Protect Folder With Htpasswd In Apache

Overview

Need a folder secured on your website with a username and password prompt? You may have some important documents you need to share with selected people. You could have restricted downloads you need to give to certain people. In any of these cases, you can secure a folder with one or multiple usernames and passwords.

Secure Folder With Htpasswd

Secure Folder With Htpasswd


I will show you how to lock down a folder using apache .htpasswd and .htaccess. Once a folder is password protected with htpasswd and htaccess, your website visitors will see a dialog box appear similar to the one below and they will need to enter a username and password before they can access the contents or downloads of that locked folder.

Protect Folder With Htpasswd In Apache

Below is showing what the end result will look like and what this article will help you achieve.

Step 1 – Create the folder and set the permissions on it

If the folder you want secured doesn’t exist, go ahead and create it. Then set the correct permissions and owner for the folder. I am using www-data as our folder owner as this is the owner that apache website runs as.

cd /var/www/html
mkdir secured_folder
chmod 744 secured_folder
chown www-data.www-data secured_folder
cd secured_folder

Step 2 – Create your .htaccess file

Change to the ‘secured_folder’ and create an .htaccess file inside their with the contents below. This will add the username and password security to the folder.

AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
AuthName "My protected files"
AuthType Basic

<Limit GET>
require valid-user
</Limit>

Step 3 – Create the username and password for .htpasswd file

Now change to the folder you want your .htpasswd is to be stored in. We specified /var/www/.htpasswd as you can see the above for ‘AuthUserFile’. Then use the htpasswd function in your command line to create the username and password for the folder you want to secure. It is recommended that you leave this file outside of the actual website folder.

cd /var/www/
htpasswd -c .htpasswd username1

You will be asked to enter a password for ‘username1′.

Step 4 – Adding more users to .htpasswd file (optional)

If you would like to add multiple users to the same .htpasswd file then don’t add the ‘-c’ option.

cd /var/www
htpasswd .htpasswd username2
	you will be asked to enter a password for 'username2'
htpasswd .htpasswd username3
	you will be asked to enter a password for 'username3'

Now when you go to visit your page, it will prompt you to enter a username and password before you can access the page.

Regex Reverse Match And Replace All But Specified Characters

Overview

We can use regular expressions to specify a list characters we want to either strip out of a string or replace them with other characters however this article is aimed more on how to do a regex reverse match and replace (also knows as a negative replace) where we specify the characters we DO NOT want to be stripped out which can be very useful for sanitising and cleaning out strings and prevent MySQL injections or cross-site scripting attacks. In other words we replace everything but the string specified.

Sounds simple enough yet I found it ever so difficult on how to perform this which is why I am posting it here to save others the time.

Regex Reverse Match

The below examples use the regular expression pattern /[^a-zA-Z0-9\s]/ which basically is just specifying a list of characters (being upper and lower case letters, numbers and spaces). But the big difference is the ^ (caret symbol) is inside the square brackets which tells the regular expression that it is a negative search. ie, match and strip all but the ones listed.

Remember… if we wanted to remove the list of characters specified by the expression’s pattern, then we simply exclude the ^ which mean the resulting pattern to include a list of characters would look like so: /[a-zA-Z0-9]/.

Secondly the second parameter is and empty string which will tell the function to replace the string with nothing.

Note! that if the ^ (caret) was outside the square brackets it would then specify matches at the beginning of a sentence. Just as a $ (dollar symbol) at the end of the sentence would specify matches at the end of the sentence. In this case, the ^ (caret) is inside which denotes an exclusion of characters.

PHP Reverse Replace

<?php

/* our string we will be working on */
$str = "A string - with, awful characters$@!.";
/* use php's preg_replace to execute the regular expression and echo the result */
echo preg_replace( '/[^a-zA-Z0-9\s]/', '', $str );
/* the output from the above will be "A string with awful characters" */

?>

Javascript Reverse Replace

<script type="text/javascript">

/* our string we will be working on */
var str = 'A string - with, awful characters$@!.';
/* use  javascript's replace() function to execute the regular expression and then store the result */
var str = str.replace(/[^a-zA-Z0-9\s]/g,'');
/* the variable `str` from the above will be "A string with awful characters" - all nasty characters are removed */

</script>

Execute Logrotate Command Manually

Overview

One day while perusing around one of my Debian Linux servers I noticed that the disk was extremely full. It isn’t a server I access all the time so the disk space being filled up had gone unnoticed. After taking a look at what could be using up all the disk space, I realised that my log files had grown to be absolutely massive with some log files being a few GB’s in size.

logrotate.d Wasn’t Running

The cause of the issue was that logrotate had not been running for quite some time. I fixed logrotate but I couldn’t afford to wait for the logrotate to automatically run on it’s next schedule. I began to panic and needed to quickly rotate the logs to regain precious space before the server and websites came crashing down.

Execute Logrotate Command Manually

Since most of my disk space was consumed by apache, I decided to execute logrotate command manually in linux and pass it the config of the logrotate apache . To do so, I used the following command:

logrotate -vf /etc/logrotate.d/apache2.conf

The flags ‘-vf’ passed to the command are as follows:

  • -v verbose shows more information. useful to try detect any errors there may be with logrotate
  • -f force the rotation to occur even if it is not necessarily needed

And /etc/logrotate.d/apache2.conf is the location of my config file of for the apache2 logrotate. The content of my config file are as follows

/var/log/apache2/*_log {
	weekly
	missingok
	rotate 52
	compress
	delaycompress
	notifempty
	create 640 root adm
	sharedscripts
	postrotate
		if [ -f /var/run/apache2.pid ]; then
			/etc/init.d/apache2 restart > /dev/null
		fi
	endscript
}

Once I ran logrotate in linux manually, all my apache2 log files got rotated, compressed with gzip and recycled leaving me with heaps more free disk space.

Perl Ping Script To Ping Remote Server Or Website

Overivew

Below is a perl script which will allow you to ping a remote server. The article is a follow up article to my php ping script article. This article is similar in that we will also be pinging a remote website to see it if up and running, however this time we will be using perl’s Net module.

Perl Ping Script To Ping Remote Server Or Website

Here is a surprisingly simple perl code snippet to perform a perl ping request to check if a remote server or website is up. It creates a new Net::Ping object and then sends pings the server. We can optionally specify a port to see if a specific port is responding on the server which can be very useful if we want to know if a service is still up and running such as MySQL or Apache.

Perl Ping Specific Port

By using the perl ping script to ping a specific port, we can test wether a service on the server is up and running. For example, port 3306 would test for MySQL, 80 and 443 would test the webserver and 21 would test FTP.

A Perl Ping Script can be very useful and it can be used to make sure a website or server is up and can make our lives easier if we are monitoring multiple servers.

#!/usr/bin/perl -w

use Net::Ping;

# Host can be either an IP or domain name
my $host = "www.google.com";
#optionally specify a timeout in seconds (Defaults to 5 if not set)
my $timeout = 10;

# Create a new ping object
$p = Net::Ping->new("icmp");

# Optionally specify a port number (Defaults to echo port is not used)
$p->port_number("80");

# perform the ping
if( $p->ping($host, $timeout) )
{
        print "Host ".$host." is aliven";
}
else
{
        print "Warning: ".$host." appears to be down or icmp packets are blocked by their servern";
}

# close our ping handle
$p->close();

Conclusion

In the above example, we ping port 80. This will test if the website is active. As stated above, changing from port 80 to 3306 for example, would then test for an active MySQL service running.

Validate IP Address PHP And Javascript Examples

Overview

Below is a similar post to my other post on validate email addresses example except in this post we will validate an IP address instead of an email address. I have also provided simple and straight forward code snippets for Javascript and PHP. It uses a regular expression to test if the string passed to is a check the IP address is valid.

Validate IP Address

Validate IP Address

Validate IP Address PHP And Javascript Examples

The two types of IP Address Validation we will cover are:

I have included both PHP and Javascript Email Validation Examples. It works perfectly for me and hope it will save you hours of time trying to find it out for yourself. Please let me know in the comments if you have any issues.

Validate IP Address In PHP With preg_match()

<?php

/* The IP to test (this IP is valid) */
$str = "100.150.200.250";
/* use php's preg_match to execute the regular expression and store the result - which is either `0` for no match or `1` for a match */
$bValidIP = preg_match( '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/', $str );

?>

Validate IP Address In Javascript With test()

<script type="text/javascript">

/* The IP to test (this IP is valid) */
var str = "100.150.200.250";
/* The regular expression pattern */
var pattern = /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/g;
/* use  javascript's test() function to execute the regular expression and then store the result - which is either true or false */
var bValidIP = pattern.test(str);

</script>

Conclusion

Not much explaining I can do. Essentially there are two methods to validate IP address. First is validate IP in PHP and the second is how to validate IP address in javascript.

PHP Implode Array Key Value – Array Keys To String

Overview

In this tutorial, I will show how you can quickly and easily convert array keys, into a string. The method I use will convert array key values into an array without using foreach() function.

The idea of this code snippet will allow you to convert this:

<?php

$array = (
    'John' => 'John is a common name',
    'Mark' => 'Mark is eating a sandwich',
    'Sarah' => 'Sarah does not like Mondays',
);

Into this:

<?php

$names = 'John, Mark, Sarah';

PHP Implode Array Key Value – Array Keys To String

In PHP there is a great function for converting a PHP Array into a string (and visa versa) using the function implode(). These functions work well on the values of the array, however we are trying to convert he array keys. Luckily in PHP there is a function called array_keys() which will return a list of array keys from the array. Combining these two functions, we can easily convert the keys of an array into a string. Using php implode array key value will easily convert your array’s keys into a string.

Note that as this function converts the array keys into a string rather than the array values. As such, the array passed to the calling function should be an associative array.

The PHP Function

Here is the function used to convert the array keys into a string. If you want to learn how the function works, then view the explanation here.

<?php

// our simple yet effective implode array key function
function implodeArrayKeys($array) {
	return implode(", ",array_keys($array));
}

?>

How the above function works

This is the long winded version of this function explaining how the above implode array keys function works. You should use the above function as the function below is more for information purposes.

<?php

function implodeArrayKeys($array)
{
	// first we get the array keys using array_keys() PHP function
	$keys = array_keys($vars);

	// now join the keys into a string and separate using a comma
	$string = implode(", ",$keys);

	// and return the result
	return $string;
}

?>

And voila, it’s as easy as that.

How To Setup IP Address in Linux

Overview

In this guide, you will be shown how to setup the IP address of a computer or server running Linux. Before we know which way to configure your network card, you need to know if you want to use a static or dynamic IP address.

Setup IP Address

Setup IP Address

Static IP vs DCHP IP

Whats the difference? Static is an IP address that yet manually chose and set for your computer. It won’t change until you decide to update it. DHCP is an IP address that is given to your computer by a DHCP server (usually a router or another server). The DHCP assigned IP address is given to you from a pool (or range) of IP addresses and can change depending on which ones are available.

How To Setup IP Address in Linux

Depending on your network configuration, you will need to either use a static IP address which is commonly used on servers on corporate networks. A static IP address is manually entered in and doesn’t change.
You could also use a dynamic IP address which can be assigned to your computer via a DHCP service. DHCP is more common in home networks as it can be setup automatically and doesn’t require the user to know how to change an IP address. DHCP is a service that runs on your network that will automatically setup your network IP address. Before DHCP can assign your computer a IP address, you need to setup your network interface to use DHCP

Editing the Network Interface

All your IP address information be it dynamic or static is stored under your network interface file which can be found under the path /etc/network/interface. To edit this file you may need root or sudo access. To edit the file enter the following:

sudo vi /etc/network/interfaces

Inside this file you will notice a loop back device. Ignore this part as we want to focus on the eth0 interface – or interface 0. If you have multiple network interfaces, you may see eth0, eth1, etc.

Setup DHCP for Network Interface

Find the section that has iface eth0 (or whichever interface you need – eth1, eth2, etc). and change it to match below. That’s the only configuration you. Now you need to restart your network interface to bring in the changes (shown below).

allow-hotplug eth0
iface eth0 inet dhcp

Setup Static IP for Network Interface

If you need a static ip address, then edit your interface file to be similar to below. Note that your ip, netmask and other items will need to match your own network range.

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.0.20
netmask 255.255.255.0
network 192.168.0.1
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameservers 192.168.0.2

Note that network and broadcast are optional entries and if omitted will be automatically detected.

Restart Networking Interfaces

In order for the above changes to come into effect, you need to restart your network interface. You can do this by running the following command:

/etc/init.d/networking restart

Sometimes you will find your interface doesn’t come online when restarting so entering in `ifup` will bring it back up where eth0 is the network interface you configured.

ifup eth0

And inversely, if you wanted to bring the network interface down, you would type in:

ifdown eth0

Caution! Typing in ifdown will take the network interface offline and drop your network connection so don’t running this command remotely!

CSS Padding vs Margin – Whats the Difference?

CSS Padding vs Margin – Whats the Difference?

When cutting up a design into html, you will need to recreate the design in html as accurately as possible. Positioning the elements correctly in html (not to mention, that dreaded cross browser support) can be tricky and having the elements laid out accurately can be the difference between a good looking website and a great looking website. To achieve this you will need to add a bit of div padding or div margins in order to get a div tag aligned into the correct place.

What is the difference between CSS Padding vs Margin

You may wonder what the differences between padding in html and margins in html really are. To give an analogy, think of a cardboard box (that represents your div tag). Now you want to place something inside the box, lets say a vase (in this case, the vase represents the contents inside the div tag, such as text, images or other web content). Now to position the vase correctly inside the box, we would add some newspaper “padding” into the box to hold the contents of the in its positions. The more padding you add, the less space there is in the box for the vase to move.

Now html margins is more like the space around the cardboard box. The more margins you add around the box, the further away it would space other boxes from itself. Larger margins means more space around the box. If you have no space (or html margins), then other boxes will be positioned right next to it.

When to use CSS Margin and CSS Padding

If you wanted to position the contents inside of a div (or any html tag) you will use padding (or newspaper as our previous analogy would depict). However if you wanted to position the div tag (which includes its contents inside), you will use margins.

That is a bit of a long winded description, but hopefully that will correctly explain what the differences are between html padding and margins.

Summary

Basically, when it comes to padding vs margins, your margins are just the space around an element and padding is the space inside an element. Padding being the space inside and Margin being the space around the outside.

Add New Zone To Bind DNS Server

Overview

Welcome to the second of my DNS articles. It is more of a prequel to my first article in which I explained the steps in Creating A DNS Entry For A SubDomain.

This article assumes you have already installed bind and it is all running. If not, then you will need to setup bind first.

What is a DNS Zone?

My previously article explained what a zone is so I won’t go into to much detail here, but essentially a zone is the term used to describe a config file which contains a specific domain/subdomain collection in your DNS server. Bear in mind that a DNS server has multiple zones (and thus domains) associated to it. Each domain generally has its own zone file however in some situations, you can have multiple domains per zone file. For example, mydomain.com and mydomain.net and mydomain.org could all be in the same zone file as long as they all need to point to the same ip address.

Create the DNS zone file

The zone file we will create for this example will be for the domain example.com. The zone file will tell the DNS server which IP the domain should point to as well as configuring expiry and refresh times for the domain. Generally, the naming format for a zone file is db.example.com.conf where the domain in this case is example.com. Now to create the zone file and add the contents shown in the Sample DNS Domain Zone File

sudo vi /etc/bind/db.example.com.conf

Sample DNS Domain Zone File

In this sample DNS domain zone file, there are a couple changes you need to make to ensure it works in your situation. Firstly, change ns1.exampledns.com and ns2.exampledns.com with your own ns1 and ns2 dns servers. Secondly you can change example.com to the domain you are adding.

Optionally leave out $ORIGIN if you are adding multiple domains to a single zone file. The @ symbol simply means the current zone which is great for when you have multiple domains to a single zone file.

; Zone file for example.com
$TTL    3600
$ORIGIN example.com
@       IN      SOA     ns1.exampledns.com.    root.example.com. (
                     2012033101         ; Serial
                           3600         ; Refresh
                           1800         ; Retry
                         604800         ; Expire
                          43200 )       ; Negative Cache TTL

        IN      NS      ns1.exampledns.com.
        IN      NS      ns2.exampledns.com.

@       IN      A       192.168.0.2
www     IN      A       192.168.0.2

Add New Zone To Bind DNS Server

Above we created the zone config file. Now we need to add the zone file to our dns config file which tells our DNS server that it should control and serve requests for this new domain zone.

Open your DNS config file and add a zone in for your domain. I will be using example.com in my example. Here the file is located under /etc/bind/named.conf.local however depending on the way your DNS server was configured, it may be under /etc/bind/named.conf.options or rarely even /etc/bind/named.conf

sudo vi /etc/bind/named.conf.local

Add a zone to your DNS config file

At the end of the file add an entry similar to the following

zone "example.com" {
	type master;
	file "/etc/bind/db.example.com.conf";
};

As you will see, the type of zone is a master zone. This means that it is the primary holder for dns information regarding this domain.

Restarting Bind DNS Server

Once you have added your new zone to your bind dns server, you need to restart the bind daemon in order to reload the new config file. You can do so by issuing the following command.

Debian / Ubuntu Linux

Restart bind dns server on Debian and Ubuntu Linux.

service bind9 start

Alternate method to restart bind dns server on Debian and Ubuntu Linux.

/etc/init.d/bind9 restart

Redhat / Fedora Linux

Restart bind dns server on Redhat and Fedora Linux.

service named restart

Alternate method to restart bind dns server on Redhat and Fedora Linux.

