blog.plee.me About software, technology and random things

17Dec/160

Installing mod_cloudflare For Apache HTTPd 2.4 On Debian 8 (Jessie) Via Aptitude Repository

[Update on 2019-09-19] Warning: From Debian 9 (stretch) upwards, according to the official documentation Cloudflare has dropped support for mod_cloudflare. Instead they recommend replacing it with the new alternative: the official Apache HTTPd module mod_remoteip.

Hi!

If you are using the Cloudflare proxy functionality, you will find that your web server will end up only working with Cloudflare's IPs instead of the visitors'. After quite some time I thought that there has to be a better way to go about this, and I found mod_cloudflare, a solution officially developed by Cloudflare themselves.

When I was looking at the official Cloudflare documentation on how to install mod_cloudflare for Apache 2.4 on Debian 8 (Jessie) today, I was disappointed to find that they were only recommending manual ways: installing a .deb package or compiling the module yourself.

Luckily I found a guide on how to accomplish the installation with the standard apt-get / aptitude tool for Debian / Ubuntu.

This is how:

  1. Add the aptitude repository to a new sources list file, e.g. at /etc/apt/sources.list.d/cloudflare-main.list - with this content:
    deb http://pkg.cloudflare.com/ jessie main
  2. Download the Cloudflare repository key and add it to the aptitude known keys:
    # wget https://pkg.cloudflare.com/pubkey.gpg
    # apt-key add pubkey.gpg
    # rm pubkey.gpg
  3. Update the aptitude cache:
    # aptitude update
  4. Look at which packages are available in the new repository:
    # grep ^Package: /var/lib/apt/lists/pkg.cloudflare.com_dists_jessie_main_binary-amd64_Packages
  5. Install mod_cloudflare:
    # aptitude install libapache2-mod-cloudflare
  6. Restart the Apache HTTPd service:
    # service apache2 restart

Hopefully this way of installing will enable everyone to update / maintain it much more easily and with less one-time use packages installed.

Additionally, this could prove even more useful for people who want to install more Cloudflare packages.

I am confident that this method also works for Ubuntu and other versions of Debian - just replace the "jessie" part in the aptitude sources list file with your distribution major release codename (like "wheezy" for Debian 7 or "vivid" for Ubuntu 15.04).

Thanks for reading!

Original source: https://emtunc.org/blog/01/2016/installing-mod_cloudflare-ubuntu-14-04-apache-server/

2Jul/130

Access Control via Hybrid .htaccess for Both Apache HTTPd 2.2 and 2.4

Hi!

If you're running the Apache HTTPd in the versions 2.2 and 2.4 in different environments but would like to control access to certain directories (include, lib, ...) via Apache, chances are that you don't want to use one 2.2 specific file and a different one for 2.4, especially if you keep transferring and synchronizing the files between those different setups.

Between versions 2.2 and 2.4 a couple of things have changed. The perhaps most prominent change would be the one that comes with the new mod_authz_host module and deals with authorization / access control. Instead of using Order, Allow, Deny and/or Satisfy you are now advised to use the new Require directive.

So what do you do if you cannot switch every .htaccess over to the new format for reasons like the one mentioned in the beginning?

You could in fact enable the mod_access_compat module and keep rolling with the old configuration. But that would only mean procrastinating until you would finally have to deal with it anyway.

The better solution is to use configurations that are not even necessarily dependent on your Apache version (remember, you could just load the legacy compatibility module in 2.4), but in fact check for the correct module to work with. The key element to work with here is the IfModule directive.

# Apache 2.4
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>

As you can see, there are two checks that basically work as an "if ... else" selection. The rest should be self-explanatory.

For more information about the new way of handling access with the Apache HTTPd 2.4, please refer to the official documentation.

I hope this was of any help to you.

Thanks for reading.