Tag: Web Server

How to show all errors in PHP 8

How to display all errors in PHP 8

By default, PHP 8 disables showing errors, so if there is a problem while executing a PHP script, nothing will be displayed on the screen. If an error in the program occurred before the output of the HTML code, then you will see a white screen of the web browser.

Where is the error output configured in PHP

Error output is configured in:

  • script code
  • .htaccess file
  • in the PHP configuration file (for example, in php.ini)

The settings in the script code only affect the behavior of the program in which the settings are made.

The settings in the .htaccess file affect all scripts in that directory and subdirectories.

The settings in the php.ini configuration file affect all PHP scripts that are run unless their error output settings are overridden.

Remember that error reporting is very useful while writing and debugging code, but on production servers, error reporting should be turned off to prevent sensitive data from being leaked and making it harder for an attacker to hack the site.

Configuring error output in PHP script

To display all errors, add the following lines to the beginning of the script:

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

These settings enable the output of all errors and warnings to the user's web browser.

Warnings about the use of deprecated constructs will be displayed.

Error output to the web server logs is configured separately.

Remember that if fatal errors occur, that is, when the script could not even run due to incorrect PHP syntax, then the rules specified in the php.ini or .htaccess file will be used to output errors. This is due to the fact that if the syntax is incorrect, the PHP interpreter does not understand the entire file, including the above directives. That is, if a semicolon or a curly brace is missing in the code, then errors will be displayed in accordance with the settings in the php.ini file.

Configuring PHP error output in .htaccess file

Enabling error output in the .htaccess file is done by the following directives:

php_flag display_startup_errors on
php_flag display_errors on

For them to work, the web server must have .htaccess files enabled.

Error output to the web server log is performed by the following directive:

php_value error_log logs/all_errors.log

Setting the output of all errors in the php.ini file

The php.ini file is the PHP configuration file.

PHP can use more than one configuration file during its operation.

Location of php.ini file:

  • In Debian and derivative distributions (Ubuntu, Linux Mint, Kali Linux and others), it depends on the PHP version, for example, for PHP 8.1 the path to the file is: /etc/php/8.1/apache2/php.ini
  • On Arch Linux and derivative distributions (Manjaro, BlackArch and others): /etc/php/php.ini

In the php.ini file you will find the following directives:

display_errors = Off
display_startup_errors = Off

To enable error reporting, replace them with:

display_errors = On
display_startup_errors = On

The default value of error_reporting is set to:

error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

This means that all errors are printed except for deprecation warnings and warnings caused by strict code checking.

To display all errors and warnings, set the following value:

error_reporting = E_ALL

Common Values:

  • E_ALL (Show all errors, warnings and notices including coding standards.)
  • E_ALL & ~E_NOTICE (Show all errors, except for notices)
  • E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
  • E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)

See the link for details: https://www.php.net/manual/errorfunc.constants.php

In order for the changes made in the php.ini file to take effect, a restart of the web server is required.

  • In Debian and derivative distributions (Ubuntu, Linux Mint, Kali Linux and others), this is done with the command:
sudo systemctl restart apache2.service
  • In Arch Linux and derivative distributions (Manjaro, BlackArch and others), this is done with the command:
sudo systemctl restart httpd.service

To check that the php.ini file settings are actually applied, create a file, for example, named info.php and copy into it:

<?php
phpinfo();

If you created the file in the root folder of the web server, in a web browser open http://localhost/info.php.

The following screenshot shows that error output is disabled in the php.ini file:

This screenshot shows that error output is enabled in the php.ini file:

Outputting errors to the web server log

Error output to the web server log is configured in the php.ini file.

The following directive is used for this:

log_errors = On

The location of the error file is configured in the web server configuration.

The “error_reporting('all');» и ошибка «Uncaught TypeError: error_reporting()”

When trying to use the following construct:

error_reporting('all');

You will encounter the Uncaught TypeError: error_reporting() error.

Full error log:

[Wed Jul 06 07:29:19.410966 2022] [php:error] [pid 14101] [client 127.0.0.1:58402] PHP Fatal error: Uncaught TypeError: error_reporting(): Argument #1 ($error_level) must be of type ?int, string given in /srv/http/suip/index.php:3\nStack trace:\n#0 /srv/http/suip/index.php(3): error_reporting('all')\n#1 {main}\n thrown in /srv/http/suip/index.php on line 3, referer: http://localhost/suip/

Instead of 'all' you need to provide a constant expressing the level of the error message. Valid values are provided on this page: https://www.php.net/manual/errorfunc.constants.php

The following entry is correct for PHP 8 and means to show all errors, notes, and recommendations:

error_reporting(E_ALL);

Apache window appears and immediately disappears (SOLVED)

When I click on httpd.exe, a black window flickers and then disappears

Apache (httpd) is a command line utility. Strictly speaking, this is a service that is designed to run in the background without a graphical interface. That is, Apache does not have a graphical interface in the form of a familiar window. Therefore, Windows users may feel that the program starts in an unusual way.

To run the program, you need to open a Windows Terminal window (or PowerShell). To do this, press the key combination Win+x, and select Windows Terminal (Admin):

Then you can proceed in two ways.

The first option: you can simply drag and drop the executable file into the command line window. The executable is httpd.exe.

The second option: on the command line, you can change the current working directory to the one where the Apache executable files are located. For example, my program is located in the C:\Apache24\bin\ folder, to change the current working folder, the cd command is used, after which the folder to which you want to go is indicated, in my case the command looks like this:

cd C:\Apache24\bin\

As you can see from the screenshot, the C:\Users\MiAl folder has been changed to C:\Apache24\bin\.

Now, to run the program, it is enough to type the name of the executable file indicating the current folder. The current folder is indicated by a dot (.), then you need to put a backslash, it turns out like this:

.\httpd.exe

Apache is a network service, that is, a program that uses a computer network for its work. Specifically, Apache listens for incoming connections on port 80 (opens a port). For this reason, the Windows Firewall asks whether to allow access to the Apache HTTP Server program, select “Allow access”.

Already at this stage, the web server is running and you can open the address http://localhost/ in a web browser

To stop the service, press Ctrl+c.

Typically, command-line utilities support various options that can be specified with a space after the executable file name.

Also, utilities usually have built-in help on available options, which can be displayed using the -h option or the --help option.

For example:

.\httpd.exe -h

In addition to command line options, many services are configured using configuration files, which are text files with a specific syntax. For Apache in Windows this is the C:\Apache24\conf\httpd.conf file.

To get a complete web server with all the necessary components, follow the steps from the guide “How to install Apache web server with PHP, MySQL and phpMyAdmin on Windows”.

“Failed - Network error” when exporting from phpMyAdmin (SOLVED)

phpMyAdmin allows ones to export databases and individual tables (as well as individual rows) in the web interface.

In the latest stable version of phpMyAdmin 5.1.3, users encountered a problem when exporting data from tables and databases to a file.

Regardless of the selected settings, instead of downloading the file, an error is shown:

Failed - Network error

This is what the error looks like in a web browser:

This bug has been fixed in phpMyAdmin 5.3, which is available as a snapshot version at the time of writing.

You can download phpMyAdmin 5.3 from the direct link: https://files.phpmyadmin.net/snapshots/phpMyAdmin-5.3+snapshot-all-languages.zip

Or go to the download page of the phpMyAdmin site and select the latest version there: https://www.phpmyadmin.net/downloads/

After unpacking phpMyAdmin in the web server folder, no additional configuration is required - the export of databases and tables works again.

phpMyAdmin error “Deprecation Notice in .\vendor\twig\twig\src\Loader\FilesystemLoader.php#40 realpath(): Passing null to parameter #1 ($path) of type string is deprecated” (SOLVED)

At the time of this writing, the latest release of phpMyAdmin (5.1) is not fully compatible with the latest PHP versions (8.1.1), so the program displays the following deprecated syntax notices:

Deprecation Notice in .\vendor\twig\twig\src\Loader\FilesystemLoader.php#40
 realpath(): Passing null to parameter #1 ($path) of type string is deprecated

Backtrace

.\vendor\twig\twig\src\Loader\FilesystemLoader.php#40: realpath(NULL)
.\libraries\classes\Template.php#57: Twig\Loader\FilesystemLoader->__construct(string 'C:\\Server\\data\\htdocs\\-phpmyadmin\\\\templates\\')
.\libraries\classes\Theme.php#101: PhpMyAdmin\Template->__construct()
.\libraries\classes\Theme.php#174: PhpMyAdmin\Theme->__construct()
.\libraries\classes\ThemeManager.php#307: PhpMyAdmin\Theme::load(
string './themes/metro',
string 'C:\\Server\\data\\htdocs\\-phpmyadmin\\./themes/metro/',
)
.\libraries\classes\ThemeManager.php#79: PhpMyAdmin\ThemeManager->loadThemes()
.\libraries\classes\ThemeManager.php#121: PhpMyAdmin\ThemeManager->__construct()
.\libraries\classes\ThemeManager.php#385: PhpMyAdmin\ThemeManager::getInstance()
.\libraries\common.inc.php#240: PhpMyAdmin\ThemeManager::initializeTheme()
.\index.php#15: require_once(.\libraries\common.inc.php)
Deprecation Notice in .\vendor\twig\twig\src\Markup.php#35
 Return type of Twig\Markup::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice

Backtrace

.\vendor\composer\ClassLoader.php#444: include(.\vendor\twig\twig\src\Markup.php)
.\vendor\composer\ClassLoader.php#322: Composer\Autoload\includeFile(string 'C:\\Server\\data\\htdocs\\-phpmyadmin\\vendor\\composer/../twig/twig/src/Markup.php')
.\tmp\twig\46\46f1bfbf4328d3d22fddffb9178fdeb9868d0740e4cc8b5bbd6f2fcfb8e4523e.php#59: Composer\Autoload\ClassLoader->loadClass(string 'Twig\\Markup')
.\vendor\twig\twig\src\Template.php#405: __TwigTemplate_034511bee5325c368ee003e3d97d6cb47c3e1c94ebb527bcf0b76ba7818d1ac6->doDisplay(
array,
array,
)
.\vendor\twig\twig\src\Template.php#378: Twig\Template->displayWithErrorHandling(
array,
array,
)
.\vendor\twig\twig\src\Template.php#390: Twig\Template->display(array)
.\vendor\twig\twig\src\TemplateWrapper.php#45: Twig\Template->render(
array,
array,
)
.\libraries\classes\Template.php#132: Twig\TemplateWrapper->render(array)
.\libraries\classes\Header.php#714: PhpMyAdmin\Template->render(
string 'javascript/variables',
array,
)
.\libraries\classes\Header.php#193: PhpMyAdmin\Header->getVariablesForJavaScript()
.\libraries\classes\Header.php#142: PhpMyAdmin\Header->addDefaultScripts()
.\libraries\classes\Response.php#184: PhpMyAdmin\Header->__construct()
.\libraries\classes\Response.php#215: PhpMyAdmin\Response->__construct()
.\libraries\classes\Plugins\Auth\AuthenticationCookie.php#102: PhpMyAdmin\Response::getInstance()
.\libraries\classes\Plugins\AuthenticationPlugin.php#275: PhpMyAdmin\Plugins\Auth\AuthenticationCookie->showLoginForm()
.\libraries\common.inc.php#263: PhpMyAdmin\Plugins\AuthenticationPlugin->authenticate()
.\index.php#15: require_once(.\libraries\common.inc.php)
Deprecation Notice in .\vendor\twig\twig\src\Markup.php#40
 Return type of Twig\Markup::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice

Backtrace

.\vendor\composer\ClassLoader.php#444: include(.\vendor\twig\twig\src\Markup.php)
.\vendor\composer\ClassLoader.php#322: Composer\Autoload\includeFile(string 'C:\\Server\\data\\htdocs\\-phpmyadmin\\vendor\\composer/../twig/twig/src/Markup.php')
.\tmp\twig\46\46f1bfbf4328d3d22fddffb9178fdeb9868d0740e4cc8b5bbd6f2fcfb8e4523e.php#59: Composer\Autoload\ClassLoader->loadClass(string 'Twig\\Markup')
.\vendor\twig\twig\src\Template.php#405: __TwigTemplate_034511bee5325c368ee003e3d97d6cb47c3e1c94ebb527bcf0b76ba7818d1ac6->doDisplay(
array,
array,
)
.\vendor\twig\twig\src\Template.php#378: Twig\Template->displayWithErrorHandling(
array,
array,
)
.\vendor\twig\twig\src\Template.php#390: Twig\Template->display(array)
.\vendor\twig\twig\src\TemplateWrapper.php#45: Twig\Template->render(
array,
array,
)
.\libraries\classes\Template.php#132: Twig\TemplateWrapper->render(array)
.\libraries\classes\Header.php#714: PhpMyAdmin\Template->render(
string 'javascript/variables',
array,
)
.\libraries\classes\Header.php#193: PhpMyAdmin\Header->getVariablesForJavaScript()
.\libraries\classes\Header.php#142: PhpMyAdmin\Header->addDefaultScripts()
.\libraries\classes\Response.php#184: PhpMyAdmin\Header->__construct()
.\libraries\classes\Response.php#215: PhpMyAdmin\Response->__construct()
.\libraries\classes\Plugins\Auth\AuthenticationCookie.php#102: PhpMyAdmin\Response::getInstance()
.\libraries\classes\Plugins\AuthenticationPlugin.php#275: PhpMyAdmin\Plugins\Auth\AuthenticationCookie->showLoginForm()
.\libraries\common.inc.php#263: PhpMyAdmin\Plugins\AuthenticationPlugin->authenticate()
.\index.php#15: require_once(.\libraries\common.inc.php)

To stop these notifications, you just need to use phpMyAdmin version 5.2 or later. At the moment, this version can be downloaded from the link https://files.phpmyadmin.net/snapshots/phpMyAdmin-5.2+snapshot-all-languages.zip

How to protect my website from bots

In the article “How to block by Referer, User Agent, URL, query string, IP and their combinations in mod_rewrite” I showed how to block requests to a site that match several parameters at once – on the one hand, it is effective against bots, on the other – practically eliminates false positives, that is, when a regular user who is not related to bots.

It is not difficult to block bots, it is difficult to find their patterns that expose the request from the bot. There should have been another part in that article, in which I showed exactly how I assembled these patterns. I wrote it, took screenshots, but ultimately didn't add it to the article. Not because I am greedy, but I just thought that this was at odds with the topic of an article that was not the easiest one, and, in fact, very few people are interested in it.

But the day before yesterday, bots started an attack on my other site, I decided to take action against the bot… I forgot how I was collecting data)))) In general, so as not to invent commands every time, now they will be stored here)) You might find this useful too.

How to know that a site has become a target for bots

The first sign is a sharp and unreasonable increase in traffic. This was the reason to go to Yandex.Metrica statistics and check “Reports” → “Standard reports” → “Sources” → “Sources, summary”:

Yes, there is a sharp surge in direct visits, and today there are even more of them than traffic from search engines.

Let's look at Webivisor:

Short sessions from mobile devices, strange User Agents (includes very old devices), specific nature of the region/ISP. Yes, these are bots.

Identifying of IP addresses of the bots

Let's look at the command:

cat site.ru/logs/access_log | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | awk '{ print $1 }' | sort | uniq -c

In it:

  • cat site.ru/logs/access_log — read the web server log file
  • grep '"-"' — we filter requests, leaving only with an empty referrer
  • grep -E -i 'android|iPhone' — filter requests, leaving only mobile ones
  • grep -i -E -v 'google|yandex|petalbot' — remove requests from specified web crawlers
  • awk '{ print $1 }' — leave only the IP address (first field)
  • sort | uniq -c — sort and leave unique ones, display the quantity

In my opinion, everything is pretty obvious, all requests come from the same subnet 185.176.24.0/24.

But now is morning, there is still little data, let's check the log of the web server for yesterday:

zcat site.ru/logs/access_log.1 | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | awk '{ print $1 }' | sort | uniq -c

Yes, all bots came from the 185.176.24.0/24 network.

Basically, you can just block this entire subnet and end up there. But it is better to continue collecting data, then I will explain why.

Let's see which pages the bots are requesting:

cat site.ru/logs/access_log | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | grep '185.176.24' | awk '{ print $7 }' | sort | uniq -c

zcat site.ru/logs/access_log.1 | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | grep '185.176.24' | awk '{ print $7 }' | sort | uniq -c

These commands have new parts:

  • grep '185.176.24' — filter for requests from the attacker's network
  • awk '{ print $7 }' — the requested page in my server logs is the seventh column

The bot requests exactly 30 pages.

We return to the article “How to block by Referer, User Agent, URL, query string, IP and their combinations in mod_rewrite” and block the bot.

But in my case, I can get by with blocking the subnet.

In Apache 2.4:

<RequireAll>
	Require all granted
	Require not ip 185.176.24
</RequireAll>

In Apache 2.2:

Deny from 185.176.24

Keep your finger on the pulse

This is not the first influx of bots that I've been fighting, and you need to remember that the owner of bots changes the bot settings after your actions. For example, the previous time it all started with the following pattern:

  • bots requested 5 specific pages
  • all bots were with Android user agent
  • came from a specific set of mobile operator networks
  • empty referrer

After I blocked on these grounds, the owner of bots changed the behavior of the bots:

  • added URL (now 8 pages)
  • iPhone added as User-Agent
  • the number of subnets increased, but bots still came only from mobile operators

I blocked them too. After that, the bot engine added desktops to the user agents, but all other patterns remained the same, so I successfully blocked it.

After that, the bot owner did not change the behavior of the bots, and after some time (a week or two) the bots stopped trying to enter the site, I deleted the blocking rules.

For further analysis

The command for filtering requests from the specified subnet (185.176.240/24), which have a response code of 200 (that is, not blocked) – useful in case bots change the User Agent:

cat site.ru/logs/access_log | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | grep '185.176.24' | grep ' 200 ' | tail -n 10

A variant of the command for compiling a list of IP addresses given at the beginning of this article, but only requests with a response code 200 are taken into account in the command (those that we have already blocked are filtered out):

cat site.ru/logs/access_log | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | grep ' 200 ' | awk '{ print $1 }' | sort | uniq -c

Command for monitoring the latest requests specific to bots:

cat site.ru/logs/access_log | grep '"-"' | grep -E -i 'android|iPhone' | grep -i -E -v 'google|yandex|petalbot' | tail -n 10

How the influx of bots affects the site

This time, I reacted pretty quickly – a day after the attack started. But the last time bots walked around my site for a couple of weeks before I got tired of it. This did not have any impact on the position of the site in the search results.

Error “Composer detected issues in your platform: Your Composer dependencies require the following PHP extensions to be installed: mysqli, openssl” (SOLVED)

This post explains the causes of the error and how to fix it.

When self-installing the web server on Windows, for example, following the guide “How to install Apache web server with PHP, MySQL and phpMyAdmin on Windows”, when trying to open the phpMyAdmin address, an error may occur:

Composer detected issues in your platform: Your Composer dependencies require the following PHP extensions to be installed: mysqli, openssl

It occurs in the latest version of phpMyAdmin (for example, in 5.1.1) in the following cases:

1.

The following line is not added to the php.ini file:

extension_dir = "C:\Server\bin\PHP\ext\"

Open the php.ini file and double-check the value of the extension_dir directive. Depending on the folder where you are installing, you may have a different path instead of "C:\Server\bin\PHP\ext\". This value is correct if you install according to the instructions, the link to which is given above.

2.

The following line are commented in the php.ini file:

extension=mysqli
extension=openssl

Check your php.ini file to make sure these lines are uncommented.

3.

Your system for some reason does not use the settings from the php.ini file, for example, because the php.ini file is named incorrectly.

You can check this by running at the command line:

C:\Server\bin\PHP\php --ini

The output should include the path to the file C:\Server\bin\PHP\php.ini. If it is not, you may not have renamed the file to php.ini or named it php.ini.txt or something.

4.

All the settings in the php.ini file are correct, but the web server has not been restarted, which prevented the settings from being applied.

To restart the Apache web server, run the following command (you may have a different path to the executable file):

c:\Server\bin\Apache24\bin\httpd.exe -k restart

Alternatively, restart your computer.

Conclusion

You can think of more exotic reasons, for example, when copying the PHP executable files, the “ext” folder was not copied. But the essence is always the same: PHP is not configured to use the extensions mysqli, openssl – that is, exactly what the error says.

How to block by Referer, User Agent, URL, query string, IP and their combinations in mod_rewrite

As part of the fight against the influx of bots to the site (see the screenshot above), I had to refresh my knowledge of mod_rewrite. Below are examples of mod_rewrite rules that allow you to perform certain actions (such as blocking) for users who meet a large number of criteria at once – see the most recent example to see how flexible and powerful mod_rewrite is.

See also: How to protect my website from bots

Denying access with an empty referrer (Referer)

The following rule will deny access to all requests in which the HTTP Referer header is not set (in Apache logs, "-" is written instead of the Referer line):

RewriteEngine	on
RewriteCond	%{HTTP_REFERER}	^$
RewriteRule	^.*	-	[F,L]

Blocking access on the part of the user agent

When blocking bots by User Agent, it is not necessary to specify the full name – you can specify only part of the User Agent string to match. Special characters and spaces must be escaped.

For example, the following rule will block access for all users whose User Agent string contains “Android 10”:

RewriteEngine	on
RewriteCond	%{HTTP_USER_AGENT}	"Android\ 10"
RewriteRule	^.*	-	[F,L]

Examples of User Agents blocked by this rule:

  • Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Mobile Safari/537.36
  • Mozilla/5.0 (Linux; Android 10; Redmi Note 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Mobile Safari/537.36

How to block access by exact match User Agent

If you need to block access to the site by a certain User Agent with an exact match of the name, then use the If construct (this does not apply to mod_rewrite, but do not forget about this possibility):

<If "%{HTTP_USER_AGENT} == 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)'">
	Require all denied
</If>

<If "%{HTTP_USER_AGENT} == 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0'">
	Require all denied
</If>

<If "%{HTTP_USER_AGENT} == 'Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.9.0'">
	Require all denied
</If>

If is available since Apache 2.4.

Denying access to certain pages

The %{REQUEST_URI} variable includes everything that goes after the hostname in the request (but does not include what comes after the question mark in the URL), using it you can filter requests by URL, query string, file names or parts of them. For example:

RewriteEngine	on
RewriteCond	%{REQUEST_URI}	"query-string"
RewriteRule	^.*	-	[F,L]

Despite the fact that in the logs of the Apache web server some characters, including Cyrillic, are displayed in URL encoding, you can specify Cyrillic or other letters of national alphabets in these rules. For example, the following rule will block access to an article with the URL https://site.ru/how-to-find-which-file-from/:

RewriteEngine	on
RewriteCond	%{REQUEST_URI}	"how-to-find-which-file-from"
RewriteRule	^.*	-	[F,L]

If you wish, you can specify several URLs (or their parts) at once. Each search string must be enclosed in parentheses; the parenthesized strings must be separated by | (pipe), for example:

RewriteEngine	on
RewriteCond	%{REQUEST_URI}	"(windows-player)|(how-to-find-which-file-from)|(how much-RAM)|(how-to-open-folder-with)|(7-applications-for)"
RewriteRule	^.*	-	[F,L]

Since %{REQUEST_URI} does not include what comes after the question mark in the URL, use %{QUERY_STRING} to filter by the query string that follows the question mark.

How to filter by the query string following the question mark

The %{QUERY_STRING} variable contains the query string that follows the ? (question mark) of the current request to the server.

Note that the filtered value must be URL encoded. For example, the following rule:

RewriteCond %{QUERY_STRING} "p=5373&%D0%B7%D0%B0%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C"
RewriteRule ^.* - [F,L]

blocks access to the page https://suay.ru/?p=5373&заблокировать, but will not deny access to the page https://suay.ru/?p=5373.

Denying IP and Ranges Access

With mod_rewrite, you can block individual IPs from accessing the site:

RewriteEngine	on
RewriteCond	"%{REMOTE_ADDR}"	"84.53.229.255"
RewriteRule	^.*	-	[F,L]

You can specify multiple IP addresses to block:

RewriteEngine	on
RewriteCond	"%{REMOTE_ADDR}"	"84.53.229.255" [OR]
RewriteCond	"%{REMOTE_ADDR}"	"123.45.67.89" [OR]
RewriteCond	"%{REMOTE_ADDR}"	"122.33.44.55"
RewriteRule	^.*	-	[F,L]

You can also use ranges, but remember that in this case, strings are treated as regular expressions, so the CIDR notation (for example, 94.25.168.0/21) is not supported.

Ranges must be specified as regular expressions – this can be done using character sets. For example, to block the following ranges

  • 94.25.168.0/21 (range 94.25.168.0 - 94.25.175.255)
  • 83.220.236.0/22 (range 83.220.236.0 - 83.220.239.255)
  • 31.173.80.0/21 (range 31.173.80.0 - 31.173.87.255)
  • 213.87.160.0/22 (range 213.87.160.0 - 213.87.163.255)
  • 178.176.72.0/21 (range 178.176.72.0 - 178.176.75.255)

the rule will work:

RewriteEngine	on
RewriteCond	"%{REMOTE_ADDR}"	"((94\.25\.1[6-7]])|(83\.220\.23[6-9])|(31\.173\.8[0-7])|(213\.87\.16[0-3])|(178\.176\.7[2-5]))"
RewriteRule	^.*	-	[F,L]

Note that the range 94.25.168.0 - 94.25.175.255 cannot be written as 94.25.1[68-75], it will be interpreted as the string “94.25.1” and a character set including character 6, range 8-7 and character 5. Due to the range of 8-7, this entry will cause an error on the server.

Therefore, to write 94.25.168.0 - 94.25.175.255, “94\.25\.1[6-7]” is used. Yes, this record does not accurately convey the original range – to increase the precision, you can complicate the regular expression. But in my case, this is a temporary hotfix, so it will do just that.

Also note that the last octet 0-255 can be skipped, since part of the IP address is enough to match the regular expression.

Combining access control rules

Task: block users who meet ALL of the following criteria at once:

1. Empty referrer

2. The user agent contains the string “Android 10”

3. Access was made to a page whose URL contains any of the strings

  • windows-player
  • how-to-find-which-file-from
  • how much-RAM
  • how-to-open-folder-with
  • 7-applications-for

4. The user has an IP address belonging to any of the ranges:

  • 94.25.168.0/21 (range 94.25.168.0 - 94.25.175.255)
  • 83.220.236.0/22 (range 83.220.236.0 - 83.220.239.255)
  • 31.173.80.0/21 (range 31.173.80.0 - 31.173.87.255)
  • 213.87.160.0/22 (range 213.87.160.0 - 213.87.163.255)
  • 178.176.72.0/21 (range 178.176.72.0 - 178.176.75.255)

The following set of rules will match the specified task:

RewriteEngine	on
RewriteCond	"%{REMOTE_ADDR}"	"((94.25.1[6-7]])|(83.220.23[6-9])|(31.173.8[0-7])|(213.87.16[0-3])|(178.176.7[2-5]))"
RewriteCond	%{HTTP_REFERER}	^$
RewriteCond	%{HTTP_USER_AGENT}	"Android\ 10"
RewriteCond	%{REQUEST_URI}	"(windows-player)|(how-to-find-which-file-from)|(how much-RAM)|(how-to-open-folder-with)|(7-applications-for)"
RewriteRule	^.*	-	[F,L]

Please note that rules that are logical OR must be collected into one large rule. That is, you cannot use the [OR] flag with any of the rules, otherwise it will break the logic of the entire rule set.

By the way, I overcame the bots.

Configuring Apache Web Server to Run Perl Programs on Windows

Perl scripts can be run in the Apache environment in the same way as PHP scripts. To do this, you need to make a small setting.

I installed the web server according to this instruction, if you installed according to a different instruction, then edit the paths to suit your values.

1. Installing Perl on Windows

Download Perl for Windows from https://www.activestate.com/products/activeperl/downloads/

Run the downloaded .exe file – installation can be done with default options.

2. Configuring Apache to run Perl CGI

Now open the httpd.conf file for editing, I have it located along the path C:\Server\bin\Apache24\conf\httpd.conf.

Find the line there

Options Indexes FollowSymLinks

and add ExecCGI to it. You should get the following line (ATTENTION: you may have a different set of options):

Options Indexes FollowSymLinks ExecCGI

Now find the line:

#AddHandler cgi-script .cgi

Uncomment it, that is, remove the # at the beginning of the line and add .pl to the end of the line. The new line will look something like this:

AddHandler cgi-script .cgi .pl

3. Restart Apache

c:\Server\bin\Apache24\bin\httpd.exe -k restart

4. Run the Perl CGI test page

In the folder for your sites (mine is C:\Server\data\htdocs\) create a file test.pl and copy into it:

#!C:\Perl64\bin\perl.exe
print "Content-type: text/html; charset=iso-8859-1\n\n";
print "<phtml>";
print "<body>";
print "Test Page";
print "</body>";
print "</html>";

Pay attention to the line #!C:\Perl64\bin\perl.exe – if you have a different path to the perl.exe file, then edit the line accordingly.

Open this page in a web browser: http://localhost/test.pl

The inscription should appear

Test Page

As shown in the screenshot below:

How to fix “Configuration File (php.ini) Path” no value (SOLVED)

The phpinfo function shows complete information about the PHP environment, including which modules are enabled, where the configuration files are located, with which options the PHP binaries were compiled, and much more.

To use this function in the web server folder create a file and copy to it:

<?php

phpinfo ();

Save the file and open it in a web browser.

Why Configuration File (php.ini) Path has no value

As the name of the item “Configuration File (php.ini) Path” implies, this is the path to the configuration file php.ini. The php.ini file is important because it enables and disables modules, sets limits on the use of system hardware resources, and makes all other PHP settings.

As you can see in the screenshot, “Configuration File (php.ini) Path” is defined as “no value", that is, it is not set. You might think that something was done wrong and PHP works without modules.

But in fact, PHP and the web server on the computer from which the screenshot was taken are working as expected. Pay attention to the next item “Loaded Configuration File” after the highlighted line, it contains the value C:\Server\bin\PHP\php.ini, that is, the configuration file is loaded.

As for the “Configuration File (php.ini) Path”, the path to the file where php.ini is searched for by default is written here – this value is specified when compiling PHP, you do not need to worry about it.

That is, you need to pay attention only to the “Loaded Configuration File”, because if there is also “no value”, then it really means that the php.ini configuration file is not loaded and not used.

If some modules do not work, then carefully check the contents of php.ini – have you really uncommented the required lines?

After making changes to the php.ini file, remember to restart the web server for the changes to take effect.

How to install a web server (Apache, PHP, MySQL, phpMyAdmin) on Linux Mint, Ubuntu and Debian

If you are a webmaster, or a PHP programmer, or you just need to run a website on your computer, then you can do it using a web server. On Linux, the web server (Apache) and related components (PHP, MySQL, phpMyAdmin) are installed in just a few commands.

This tutorial will show you how to set up a web server for sites on Linux Mint, Ubuntu and Debian.

