Big news over at Linux-land...er, Slashdot today. "Study Finds Windows More Secure Than Linux". The summaries of the results are pretty good, as these two appear to have done a more fair comparison than I've seen in the past. For example, IIS isn't a webserver, it's an application server and does more than just serve static webpages. To compare IIS to Apache side-by-side is like comparing a Hummer to Yugo. One will get you back and forth to work, the other will get back and forth to work if you have to pass over the rockies, through some rivers and mow down any deer on the way. To make a fair and reasonable comparison, you need to add in a couple of scripting languages to Apache, as well as enable a lot of extra modules. You then need to take into account the security holes in those as well!
Well, anyway, this is news to me...not. For some reason, Apache's been getting a lot of abuse on this blog this week. Not my intention, but it's just worked out that way. Let's be clear, this study shows that IIS is more secure than Apache, and isn't a Linux vs. Windows article. Since so many people have enough trouble with facts, I like to clear up the easy ones in advance. :)
People have been comparing Apache to IIS for ages. For ages, I've been saying IIS is as secure, if not more so than Apache, if configured by a competent administrator! The problem is, IIS "out of the box" is no where near as secure as Apache is out of the box. In fact, even I wouldn't presume to call an out of box IIS secure in any way.
And this is where the confusion sets in, because *nix guys don't know how to secure a Windows box. They just assume it's not, and don't even try. Don't believe me? Ask a *nix guy "How do you secure a Windows box?" They'll always give you an answer similar to "Unplug it from the power outlet" or "Throw it over a cliff". When you press them for a real answer, they'll always say it's not possible. Press them further with "Can you do ANYTHING to secure the box at all?" and they'll usually tell you no. Oddly enough, they DO know how to secure a Windows box, they just don't know the exact procedures. Securing any system includes some basics that any competent admin should know. Security "Best Practices". Some of the basics...
Rule #1: Don't run services you don't need. Every extra service you have installed on a box above and beyond what's necessary for that box to perform its function is a point of failure. Turn 'em off.
Rule #2: Don't use known default configurations. By default, IIS is in C:\Inetpub, Apache in /var/www. Move them.
Rule #3: Secure the filesystems. Don't allow a service to write to your hard drive, unless it absolutely has to.
Rule #4: Use non-privledged accounts for services. On my box, Apache runs as the user apache, and it has write access to one folder on the entire hard drive, a folder required for one of the PHP scripts used. Unfortunately, this isn't as easy on IIS as it is on Apache, but if it's the only practice you miss, it's not as bad as it could be.
I've paraphrased these for the non-technical, and this sure isn't all of them, but they're the most essential, so we'll start with them. We'll use CodeRed as an example (forgetting for the moment that CodeRed also affected some Unix machines as well...) CodeRed was a worm that utilized an exploit in the Internet Printing Protocol in IIS. There isn't anyone who uses IPP, but it's installed by default in IIS. A bad thing right? Nope, let's look at how a machine could get infected with CodeRed...
First, you have to leave the IPP installed. Didn't we just talk about running services you don't need? If you have IPP installed, you're breaking the first cardinal rule of security! No one uses it, so why do you have it? The obvious retort is always, "Well, they don't make it easy to know what's necessary and what's not!" Who's they? Microsoft? Isn't it your job to know, regardless of availability of information? Yeah, I thought it was.
Next, when CodeRed infects a machine, it stores itself in the Scripts virtual directory on an IIS machine. Um, Scripts? You mean that well-known virtual directory that's installed by default and no one uses? Why was it there in the first place. Doesn't that violate Rule #2? Tsk, tsk!
Oh, wait! "It stores itself in the"? So, you mean your webserver got hit with an exploit, and it wrote an infected file to the filesystem? If we followed Rule #3, this wouldn't have happened, would it? It's a worm, not a hacker. It knows to try a couple of default things, and then just fails if they don't exist.
And, with rules 1-3 in place, rule #4 isn't an issue...
Whose fault is it if you got infected now? A little more humble, aren't we loyal penguinhead? You violated three of the top four security practices, and it's someone else's fault that you got infected. I know, Microsoft should secure these things out of the box. After all Apache does, right? But, why? At the end of the day, it's not Microsoft that is setting up these services, it's me. I'm the only one who knows what things I'm going to need, and how I'm going to use the software. That means it's up to ME as administrator to make sure the machine is secure, and no one else.
Anyone who tells you differently is bullshitting you to get you to believe it's not their fault.
