Archive for category apache

SSH Tunnel Bypassing Transparent proxy using apache

A feature of the apache webserver is that it allows to to create a SSH connection through a transparent proxy / firewall. This is a stealth technic so no one will see it even in a large company network. Only IPoAC is able to interference this.

If you have internet access to port 80 (http) or 443 (https) you can establish a SSH connection to one of that ports. Proxys want the users to surf the web. most of the proxyes will only let their users through the paths they know safe (or whatever filtering their administrators may have set). In the best scenario, the proxy will not allow one particular HTTP method called CONNECT. This method is the one used for SSL / TLS protocol. It establishes a tunneled connection between the client and a remote server, through the proxy server. Since it is used by SSL / TLS, some proxys will let the CONNECT method free to certain sites, and most probably only on port 443.

Apache plus mod_proxy module will let us set up an HTTP server listening on port 80, and at the very same time an HTTP proxy. The proxying part is done by mod_proxy. This module turns Apache into a fully functional HTTP forward-proxy and reverse-proxy. the exciting feature of mod_proxy is its ability to handle the CONNECT method. It will even handle it if the transparent proxy, at the boundaries of our enterprise network, does not allow the CONNECT method. This, because we will talk GET and POST with Apache, the CONNECT thing happens inside Apache, and outside of the control of the enterprise proxy. The end result: we can use the CONNECT method.

Client side

  • SSH Client
  • Proxyclient

server side

  • apache webserver 2.x

This is an example virtual host configuration which I used for testing this implementation.

<VirtualHost *:80>
ServerName proxy.mydomain.com
ProxyRequests On
AllowCONNECT 22

<Proxy *>
Order deny,allow
Deny from all
</Proxy>

<ProxyMatch (host1|host2)\.mydomain\.com>
Order deny,allow
Deny from all
#Now we allow only our IP to access. Note that this IP must be the  public IP address of the enterprise proxy:
Allow from 222.22.22.100
</ProxyMatch>

# This directive enables DNS lookups so that host names can be logged. The  value Double refers to doing double reverse DNS lookup.
#That is, after a  reverse lookup is performed, a forward lookup is then performed on that  result. At least one of the IP addresses in the forward lookup must  match the original address. It is paranoid but is a good security  measure

HostnameLookups Double

ErrorLog /var/log/apache2/proxy.error.log
CustomLog /var/log/apache2/proxy.access.log common
</VirtualHost>

And now, the final step: configure our browser to use 127.0.0.1 on port 8080 as proxy. Finally we can login to our SSH server and try pointing our browser to any website we know blocked by the enterprise transparent proxy!

I know I left the part setting up apache and proxy, but this isn’t a tutorial for noobs ;-)

This is the BEST part of using Apache. You can set it up as normal web server, serving some webpage. This way whoever point to mydomain.com will see a normal and harmless website, and won’t be able to distiguish it from a non-proxying server.

Tags: , , , , , ,

reverse proxy for utorrent

Using the web UI for utorrent is a fine thing. But the webserver from utorrent is not secure. So it is recommend to use apache as reverse proxy. I tried to change the url, but I wasn’t successful.

Here the set up of cause inside a vhost.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ProxyPass /gui/ http://localhost/gui/
ProxyPassReverse /gui/ http://localhost/gui/

Tags: , , , , , , ,

roundcube dislikes PHP 5.3

The current stable version ( 0.3) and the latest beta (0.4 beta) of roundcube dislike my upgrade tp PHP 5.3 All other applications run fine, but roundcube. Searching in the logs showed me that there are some PHP 4 code is used and often PHP 4 coding style. The manual says that at least PHP 5.2 must be used or greater. Super, since it does work with 5.3

Good that I’m a PHP developer myself and I found the places in the code I had to change. I had no fun to rewrite the whole code to PHP 5 style. So I just fixed it.What I have changed?

program/lib/MDB2.php on line 392
program/lib/MDB2.php on line 2614
program/lib/PEAR.php on line 563
program/lib/PEAR.php on line 566

By removing the “&”. I also searched for “=&” and replaced it with “=”. Quick and maybe dirty, but now I can check my mails again. I wonder how say you have to use PHP 5.2 or greater and still using that crap code?

Tags: , , , , , ,

Changed to worker mpm

Today I changed my server to from prefork mpm to worker mpm.

There are only some issues: in my phpmyadmin I had to set auth from http to cookie. And PHP_ADMIN_VALUE don’t work in the vhosts.

How to install it:

sudo apt-get install apache2-mpm-worker libapache2-mod-fcgid

In the single vhosts

Options Indexes ExecCGI
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php

So that isn’t hard to do.

Well I would like to have a windows server with apache which is also threaded like worker mpm, but there is no cheap hoster for that yet. At home have that server is not an option cause of the small upload I have with my DSL, the coast of energie and where the hell should I put that server in my small apartment to that I still can sleep?