How to install Apache, PHP, MySQL, phpMyAdmin on Linux Mint, Ubuntu and Debian

We will do most of the operations in the command line - the Linux terminal.

Open a terminal and run the following two commands in it:

sudo apt update
sudo apt install apache2 default-mysql-server php phpmyadmin

Answer No to the configuration prompt with dbconfig-common:

Use the Tab key to move between items and Enter to continue.

Select “apache2”:

Use the Space key to select items, use the Tab key to move between items, and press Enter to continue.

That's all! The web server (a bunch of Apache, PHP, MySQL, phpMyAdmin) is installed and ready to work. Open the link http://localhost/ in your browser

You will see the standard Apache page:

phpMyAdmin is available at http://localhost/phpmyadmin/

To start the web server every time you turn on the computer, run the command:

sudo systemctl enable apache2
sudo systemctl enable mysql

How to change URL path of phpMyAdmin. How to enable and disable phpMyAdmin

If during the installation of phpMyAdmin you chose not to configure it for use with the Apache web server, use the command to enable phpMyAdmin:

sudo ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf-enabled/

Restart the web server for the changes to take effect:

sudo systemctl restart apache2

To disable phpMyAdmin use the command:

sudo rm /etc/apache2/conf-enabled/phpmyadmin.conf

Restart the web server for the changes to take effect:

sudo systemctl restart apache2

There is an important line in the /etc/phpmyadmin/apache.conf file:

Alias /phpmyadmin /usr/share/phpmyadmin

Its essence is that the URL /phpmyadmin (for example, http://localhost/phpmyadmin) begins to correspond to the /usr/share/phpmyadmin folder. That is, the phpMyAdmin files (scripts) are physically located in /usr/share/phpmyadmin, and not in the web server directory (for example, /var/www/html/).

Many automatic scanners of “hidden” files and folders of a web server and sites check the “phpmyadmin”, “pma” and other similar directories. You can hide your phpMyAdmin nicely by changing the Alias. For instance:

Alias /lkjgler94345 /usr/share/phpmyadmin

phpMyAdmin will now be available at http://localhost/lkjgler94345 - not easy to find.

phpMyAdmin setup

By default phpMyAdmin does not allow login without password. If you have not set a password for the MySQL DBMS, then you have two options to choose from:

  • set password
  • make changes to phpMyAdmin setting to allow passwordless login

It is recommended to set a password for the database. To change the password, you can use the script:

sudo mysql_secure_installation

If you want to allow logging into phpMyAdmin without a password, then open the file

sudo gedit /etc/phpmyadmin/config.inc.php

Find the second (there are two) line

// $cfg['Servers'][$i]['AllowNoPassword'] = TRUE;

and uncomment it (remove the two slashes from the beginning of the line) to get:

$cfg['Servers'][$i]['AllowNoPassword'] = TRUE;

Most likely, when connecting, you will receive a surprise in the form of the error “#1698 - Access denied for user 'root'@'localhost'”. Step-by-step actions for its solution in this manual.

Where are the sites on the Apache web server?

By default, the root folder for web documents is /var/www/html. In /var/www you can create your own virtual hosts.

The /var/www/html folder and all files inside it belong to the root user.

For you to be able to modify, add, delete files in this folder, you need to use sudo. For example, with the following command, you will open a file manager to manage the contents of a folder.

sudo nemo /var/www/html

All other programs that make changes to /var/www/html must also be run with sudo.

On a local server, for ease of use, you can make yourself the owner of this folder:

sudo chown -R $USER:$USER /var/www/html

Now you and the programs launched on your behalf do not need superuser privileges to work with the contents of this directory:

nemo /var/www/html

Apache index files

If the user requests from the web server not a file, but a directory, then the server looks for files index.html, index.php, index.htm, etc. in it. If these files are in this directory, then their contents are shown. These files are called index files. If there are two or more such files in a directory at once, then one of them is shown in accordance with the set priority.

You can see which files are index files for your server and in what order their priority is arranged in the file

sudo gedit /etc/apache2/mods-enabled/dir.conf

There you will see something like:

<IfModule mod_dir.c>
    DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

Typically, users want to move the PHP index file (index.php) to the first position after DirectoryIndex, so that something looks like this:

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

After making changes, save and close the file, restart the web server.

Conclusion

This tutorial showed you how to install Apache web server on your Linux Mint machine. In terms of its functionality, this server does not differ from the capabilities of hosting. You can test your sites on it, use it when learning PHP, install WordPress, etc. Moreover, this server can be made available to the local or even global network.

Loading...
X