/etc/init.d/named restart

Note: you may need to use sudo to run these commands if your account doesn’t have enough privileges.

Create DNS Record For Subdomain – Add DNS Entry Into Bind

Overview

Welcome to the first of a number of DNS related articles I will write to help explain the different tasks needed to configure and manage your own DNS server using bind under Linux.

The article assumes you have already installed bind and it is all running. If not, then you will need to setup bind first. Once you have setup bind, you are now ready to create DNS record for subdomain. You can also checkout my next article (which is more of a prequel) about adding Adding New Zone To Bind DNS Server.

What is a DNS Zone?

Essentially a zone in DNS terms is a domain along with all it’s subdomains. Typically you will have one zone config file per domain (which includes its subdomains and any mail records, alias’ and other entries associated with that domain) however you can also have multiple domains using a single zone file. If you have multiple domains to a zone file, each of those domains will be configured identically which includes the IP addresses and subdomains each of the entries point to. The zone file tells the DNS server what IP addresses are associated to each of the domains and subdomains. Each record in the zone file can also be configured to be any type of DNS record such as A record, MX record, TXT record, etc.

Editing a zone file

The zone files are located under /etc/bind/ and the zone files generally (but not always) are in the format of db.domain.com.conf. For example, my zone file for darian-brown.com is under:

/etc/bind/db.darian-brown.com.conf

So now we simply edit the zone file using vi or your preferred editor

sudo vi /etc/bind/db.darian-brown.com.conf

Create DNS Record For Subdomain

In your zone file you will see a couple existing DNS records. You should see a section similar to this where 192.168.0.2 is the IP address on our internal network where these domains point to. The @ symbol simply means the current domain which in our case is darian-brown.com

@	IN	A	192.168.0.2
www	IN	A	192.168.0.2

Now we are going to add a subdomain called blog and point it to a different server. So we add the line after those two entries (or even at the bottom of the file) like so.

@	IN	A	192.168.0.2
www	IN	A	192.168.0.2
blog	IN	A	192.168.0.10

Update Config File Serial

You need to update the serial in the zone config file. Change it so the serial number is higher than it used to be. This will allow bind to see that the config file has been updated and that it need to load in the new config file.

$ORIGIN example.com
@       IN      SOA     ns1.exampledns.com.    root.example.com. (
                     2014082301         ; Serial
                           3600         ; Refresh
                           1800         ; Retry
                         604800         ; Expire
                          43200 )       ; Negative Cache TTL

I like to use the current date for the serial and a two digit to show the number of times it edited the file that day. This ensures the serial is unique, always higher and has the added benefit of showing when I last updated the config file. So use the format of YYYYMMDDXX where xx is the edit that day. Starting at 01 for the first edit, 02 for the second edit, etc.

Save And Restart Bind DNS Server

Once you have added your new subdomain and updated the serial in your DNS config file, you need to restart the bind daemon in order to reload the new config file. You can do so by issuing the following command.

Debian / Ubuntu Linux

Restart bind dns server on Debian and Ubuntu Linux.

service bind9 start

Alternate method to restart bind dns server on Debian and Ubuntu Linux.

/etc/init.d/bind9 restart

Redhat / Fedora Linux

Restart bind dns server on Redhat and Fedora Linux.

service named restart

Alternate method to restart bind dns server on Redhat and Fedora Linux.

/etc/init.d/named restart

Note: you may need to use sudo to run these commands if your account doesn’t have enough privileges.

Testing new subdomain

In order to test your new entry is working, you can dig the new address. See my article on What is Dig and When Should I use it for more information. Dig is a lot more informative and can be extremely useful as you can directly query your DNS server rather than waiting for the DNS to refresh.
An example of how to do would be

dig @ns1.mynameserver.com -t A blog.darian-brown.com

and if the DNS entry was added successfully, you should see a section in the response that is something like

;; ANSWER SECTION:
blog.darian-brown.com.	3600	IN	A	192.168.0.2

Alternately you can ping the subdomain using

ping blog.darian-brown.com

Final Note!

Once you have create DNS record for subdomain, it may take a while before it comes into effect. The reason is that your DNS server must send the new information to other DNS servers around the world, so that other DNS server all over know your new subdomain details and are able to find it on the internet. This process is commonly called DNS propagation.

DNS Propagation

This process may take up to 48 hours however a few hours usually does the trick. Updating a subdomain usually takes longer than creating a new domain or subdomain. This is because the other DNS servers will wait for their cache to expire before refetching your updated DNS zone file.