by Marc J »

Split from: http://forum.qnap.com/viewtopic.php?f=32&t=15540#p75921

Excellent, thanks!

Next question - I've done the include successfully, including just the line: -

Code: Select all

TraceEnable Off
in customized.conf, restarting apache and testing that trace is disabled - it is.

All good so far. I use my TS-439-Pro as a development server to test sites before publishing them, but prefer to have identical versions of these i.e. no differing config or htaccess files. To this end, I want to define a system variable in the TS-439-PRO server which I can then test for in .htaccess files, for example in customized.conf: -

Code: Select all

SetEnv DEV_SERVER true
Then in a site's .htaccess file for setting custom error pages: -

Code: Select all

<IfDefine DEV_SERVER> 
  ErrorDocument 404 http://devserver/sitename/page/error404 
</IfDefine> 

<IfDefine !DEV_SERVER> 
  ErrorDocument 404 http://www.domain.com/page/error404 
</IfDefine>
I restarted Apache but in local testing the error page is always going to remote page (http://www.domain.com/page/error404) and so it seems the DEV_SERVER system variable is not being set on the TS-439-PRo. Any ideas why this isn't working?

EDIT: Visiting a page with the following PHP on it: -

Code: Select all

<?php 
echo $_SERVER[DEV_SERVER]; 
?>
I get "true", so it is definitely set correctly - but the condition isn't working :?
Last edited by Marc J on Fri Jul 24, 2009 8:01 pm, edited 3 times in total.
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

Re: [HOWTO] Beaf up security on Apache with customized.conf

Post by Marc J »

OK, it seems <IfDefine> doesn't work with environment variables, to use this the parameter must be set with [ -D parameter ] via the command line on startup.

I tried: -

Code: Select all

#/etc/init.d/Qthttpd.sh start -D DEV_SERVER
and

Code: Select all

#/etc/init.d/Qthttpd.sh start -DDEV_SERVER
But neither seems to work, both start the server without any errors showing but the <IfDefine DEV_SERVER> is still always false. Is it possible to set this parameter during startup?
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

Re: [HOWTO] Beaf up security on Apache with customized.conf

Post by Marc J »

Looking around I've kinda come to the conclusion that I might need to edit /etc/init.d/Qthttpd.sh, adding -D DEV_SERVER into the command where it starts apache.

Currently, starting at line 102 of /etc/init.d/Qthttpd.sh, I have: -

Code: Select all

case "$1" in
    start)
	prepare_apache
	echo -n "Starting Qthttpd services:" 
	if [ `/sbin/getcfg "QWEB" "Enable" -d 0` = 0 ] && [ `/sbin/getcfg System "Web Access Port" -d 8080` != 80 ]; then
		[ -d "/home/Qhttpd/RSS" ] || /bin/ln -sf /home/httpd/RSS /home/Qhttpd/RSS
		[ -d "/home/Qhttpd/ajax_obj" ] || /bin/ln -sf /home/httpd/ajax_obj /home/Qhttpd/ajax_obj
		/sbin/daemon_mgr Qthttpd start \
			"/usr/local/sbin/Qthttpd -p 80 -nor -nos -u admin -d /home/Qhttpd -c '**.*'"
		echo -n " Qthttpd"
		touch /var/lock/subsys/Qthttpd
		echo "."
	else
		check_qweb_link
		if [ ! -d ${SSMTP_CONF_DIR} ]; then
			[ ! -f ${SSMTP_CONF_DIR} ] || /bin/rm ${SSMTP_CONF_DIR}
			/bin/mkdir ${SSMTP_CONF_DIR}
			[ -d ${SSMTP_CONF_DEFAULT} ] && /bin/cp ${SSMTP_CONF_DEFAULT}/* ${SSMTP_CONF_DIR}
		fi
	# Start Apache
		if [ ! -d $QWEB_FOLDER ]; then
			/sbin/write_log "The default share Qweb is not found. Apache httpd start failed." 2
			exit 1
		fi 
		if [ -d ${APACHE_CONF_DIR} ] && [ -f ${APACHE_DIR}/bin/apachectl ]; then
			clean_apache_log
			[ $? = 0 ] || echo "Some error occurred in clean_apache_log."
			/sbin/daemon_mgr apache start "${APACHE_DIR}/bin/apachectl start"
		fi
	fi
	;;
    stop)
Would changing the line: -

Code: Select all

			"/usr/local/sbin/Qthttpd -p 80 -nor -nos -u admin -d /home/Qhttpd -c '**.*'"
to: -

Code: Select all

			"/usr/local/sbin/Qthttpd -p 80 -nor -nos -u admin -d /home/Qhttpd -D DEV_SERVER -c '**.*'"
be what I need to do? I'm scared to just go ahead and do it unless it breaks things altogether!
User avatar
fribse
Experience counts
Posts: 2090
Joined: Mon Feb 11, 2008 2:50 am
Location: Greve, Denmark
Contact:

