Tag Archives: Apache

Apache – prevent SQLite DB from download

If you are using SQLite for your website as backend database then it is important to prevent others from downloading the entire database, since SQLite is a file then it can be solved by denying access to the file from the web by this .htaccess rule

RewriteEngine On
RewriteCond %{REQUEST_URI} (.*).db [NC]
RewriteRule ^(.*)$ 404.html [R=404,L]

The rule will prevent access to all files with .db in the name, that will prevent download of files like blog.db mydatabase.db etc.

In my example it will redirect to a 404.html page

Your php script is running inside the server and will still have access to your database files as long as it has the correct unix fileaccess

How to get an SSL A+ rating with Apache

If you need a high rating with tests like https://www.ssllabs.com then i have an example on a working configuration that will get you the A+ score.

I’m using letsencrypt for my SSL site but you can use any certificate to get the result.

<VirtualHost *:80>
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
Redirect / https://www.pvangsgaard.com/
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
CustomLog /var/log/apache2/pvangsgaard.com.access.log combined
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
DocumentRoot /home/pva/public_html/pvangsgaard.com
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLEngine on
SSLHonorCipherOrder on
SSLCertificateFile    /etc/letsencrypt/live/pvangsgaard.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pvangsgaard.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/pvangsgaard.com/fullchain.pem

Remember to enable headers with:

a2enmod headers
systemctl restart apache

I have also made an example for NGINX at this url https://www.pvangsgaard.com/2018/02/22/how-to-get-an-a-rating-with-100-score-on-the-ssllabs-test-with-nginx/

How to configure HSTS on Apache

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.

Here is how to enable it on Apache2

1. Enable mod_headers

a2enmod headers

2. Add the additional header to the HTTPS VirtualHost directive. Max-age is measured in seconds. Put this into your VirtualHost *:443 section

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

apache | redirect from http to https

I found this guide to how to redirect http to https on the apache wiki


I use it within the virtualhost container like this

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

ServerAdmin webmaster@somesite.tld
ServerName somesite.tld
ServerAlias www.somesite.tld
DocumentRoot /home/somesite/public_html

ErrorLog /var/log/apache2/somesite.tld-error.log
CustomLog /var/log/apache2/somesite.tld-access.log combined

DocumentRoot /home/somesite/public_html

ErrorLog /var/log/apache2/somesite.tld-error.log
CustomLog /var/log/apache2/somesite.tld-access.log combined

Then you can have your ssl <virtualhost *:443> section

That ensure that if another application like wordpress wan’t to write something to .htacces then it will not we overwritten.

How To use Apache Bench for Simple Load Testing

If you wan’t to do a simple loadtesting of your site, then i will recommend using Apache Bench, it’ simple to install

Installing Apache Bench

sudo apt install apache2-utils

Suppose you wan’t to test if your site can handle 100 request with 10 concurrent users.

ab -n 100 -c 10 https://www.pvangsgaard.com/

I got this result…took only 6 sec to handle 100 requests