Apache Http Server 2.2

Posted on  by



In my previous post I mentioned that I would create installers for any future versions of the Apache HTTP Server. And so, here I am providing 32 bit and 64 bit windows binaries for the Apache HTTP Server 2.2.14. The latest version as of this writing. Download Apache 2.2. In this article, we use Apache 2.2.14 to demonstrate the installation process. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a.htaccess file, and then inserting an exec element in a.shtml file. Here is a list of Apache HTTP server related pages: Apache HTTP server home page; Apache HTTP server download page; Apache for Windows documentation page; Step 1: Download Apache 2.2. In this article, we use Apache 2.2.14 to demonstrate the installation process. Other 2.x versions have very similar installation steps.

2.4

Upgrade Apache HTTP Server 2.2 to 2.4 in RHEL 6 or 7 and CentOS 6 or 7

Download

Authored by: Rackspace Community

Http

If you recently performed a compliance security scan, the results might looklike the following example:

Depending on the code base, Apache® HTTP Server might have alreadymitigated these security issues. The scan checks the version of Apache that isinstalled on the server to determine if the security issue is resolved.However, some compliance security scans only use the version of Apache todetermine if the server is vulnerable to Common Vulnerabilities and Exposures(CVE), rather than detecting vulnerabilities directly.

Such scans almost always generate a false positive. If automatic updates areenabled, the version might remain the same, even if the vulnerability ispatched in another release. As a result, the scan might mark the vulnerabilityas positive. This result might also be the case if your provider’s scans suddenlyshow that your server is no longer vulnerable to vulnerabilities that thescans have previously identified.

If your security audit reveals that your compliance security scans only usethe version of Apache to identify vulnerabilities on your Apache2 server, usethe following steps to edit the configuration file for your Hypertext TransferProtocol daemon (HTTPd):

  1. Open your /etc/apache2/conf.d/httpd.conf file in an editor.

  2. Add the following lines and remove the version information:

    Note: Your server shouldn’t provide a version signature, and yourpenetration testing company should recommend that you disable versions.

End

Perform the update from Apache 2.2 to Apache 2.4

Use the following steps to update Apache 2.2 to Apache 2.4:

  1. Run the following command to stop your HTTPd and any monitoring processessuch as Nimbus if you want to avoid alerts:

  2. Run the following commands to back up your virtual host configurations,ensuring that you include any additional directories that you addedyourself, such as vhost:

  3. Run the following command to install the yum-plugin-replace package,which is used to resolve package conflicts during package replacement:

    Note Before you proceed, run the following commands to check theversion that is installed and the version that you want to install:

    Your output should appear similar to the following example, which uses thecommand yum info httpd24u.x86_64:

  4. Install HTTPd 2.4 by running the following command:

  5. You must also install Lightweight Directory Access Protocol (LDAP) byrunning the following command:

  6. In Apache 2.4, you must now use Require directives for Internet Protocol(IP) access restriction instead of Order, Deny, and Allow. As aresult, you need to change the Order, Deny,and Allow statements in your /etc/httpd/conf.d/server-status.conf fileto use Require statements. Because you might have these in the.htaccess files for other websites, ensure that you check your documentroots carefully to avoid breaking your websites due to missing Requiredirectives.

    Your existing /etc/httpd/conf.d/server-status.conf file should appearsimilar to the following example:

    Replace the Order, Deny, and Allow statements with the configurationshown in the following example:

    Note: This syntax change also applies to the virtual hosts in yourconf.d and httpd.conf vhost configurations.

  7. Change the Order, Deny, and Allow statements in your conf.d file toRequire statements in the following way:

  8. In the same file, also change Options -Indexes FollowSymLinks toOptions -Indexes +FollowSymLinks.

  9. In your /etc/httpd/conf/httpd.conf file, change the Order, Deny, andAllow statements to Require statements, as shown in step 7. Google image downloader mac.

  10. In the /etc/httpd/conf/httpd.conf file, also comment out theLoadModule directives for modules that are no longer used, as shownin the following example:

  11. Edit the /etc/httpd/conf/httpd.conf file to add the following line withthe other authz modules:

  12. Add the following lines of code to the bottom of the block of LoadModulestatements:

(Optional) Download a compatible version of the Adobe Experience Manager (AEM) Dispatcher module

If the HTTPd installation uses the Adobe® Experience Manager (AEM) Dispatchermodule, you must use the following steps to download the file that’scompatible with Apache HTTP Server 2.4:

Apache Http Server 2.2.14

  1. Run the following commands to extract thedispatcher-apache2.4-4.1.11.so file from the Tape ARchive (TAR) file into/etc/httpd/modules/. Only this file is used.

  2. Because SSL Mutex is deprecated, you need to edit the/etc/httpd/conf.d/ssl.conf file to change SSLMutex default toMutex default.

For more details, see the Apache documentation about the MutexDirective.

Critical: Restart the HTTPd

After you complete the steps in this guide, you must restart the HTTPd andverify that it is enabled and running by using the following steps:

Download

  1. Run the following command to restart the HTTPd:

  2. Ensure that the service is enabled and running, and re-enable anymonitoring that was enabled before:

    • On CentOS® 7 or Red Hat® Enterprise Linux (RHEL) 7, run the followingcommands:

    • On CentOS 6 or RHEL 6, run the following commands:

©2020 Rackspace US, Inc.

Apache Http Server 2.2.15 Download

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License