Thursday, February 17, 2005
Wednesday, February 16, 2005
Soli-calendar
So, I'm walking past someone's cube just now and I happened to glance at their screen. They were looking at their calendar, but with just a quick glance, it almost looked like they were playing solitaire. That gave me an idea: a solitaire game, but instead of cards, you would have what looked like calendar entries. You could shuffle them around, and if someone looked, they'd think you were busy working (instead of posting to your blog!) You could put the red staff meetings on the black status meetings. All hands meetings are the aces.
Man, I really need a life....
Man, I really need a life....
Friday, February 11, 2005
Apache docs suck
I've said it before, and received a ton of crap for it....Apache's docs suck.
Consider this...you go to buy a new car. You find the one you want, and proceed to make the purchase. The salesman then explains that what you're going to do next is head to law school so that you can pass the bar. You see, the sales contract for a new car is very complex, and not something to be taken lightly. So, when you're done with law school in four years, come back and we'll do the deal. So, you do it. You pass the bar and you come back to buy your car. Of course, it's been four years, so you have to buy a different car. You manage, however, to get through the sale and are happy with your shiny new car.
A few months down the line your "Check Engine" light comes on. You read through the manual and it tells you that this could be anything! It's the ultimate dummy light, as it literally represents hundreds of possibilities of what could be wrong. You call the dealer, and ask for service. A heavy sigh comes from the other side of the phone as the mechanic gives the stage whisper, "Newbies". He explains that, yes, the "Check Engine" light could be indicitive of anything, and there's no way he can tell you what's wrong without some information first. So, he asks you to disassemble your car, and give him the serial and part numbers engraved on every component that makes it up. When you explain this is too much work, will he please just tell you how to fix it again comes the heavy sigh followed by, "If you wanted other people to fix all of your problems for you, why don't you just take the bus?!" So, it's off to school again for you as you begin your studies as a mechanic. After a couple of years, you feel confident enough to disassemble your car, but now you also know how to fix the problem, too! Yaay, no more dealing with that gruff mechanic! A feeling of accomplishment flows over you as you realize he wasn't just being gruff. He wanted you to get to that point of satisfaction of doing the job yourself. What a wonderful fellow he was!
Bullshit.
Apache docs pretty much tell you, "Apache is a webserver" followed by "here's all of the hundreds of possible commands you could put in your config file to make it work. We've specifically avoided telling you which ones are the barest essentials to get the system up and running if all you want is a small webserver to play around with something. Good luck."
Oh, yes, you're right, Apache DOES come with a default configuration file that does provide you with a minimalistic server that works. However, that file is 1086 lines long! Yes, there are comments above each set of commands that make the file that long, and if you remove them, the file is still over 300 lines long. My point? When I setup my first Apache server, after scouring the web for weeks for hints and such, my configuration file, for a basic setup, was 15 lines long. I had the barest of essentials: I could point a browser at it, and it would show web pages. Again, yes, there are HOWTOs. They suck, too. Don't say it, I'm already writing a good one.
But, what's even better is they're wrong in spots. For example, when compiling Apache from scratch, you use a configure script like most GNU software. Let's say you want to install all of the DSOs that come with the standard distribution, just so you have them. I hate having to recompile because I forgot to turn on some function of the software. To do this, the docs say use something like "./configure --enable-shared-dso=all". Makes sense, you want all the DSOs, you should prolly say "all". Problem is, "all" isn't "all". If you want, for example, proxy support, you have to tell it that specifically. Apparently "all" means, "all that we think you need, not all there is".
It gets better, using "--enable-shared-dso=all --enable-shared-dso=proxy" doesn't work, either. Here's the undocumented command: ./configure --enable-shared-dso="all proxy http_proxy etcDSO". Note the quotes which aren't noted in the docs. In all fairness, it's been a while since I graduated from Apache mechanic school, but it wasn't that long ago that this stuff wasn't well documented. I don't know if they've fixed it, and I don't care. Apache's been around for a long time, and I'm sure I'm not the first one who encountered this. In fact, when I asked, I was told, "here comes this old chestnut again!"
Here's a thought, boys: FIX YOUR DOCS!!!
Consider this...you go to buy a new car. You find the one you want, and proceed to make the purchase. The salesman then explains that what you're going to do next is head to law school so that you can pass the bar. You see, the sales contract for a new car is very complex, and not something to be taken lightly. So, when you're done with law school in four years, come back and we'll do the deal. So, you do it. You pass the bar and you come back to buy your car. Of course, it's been four years, so you have to buy a different car. You manage, however, to get through the sale and are happy with your shiny new car.
