• Posted by admin

Introduction

I would have to say that mod_rewrite is probably one of the most powerful features of an Apache web server.  It allows you to have an incoming http request:

frozen_apples.html

to be re-written as

index.php?p=frozen_apples

This is a powerful additional level of security for your web site, as visitors will not be able to see the inner workings of your web server through the query string or page headers.  It can even hide the scripting engine that your website is running on.

In this example, I will be using PHP as the scripting language.

Setup

httpd.conf

mod_rewrite is a module that is by default, enabled in an apache web server installation.  You will want to check that the line:

load module mod_rewrite

is uncommented.

You’ll need your web server that you are hosting your site on to be able to allow overrides to Apache’s main settings.  You will have to edit your httpd.conf file.  For brevity, I only list the settings that are important to setting up mod_rewrite.

<VirtualHost *>

AllowOverride All

</VirtualHost>

This tells the Apache web server, that for this particular virtual host, allow overrides to the default apache settings as specified in httpd.conf.

.htaccess

You will have to create a .htaccess file (if you haven’t already) in your website’s root (/) directory.  The .htaccess file is where all the magic happens with mod_rewrite.

Example code to get things working…

RewriteEngine on

RewriteRule ^old(regular_expression).html$  new.php?id=$1

Regular expressions

Regular expressions play an important part in mod_rewrite.  They allow you to specify the exact format of the document name request.  This is incredibly powerful and important for web sites and appications that have a database backend.  A common web server attack called SQL Injection, attempts to insert database commands via page headers or a query string into the database.  If proper security and form validation isn’t implemented on the site, the results of this attack can be disasterous.  Using mod_rewrite to modify query strings, and obstruficate the user’s ability to see what technology is on the server, highly improves a security risk like SQL Injection.

On a form submitted to the web server which interacts with a database - the intruder tacks on SQL code to one of the form fields using ‘;’.

By filtering the form submission using mod_rewrite, we can disallow at the server level, what is an acceptable character and what is not. 

Another important point in our example here is mod_rewrite’s ability to filter and copy string data from the first url we specify to the next.

In the first filename, the regular expression sub-string that is contained between the brackets will transfer to the variable value $1 in the second string.

e.g.

RewriteRule ^([a-z]+).html$ index.php?article=$1

new.html would become index.php?article=new

Further Reading:

This tutorial only scratches the surface with mod_rewrite.  Here are some links to further your study with mod_rewrite.

mod_rewrite

apache official module documentation

regular expressions

Regular Expression Library





  • Posted by admin

In the life of a computer system (or computer systems), you will have failure.  It is inevitable.  No operating system is perfect, and will provide 100% uptime.  You can get very close, but inevitably, the chain will break at its weakest link.

This post is about that ‘getting very close’.

Designing your network / system

Don’t base your network completely on one operating system.

Diversity is truly the key to making a system more secure.  If you have a virus, or perhaps a piece of buggy software on multiple identical systems, it will fall like dominoes.  While it is somewhat easier to manage computers that all use the same operating system, a network is considerably more robust with multiple systems.

Consider a component stereo system vs a ghetto blaster.   If one component like the DVD player, speakers, or the cassette player (yes, admit it, you still have one) goes on the fritz - the other components still function.  A broken ghetto blaster?  Might as well buy a new one, and this is where the metaphor breaks down, because computers are great deal more expensive and time consuming to set up, than a portable stereo system.

US Army finds security in the Mac

- use operating systems to their strengths and your budget

- if you do use multiple operating systems in your work (or play) consider a dual or triple boot system.  This can also be a lifesaver if something goes wrong with one of your OSes.

What is becoming more popular these days in the software development is the use of virtual machine software to run multiple ‘virtual’ computers on a single machine.  You now have the option of running multiple operating systems on your WIndows, Mac or Linux machine without all the hardware.  You can test multiple environments for your application (or website), or run all your favorite server software all on one machine.

VM Ware

Each virtual machine has an image of itself - sort of like taking a picture of its hard drive and hardware setup.  The great part about a virtual machine is, if the image ever gets corrupted, all you do is re-install the original backup image of the computer, and you are off and running again.

Have a backup plan

No, not just a piece of backup software - an actual plan.

If you have one computer:

- back up at least once a week, to a removable hard drive, or flash drive

- make incremental backups using a DVD burner as well

There are a number of affordable (and automatic) consumer backup systems out like Apple’s Time Machine and HP’s Media Server.  Find the one right for you and your computers.

if you have multiple computers on a network:

- back up all important files on each computer, to a central storage server

- use two removable hard drives for backup

- use one hard drive for backup one week, and the other next week

- keep one hard drive off site at all times.

- on your computer’s hard drives, split it up into ’system’, ‘programs’ and ‘data’ partitions

We all have the nasty habit of filling up our hard drives with clutter, and we don’t pay attention, until that fateful day our computer says our hard drive is too full.  Having your hard drive broken up across multiple partitions, (and not saving on the ’system’ partition) allows you to be able to still run your computer, if the ‘data’ partition gets full.

- install anti-virus software and schedule it to run a full system scan once a week (on each computer)

- if you do computer programming, use a version control system (and back that up as well)

Security

- get a router/firewall

Preferably both a hardware-based firewall, and a software-based firewall for all your computers.

- use strong passwords for all your systems

Crackers (people who break into computer systems) use an automated program which rifles through commonly used passwords to break into systems.  I used to have a linux server at my house, and on occassion I would see these long lists of ‘dictionary words’ that they use to try to get ‘root’ access to my system.  Not once did anyone get in.  My secret?  Strong passwords.

Use upper and lowercase letters in your password, as well as punctuation and numbers.  If you have trouble remembering complex passwords, use a l33t-like password (the letter ‘E’ is replaced by the number 3).   These passwords are more random in nature and thus harder to figure out.

If you run Windows, have a knowledgeable technical person go through a security checklist to plug the security leaks, and shutdown programs that run in the background that you may not actually need running.

Summary

I’ve listed a few of the ways here to get your system (or systems) setup for the long haul.  Diversity is a good defense against failure.  Plan your strategy to backup your computers.  Have firewalls in place.  Don’t use ‘admin’ or ‘god’ for a password.  And keep your stick on the ice. ;-)