Re: [HELP] Beaf up security - and using variables

Post by fribse »

Hmm, as this has less and less to do with 'beaf up security' your posts have been moved to a seperate thread.
Back to your question, I've never used variables, so I can't help you out on this one...
Best regards
Fribse

NO, RAID is NOT backup - Use RAID-Certified 24x7 drives for raid
HOWTO's:
Make automatic backup of ALL MySQL databases http://forum.qnap.com/viewtopic.php?f=32&t=15628

NAS-659 Pro II (3 GB Ram), Raid1, Survailance station, local backup destination + NAS-853A (16 GB Ram), Virtualization Station, Plex, iDrive
Network: Fritz!Box 7560 + 24p SG200 + 2x8p SG200 + 8p POE EdgeCore + 300/300 mbit Internet
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

Re: [HELP] Beaf up security - and using variables

Post by Marc J »

fribse wrote:Hmm, as this has less and less to do with 'beaf up security' your posts have been moved to a seperate thread.
Thanks! I did wonder if I should start a new thread as it was beginning to fork from the original...you've saved me the bother :D
Back to your question, I've never used variables, so I can't help you out on this one...
:(

How about - if I was to mess around with /etc/init.d/Qthttpd.sh and got errors starting apache or anything else that this might break, would I always be able to use WinSCP to restore a backup to get things working again?

If it won't break things to an "unfixable" state then I'm quite happy tinkering with /etc/init.d/Qthttpd.sh on a "trial and error" basis...
User avatar
fribse
Experience counts
Posts: 2090
Joined: Mon Feb 11, 2008 2:50 am
Location: Greve, Denmark
Contact:

Re: [HELP] Beaf up security - and using variables

Post by fribse »

Yes, it's just basic linux stuff.

I would copy the original Qthttpd.sh to my own script first, and try to use that (no need to put it in /etc/init.d while testing.
And then if (or when) it works, I would change the 'original' Qthttpd.sh.
Best regards
Fribse

NO, RAID is NOT backup - Use RAID-Certified 24x7 drives for raid
HOWTO's:
Make automatic backup of ALL MySQL databases http://forum.qnap.com/viewtopic.php?f=32&t=15628

NAS-659 Pro II (3 GB Ram), Raid1, Survailance station, local backup destination + NAS-853A (16 GB Ram), Virtualization Station, Plex, iDrive
Network: Fritz!Box 7560 + 24p SG200 + 2x8p SG200 + 8p POE EdgeCore + 300/300 mbit Internet
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

Re: [HELP] Beaf up security - and using variables

Post by Marc J »

Well, it seems the line in Qthttpd.sh which starts apache is line 129: -

Code: Select all

/sbin/daemon_mgr apache start "${APACHE_DIR}/bin/apachectl start"
This uses apachectl which, it seems, only accepts limited options. Nomatter what i did to the line in Qthttpd.sh it would not pass on the -D parameter for startup.

So, I edited /usr/local/apache/bin/apachectl directly, changing this part: -

Code: Select all

case $ARGV in
start|stop|restart|graceful|graceful-stop)
    $HTTPD -k $ARGV
    ERROR=$?
    ;;
to: -

Code: Select all

case $ARGV in
start|stop|restart|graceful|graceful-stop)
    $HTTPD -D DEV_SERVER -k $ARGV
    ERROR=$?
    ;;
This finally started apache with the DEV_SERVER variable set which I can then use in <IfDefine> in .htaccess files later :)

Not sure if this is the best way, but it seems to work!
User avatar
fribse
Experience counts
Posts: 2090
Joined: Mon Feb 11, 2008 2:50 am
Location: Greve, Denmark
Contact:

Re: [HELP] Beaf up security - and using variables

Post by fribse »

Excellent, good job!
Best regards
Fribse

NO, RAID is NOT backup - Use RAID-Certified 24x7 drives for raid
HOWTO's:
Make automatic backup of ALL MySQL databases http://forum.qnap.com/viewtopic.php?f=32&t=15628

NAS-659 Pro II (3 GB Ram), Raid1, Survailance station, local backup destination + NAS-853A (16 GB Ram), Virtualization Station, Plex, iDrive
Network: Fritz!Box 7560 + 24p SG200 + 2x8p SG200 + 8p POE EdgeCore + 300/300 mbit Internet
Marc J
Getting the hang of things
Posts: 62
Joined: Wed Oct 15, 2008 1:36 am

Re: [HELP] Beaf up security - and using variables

Post by Marc J »

Hmmm....not sure how this happened, but I had to restart my QNAP for another reason and the edit I had made to the apachectl file was undone???

I had to re-apply it and now everything is OK again. The question is, how was the orignal restored and can I stop it from happening each restart?
Post Reply

Return to “Web Server & Applications (Apache + PHP + MySQL / SQLite)”