Tags: , , , , , , , , ,

Apache windows win64 x64 win32 x86 vc9 download

Apache binaries for windows in 64 bit and 32 bit can be found at apachehaus. I think here is a benefit using Visual Studio 9 aka Visual Studio 2008 instead of VS6. I use Visual Studio 2008 to obtain higher performance and better stability than the binaries built by the Apache Software Foundation.

Binaries are built using the latest versions of the Apache Portable Runtime, OpenSSL and Zlib compression library. OpenSSL and Zlib are built using the optional assembly routines for added performance in the SSL and deflate modules.

Different to other pages for apache on windows apachehaus also offers the httpd with IPv6.

Tags: , , , , ,

compile zlib 1.2.4 on 64 bit Windows command line

nmake -f win32\Makefile.msc

Tags: , , , , , , ,

compile zlib 1.2.4 on Windows command line

cd  contrib\masmx86
bld_ml32
cd ..\..
ML /coff /Zi /c contrib\masmx86\match686.asm
NMAKE -f win32\Makefile.msc  LOC="-D_CRT_SECURE_NO_DEPRECATE /wd4996 -DASMV" OBJA="match686.obj"
MT -manifest zlib1.dll.manifest -outputresource:zlib1.dll;2 

Tags: , , , ,

remove /MACHINE:X86 from make files with php

I use PHP on the command line cause I know it the syntax better than any other scriting language and it works on linux and windows. This is about removing the x86 to be able to build apache in x64 (64 bit) on windows.

<?php
$files=array(
 "srclib/apr/libapr.mak",
 "srclib/apr-iconv/build/modules.mk.win",
 "srclib/apr-iconv/libapriconv.mak",
 "srclib/apr-util/dbd/apr_dbd_freetds.mak",
 "srclib/apr-util/dbd/apr_dbd_mysql.mak",
 "srclib/apr-util/dbd/apr_dbd_odbc.mak",
 "srclib/apr-util/dbd/apr_dbd_oracle.mak",
 "srclib/apr-util/dbd/apr_dbd_pgsql.mak",
 "srclib/apr-util/dbd/apr_dbd_sqlite2.mak",
 "srclib/apr-util/dbd/apr_dbd_sqlite3.mak",
 "srclib/apr-util/dbm/apr_dbm_db.mak",
 "srclib/apr-util/dbm/apr_dbm_gdbm.mak",
 "srclib/apr-util/ldap/apr_ldap.mak",
 "srclib/apr-util/libaprutil.mak"
);
foreach($files as $file){
 if(file_exists($file)){
 echo "Replace in: ". $file ."\n\r";
 file_put_contents($file,str_ireplace(" /MACHINE:X86","",file_get_contents($file)));
 }
 else
 {
 echo "FAILED: ". $file ."\n\r";
 }
}
?>

Tags: , , , , ,

Compile apache from the source on Windows

Needed tools

Sources

Unix sources require a couple steps to prep source first. Once they are untarred on the hard drive.

create a folder.

C:\builds

extract apache sourcecode into it.

e.g.

C:\builds\httpd-2.2.14

unpack zlib-1.2.3.tar.gz and move it into C:\builds\httpd-2.2.14\srclib\zlib
unpack apr-iconv-1.2.1.tar.gz and move it intoC:\builds\httpd-2.2.14\srclib\apr-iconv
unpackopenssl-0.9.8l.tar.gz and move it into C:\builds\httpd-2.2.14\srclib\openssl

open cmd

cd \
cd builds\httpd*
“C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\bin\vcvars32.bat”

del /s /q *.sln *.vcproj*
srclib\apr\build\lineends.pl
zip -R dsps.zip “*.dsp” “*.dsw”
unzip -a -o dsps.zip
srclib\apr\build\cvtdsp.pl -2005

cd  srclib\zlib
ML /coff /Zi /c contrib\masm686\match.asm
NMAKE -f win32\Makefile.msc  LOC=”-D_CRT_SECURE_NO_DEPRECATE /wd4996 -DASMV” OBJA=”match.obj”
MT -manifest zlib1.dll.manifest -outputresource:zlib1.dll;2

cd ../..

cd srclib\openssl
perl Configure VC-WIN32 –prefix=/Apache22 –openssldir=/Apache22/conf enable-camellia disable-idea
ms\do_nasm
nmake /f ms\ntdll.mak


edit test.bat remove md2 and idea test

nmake /f ms\ntdll.mak test

close the console.

Open Apache.dsw with VS8/VS9 and answer “Yes to All” to the “convert projects” question
Close the Apache.dsw solution in VS8/VS9 and open Apache.sln
Select relase win32

Now build InstallBin

Test your build

Archives by Subject:

Archives by Month: