Apache: Use mod_deflate.

   Yesterday, I changed several settings in Apache conf file.

   Open the httpd.conf.

  1. Uncomment the line to use the module mod_deflate for HTTP compression.
          LoadModule deflate_module modules/mod_deflate.so
  2. Uncomment the line to use the directive AddOutputFilterByType
          LoadModule filter_module modules/mod_filter.so
  3. Uncomment the line to use the directive Header
          LoadModule headers_module modules/mod_headers.so
  4. Uncomment the line to use the module mod_expires.
          LoadModule expires_module modules/mod_expires.so

   Add the next lines to the httpd.conf. About this, I have something not to understand, though.
      # Enables generation of Expires headers
      ExpiresActive On
      # expire images and some applications after a month in the client’s cache
      ExpiresByType image/gif A2592000
      ExpiresByType image/jpeg A2592000
      ExpiresByType image/png A2592000
      ExpiresByType text/javascript A2592000
      ExpiresByType text/css A2592000
      ExpiresByType application/javascript A2592000
      ExpiresByType application/x-font-woff A2592000
      # HTML documents are good for a week from the time they were changed
      ExpiresByType text/html M604800
      ExpiresByType text/plain M604800
      ExpiresByType text/xml M604800
      # Enabling Compression
      AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css application/javascript
      BrowserMatch ^Mozilla/4 gzip-only-text/html
      BrowserMatch ^Mozilla/4\.0[678] no-gzip
      BrowserMatch \bMSIE\s(7|8) !no-gzip !gzip-only-text/html
      # Make sure proxies don’t deliver the wrong content
      SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ dont-vary
      Header append Vary User-Agent env=!dont-vary

An access control after such a long time-#2.

   About seven months ago, I made an Apache extra conf file “access-denied.conf” like this. Today, I’ve modified it to control accesses to the directory “wp-admin”.

   I opened the access-denied.conf and changed the text like this.

<Files “wp-login.php”>
  Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> New: <Files "wp-login.php">   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> <Directory "drive_DC:/WEB/htdocs/wp-admin">  <<--- drive_DC:/WEB/htdocs/ is my DocumentRoot.   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name   <Files "wp-admin-ajax.php">     Require all granted   </Files> </Directory>    I excluded the file "admin-ajax.php" from this deny rule, because the plugins which use the Ajax features need it (Ref:「Re: WordPress使いならこれだけはやっておきたい本当のセキュリティ対策10項目」). Actually, I examined plugins on my WordPress, and found some of them used the hook wp_ajax_(action). So, I needed to exclude the file from the rule.

   The rule works well. (^^)

To create a Wamp-like Web Server in Windows7-#1.

Update information      Edit(Aug.11)

   Yesterday, I had the PC which was installed Windows7HP+SP1(x86) as I wrote the article. It is good for me to create a new Wamp-like Web Server.

   First I make two partitions. One for server wares(Drive_SV), another for other files(drive_DC).

   By the way, during creation, Windows Firewall gives alerts several times. At the time, confirm and open required ports. Well, let me get started.

The installation of the Apache HTTP Server.

  1. Download httpd-2.4.6-win32-VC11.zip.
    It requires VC11. So, I downloaded and installed vcredist_x86.exe.
    Extract the Zip archive.
  2. Customize the httpd.conf file in extracted files (Location:Apache24\conf\).
      Default Custom
    1 ServerRoot “c:/Apache24” ServerRoot “Drive_SV:/Apache24”
    2 ServerAdmin admin@example.com ServerAdmin My email address
    3 #ServerName www.example.com:80 ServerName xxx.xxx.xxx.xxx:80
    4 DocumentRoot “c:/Apache24/htdocs” DocumentRoot “drive_DC:/WEB/htdocs”
    5 <Directory “c:/Apache24/htdocs”> <Directory “drive_DC:/WEB/htdocs”>
    6 Options Indexes FollowSymLinks Options FollowSymLinks
    7 ErrorLog “logs/error.log” ErrorLog “|bin/rotatelogs.exe -l -f logs/error.%Y.%m.%d 86400”
    8 CustomLog “logs/access.log” common # CustomLog “logs/access.log” common
    9 #CustomLog “logs/access.log” combined CustomLog “|bin/rotatelogs.exe -l -f logs/access.%Y.%m.%d 86400” combined
    10 ScriptAlias /cgi-bin/ “c:/Apache24/cgi-bin/” ScriptAlias /cgi-bin/ “drive_DC:/WEB/cgi-bin/”
    11 <Directory “c:/Apache24/cgi-bin”> <Directory “drive_DC:/WEB/cgi-bin”>
    12 Require all granted Require ip Lan IP range (Access control to cgi-bin directory)
    13   ServerTokens Prod
  3. Move the directory Apache24 to Drive_SV.
  4. Run a cmd.exe as an Administrator.
    >cd Drive_SV:\Apache24\bin
    >httpd.exe -t
    If having error messages, you have to fix them before continuing procedures.

    Install as a Service:
    >httpd.exe -k install
    Make an ApacheMonitor.exe shortcut in the Windows Startup folder. Start Apache.

  5. Move index.html from Apache24/htdocs to drive_DC:\WEB\htdocs
    Access http://xxx.xxx.xxx.xxx/ from a web browser.
    If you have “It works!”, the installation is complete.
  6. Remove index.html.

   These days, I was in trouble because my Apache sometimes made no response. At that time, I think the error log gave me the message “(OS 64)The specified network name is no longer available. : AH00341: winnt_accept: Asynchronous AcceptEx failed.”, so I added the next lines my httpd.conf. (Ref:AcceptFilter Directive)

   <IfModule mpm_winnt_module>
      AcceptFilter http none
      AcceptFilter https none

An access control after such a long time.

   Today, I set an access control for my wp-login.php after such a long time. The reason why I want the AWStats everyday report except for the number of unauthorized accesses for the file wp-login.php.

   About this, I’ve not care for a long time. Because, my sever applications are nearly always up-to-date and its user is just me. But recently, I have a lot of unauthorized accesses for the file wp-login.php than before. I think that the number of them increased after I wrote the post “Snow falling on my blog.“. It is too much and so boring.

   I made a file access-denied.conf like the following and put it into my Apache extra-conf directory. The file also includes some IP addresses I want to deny. Now, it works. Great!!

<Files “wp-login.php”>
Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses </Files> <Directory "G:/WEB">   <<--- G:/WEB is my document root. <RequireAll> Require all granted   <<--- I forget to write here, so added on Mar.1st. Require not ip xxx.xxx.xxx.xxx/xx Require not ip yyy.yyy.yyy.yyy/yy </RequireAll> </Directory>