Mochabomb

Apachelounge.com has the Apache binaries with mod_ssl support compiled in. These are my notes and such from the install – and thank you to the poeple at Apache lounge for their work.

1. Install Apache 2.2.3 in another directory, leaving the existing install as is. I now have Apache2 and Apache2.2.3 directories, and each with their own conf file. Just choose which service to start – because I had trouble with 2.2.3+PHP5.1.4 and the apache php handler module, I still could run 2.0.52+PHP5.1.4 until it was fixed.

2. httpd.conf – got some editing to do – use side by side compare in Context Editor. The new .conf files are broken up for ease of editing – (great job Apache Group). A nexample of this need is my WordPress was not displaying the categories – a 404 error – that was because of AllowOverride directive – again, found here and by comparing my old and new httpd.conf files.

3. The mod_ssl file – I renamed it to php5apache2_2.dll to keep the original php5apache2.dll for Apache 2.0 installs. In apache2.2.3 httpd.conf, specify the php5apache2_2.dll – again, pick a server and start it. No interference.

4. Follow the direction on this page – http://httpd.apache.org/docs/2.2/upgrading.html and http://www.kanenas.net/index.php?entry=entry060903-061006

5. Install the service – wanted the service to specify the new server, not tweak the old one.

$ ./httpd -k install -n "Apache2.2.3" -f "C:\Apache2.2.3\conf\httpd.conf"
Installing the Apache2.2.3 service
The Apache2.2.3 service is successfully installed.
Testing httpd.conf....
Errors reported here must be corrected before the service can be started.

Important: no errors reported above means all is good so far – start the service – check the access and error logs and windows event view for any issues and resolve them before configuring SSL.

#####mod_ssl configuration

1. SSL configuration – use this as a start: http://tud.at/programm/apache-ssl-win32-howto.php3

2. Ensure port 443 is open in the firewall software and the DSL/Cable router.

3. Cacert.org has free SSL certificates

I recently had trouble after installing Panda Platinum Antivirus on my Apache webserver – any files that got downloaded were cut off at 128Kb.

The solution is here

Quote:
If you encounter problems running Apache 2 under Windows, such as corrupted or incomplete file downloads, unexplained error messages, or a conflict with a software firewall, please place the following directives in httpd.conf to see if they eliminate the issue:

EnableSendfile Off
EnableMMAP Off
Win32DisableAcceptEx

The general problem is that many people install various add-ons to windows (such as software firewalls, virus checkers, etc) that break some of the advanced functionality that Apache uses to speed the sending of files. The above directives turn off the advanced functionality and make Apache fall back to more basic (but slower) techniques

EndQuote

These directives fixed the problem once apache was stopped, then started up again.

#####Background
There are two files needed for to password protect directories in Apache – a .htaccess file and a password file.

This is a rudimentary solution – simple and effective security measure to password protect a portion(s) of a site.

This tutorial is written for windows users – however this method and format will work on any system Apache is installed. Unless the login and password authentication is running over SSL or TLS, your login, password, and any other information is sent as plain text. Any network sniffer can capture this information – especially easy over wireless with no security or using WEP. You have been warned.

#####Setup
* `.htaccess` – tells apache certain directives for a directory. Here it will authenticate users with a specific password file. The .htaccess file goes in the directory you want to protect. You can place copies of it anywhere you want login/password security – as long as an absolute path for the password file is used. Any directive that has spaces must be enclosed in “quotes like this”, as is done below for AuthName and AuthUserFile.

* `password.file` – the file with the users and hashed password

#####Usage
The file `.htaccess` needs to be created at the command line in Windows. Windows explorer will say `.htaccess` is not a valid file name. One can use notepad/wordpad/etc to edit the file.

AuthType Basic
AuthName "Directory Access"
AuthUserFile "C:\Program Files\Apache Group\Apache2\etc\passwd.txt"
require valid-user

* `passwd.txt` file: This file can be called anything, I used `passwd.txt`.
* `htpasswd.exe` added block characters to the file, I removed them using text editor. The “/” will work in windows for directories. htpasswd runs at the command line.

C:\APACHE\BIN>htpasswd -c ../etc/passwd.txt bert
Automatically using MD5 format.
New password: mypassword
Re-type new password: mypassword
Adding password for user bert

C:\APACHE\BIN>htpasswd ../etc/passwd.txt ernie
Automatically using MD5 format.
New password: hispasswd
Re-type new password: hispasswd
Adding password for user ernie

Uncomment the line containing `LoadModule` in `httpd.conf` so it looks as below

LoadModule rewrite_module modules/mod_rewrite.so

Put the `.htaccess` file in the directory(ies) to be secured and you are set.