A few months down the line your "Check Engine" light comes on. You read through the manual and it tells you that this could be anything! It's the ultimate dummy light, as it literally represents hundreds of possibilities of what could be wrong. You call the dealer, and ask for service. A heavy sigh comes from the other side of the phone as the mechanic gives the stage whisper, "Newbies". He explains that, yes, the "Check Engine" light could be indicitive of anything, and there's no way he can tell you what's wrong without some information first. So, he asks you to disassemble your car, and give him the serial and part numbers engraved on every component that makes it up. When you explain this is too much work, will he please just tell you how to fix it again comes the heavy sigh followed by, "If you wanted other people to fix all of your problems for you, why don't you just take the bus?!" So, it's off to school again for you as you begin your studies as a mechanic. After a couple of years, you feel confident enough to disassemble your car, but now you also know how to fix the problem, too! Yaay, no more dealing with that gruff mechanic! A feeling of accomplishment flows over you as you realize he wasn't just being gruff. He wanted you to get to that point of satisfaction of doing the job yourself. What a wonderful fellow he was!
Bullshit.
Apache docs pretty much tell you, "Apache is a webserver" followed by "here's all of the hundreds of possible commands you could put in your config file to make it work. We've specifically avoided telling you which ones are the barest essentials to get the system up and running if all you want is a small webserver to play around with something. Good luck."
Oh, yes, you're right, Apache DOES come with a default configuration file that does provide you with a minimalistic server that works. However, that file is 1086 lines long! Yes, there are comments above each set of commands that make the file that long, and if you remove them, the file is still over 300 lines long. My point? When I setup my first Apache server, after scouring the web for weeks for hints and such, my configuration file, for a basic setup, was 15 lines long. I had the barest of essentials: I could point a browser at it, and it would show web pages. Again, yes, there are HOWTOs. They suck, too. Don't say it, I'm already writing a good one.
But, what's even better is they're wrong in spots. For example, when compiling Apache from scratch, you use a configure script like most GNU software. Let's say you want to install all of the DSOs that come with the standard distribution, just so you have them. I hate having to recompile because I forgot to turn on some function of the software. To do this, the docs say use something like "./configure --enable-shared-dso=all". Makes sense, you want all the DSOs, you should prolly say "all". Problem is, "all" isn't "all". If you want, for example, proxy support, you have to tell it that specifically. Apparently "all" means, "all that we think you need, not all there is".
It gets better, using "--enable-shared-dso=all --enable-shared-dso=proxy" doesn't work, either. Here's the undocumented command: ./configure --enable-shared-dso="all proxy http_proxy etcDSO". Note the quotes which aren't noted in the docs. In all fairness, it's been a while since I graduated from Apache mechanic school, but it wasn't that long ago that this stuff wasn't well documented. I don't know if they've fixed it, and I don't care. Apache's been around for a long time, and I'm sure I'm not the first one who encountered this. In fact, when I asked, I was told, "here comes this old chestnut again!"
Here's a thought, boys: FIX YOUR DOCS!!!
You're not going to pay a lot for this auction!
I like eBay. I've actually been using it since its original URL was something like ebay.surf.net. Anyone else remember that? I don't use it that often, but when I do, I like to get a good deal. One way to do this is use auction sniping software. The basic idea is to put your only bid in the last 15 seconds of an auction, thus removing anyone's chance of upping the bid. A lot of times, people only increment the bid $1 or two to see how high it'll go. If you can get in before anyone else has a chance to respond, you can swoop in and pick up stuff really cheaply.
My favorite sniper is still the oldest: jBidWatcher. It's a Java app so that means it runs on prett much every OS (and it also means it's really SLOW! LOL!). There's even an app bundle for OSX so it looks and runs just like a native app. jBW can sync with your MyEbay list and watch all of your auctions. My favorite feature, and one I haven't seen in any of the other free watchers (did I mention all of this functionality is FREE?!) is the multi-snipe. To multi-snipe, you select a bunch of auctions in your watch window, right-click and choose "snipe". The software sees you selected multiple items, so it enables the multi-snipe. You put in the maximum bid you want to pay for these items, and the jBW does its thing. It sits there and waits. Patiently. When the first of these auctions is close to the end, it snipes! Ahhh! