Install xcache

CentOS 6

# yum install php-xcache xcache-admin

Debian/Ubuntu/Linux Mint


# apt-get install php5-xcache

Configure

RHEL/CentOS/Fedora


# nano /etc/php.d/xcache.ini

Debian/Ubuntu/Linux Mint


# nano /etc/php5/conf.d/xcache.ini

OR

# nano /etc/php5/mods-available/xcache.ini

once you’re done with configuration settings, restart your Apache web server.



# /etc/init.d/httpd restart


# /etc/init.d/apache2 restart

Verify

# php -v

Enabling XCache Admin Panel for PHP

By default the admin panel is protected with http-auth and in disabled state. To set user/password open the Xcache.ini file. But, first you have to create md5 password using following command. (Where typeyourpassword is your password).


# echo -n "typeyourpassword" | md5sum

Sample Output


ae9ac3f19ae3990b2c99701061c5d8c2

Now open Xcache.ini file add the generated md5 password. See the following example, add your own password md5 string.


[xcache.admin]
xcache.admin.enable_auth = On
; Configure this to use admin pages
xcache.admin.user = "mOo"
; xcache.admin.pass = md5($your_password)
xcache.admin.pass = "ae9ac3f19ae3990b2c99701061c5d8c2"

The simplest way to do so is copying the whole directory xcache (admin was in older release) to your web root directory (i.e. /var/www/html or /var/www).


# cp -a /usr/share/xcache/ /var/www/html/

OR


# cp -a /usr/share/xcache/htdocs /var/www/xcache

OR


cp -a /usr/share/xcache/admin/ /var/www/ (older release)

Now call it from your browser, a http-auth login prompt window will pop-up. Enter your user/pass in, and it’s done.

http://localhost/xcache OR http://localhost/admin (older release)

How to enable Xcache in cPanel

How to enable Xcache in cPanel to speed up website?
Xcache can be enabled in cPanel by using Easy Apache.

Log into your cPanel server. After you login, search for “EasyApache” in left column and click on the link. Select “Previously Saved Config” and click on “start customizing”. For both Apache and PHP, click on “next step” button. Look for “xcache for php” and check the box. Click on “save and build”. Allow the build process to finish.

To enable xcache, you will need to make changes to php.ini before it can be used by your scripts.

# nano  /usr/local/lib/php.ini

Here is recommended settings for xcache in cPanel —

xcache.admin.pass=””
xcache.admin.user=”mOo”
xcache.cacher=”On”
xcache.coredump_directory=””
xcache.count=”1″
xcache.coveragedump_directory=”/tmp/pcov/”
xcache.coverager=”Off”
xcache.gc_interval=”300″
xcache.mmap_path=”/dev/zero”
xcache.optimizer=”On”
xcache.readonly_protection=”Off”
xcache.size=”50M”
xcache.slots=”8K”
xcache.test=”Off”
xcache.ttl=”3600″
xcache.var_count=”2″
xcache.var_gc_interval=”300″
xcache.var_maxttl=”7200″
xcache.var_size=”16M”
xcache.var_slots=”8K”
xcache.var_ttl=”3600″

Make necessary changes and save. Aftererwards you will need to restart Apache in WHM for changes to take affect

# service http restart

Set up vhost in CentOS

Make a vhosts file in /etc/httpd/conf.d


# nano dominname.conf

Add the following

# file: /etc/http/conf.d/dominname.conf
# vhost: geekdecoder.com *.dominname.com
#NameVirtualHost *:80

<VirtualHost *:80>

  # Admin email, Server Name (domain name) and any aliases
    ServerName dominname.com
    ServerAlias www.dominname.com
    ServerAdmin webmaster@dominname.com

  # Index file and Document Root (where the public files are located)
    DirectoryIndex index.html index.php
    DocumentRoot /home/dominname/public_html

  # Custom log file locations
    LogLevel warn
    ErrorLog /home/dominname/logs/error.log
    CustomLog /home/dominname/logs/access.log combined

  # Error Documents
    ErrorDocument 404 /errors/404.html
    ErrorDocument 403 /errors/403.html

  <Directory />
    AllowOverride All
    Options None
  </Directory>

 <Directory "/home/dominname/public_html">
    Order allow,deny
    Allow from all
    Options SymLinksIfOwnerMatch
    Options -Indexes
    Options -Includes
  </Directory>

  ScriptAlias /cgi-bin/ /home/dominname/public_html/cgi-bin/
  <Location /cgi-bin>
  Options +ExecCGI
  </Location>

</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/dominname.crt
        SSLCertificateKeyFile /etc/pki/tls/private/dominname.key
        <Directory /home/dominname/public_html/>
        AllowOverride All
        </Directory>
        DocumentRoot /home/dominname/public_html
        ServerName dominname.com
</VirtualHost>

Install Apache, Mysql and PHP on Ubuntu 14.04

How to install Apache, MySQL and PHP on Ubuntu 14.04

Update

# sudo apt-get update

Apache

# sudo apt-get install apache2

Install MySQL

# sudo apt-get install mysql-server php5-mysql
# sudo mysql_install_db
# mysql_secure_installation

Install PHP

# sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt

Restart Server

# sudo /etc/init.d/apache2 restart

Check Apache

Open a web browser and navigate to http://IPADDRESS. You should see a message saying It works!

Check PHP

# php -r 'echo "\n\nYour PHP installation is working fine.\n\n\n";'

The requested resource does not allow request data with POST requests

The requested resource
/marketplace/marketplaceaccount/editProfile/
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit

mod_security configuration in the /etc/httpd/conf.d/mod_security.conf file:


# Maximum request body size we will
# accept for buffering
SecRequestBodyLimit 131072

You should be able to change this value and restart apache for the uploads to work.

Update SSL cipher Suite from 1.0 to 1.2

SSL certificate info on Chrome you get a message that we are using an obsolete cipher suite TLS 1.0. We need to upgrade to 1.1 or 1.2. How can this be done?

# nano /etc/httpd/conf.d/ssl.conf

Old


# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

New

##   SSL Protocol support:
## List the enable protocol levels with which clients will be able to
## connect.  Disable SSLv2 access by default:
SSLProtocol All -SSLv2 -SSLv3

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
#
##   SSL Cipher Suite:
## List the ciphers that the client is permitted to negotiate.
## See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Find and disable specific ModSecurity rules

ModSecurity uses can help block potential attack attempts from malicious users, but sometimes it can also block legitimate requests.

Note: Using SecRuleEngine Off in your modsecurity configuration, you won’t want to put that in your ModSecurity configuration file. As that completely turns off ModSecurity. The SecRuleRemoveById setting is used instead to only disable one specific rule.

If you are seeing errors in you apache log files for a domain such as:


[Sat Jul 25 16:34:57 2015] [error] [client ??.7.??.??] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "111"] [id "1234123404"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"][severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "domain.com"] [uri "/skin/frontend/base/default/js/cadence/lib/jquery.cookie.js"] [unique_id "VbQdIdg3u9IAAB9DPQkAAAAH"]

Mod _security is doing its job. If this is a valid script, you can make a change and allow it.
Run the following from ssh:

# grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c | sort -n

The results will look like this:

 # 100 1234123404 www.domain.com /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js

ModSecurity rule ID 1234123404 has been triggered at least 100 times when accessing /skin/frontend/base/default/js/cadence/lib/jquery.cookie.js file.

In order to disable just the specific ModSecurity rule for the 1234123404 rule, run the following command:


# echo "SecRuleRemoveById 1234123404" >> /usr/local/apache/conf/userdata/std/2/userna5/domain.com/modsec.conf

You can also search for the rule in WHM/cPanel at Home »Security Center »ModSecurity™ Tools » Rules List

Note the error in the log file – the ID:

# [id "1234123404"]

This is the rule. Search for this at Home »Security Center »ModSecurity™ Tools » Rules List.

rules

You can click disable to allow the script.

disable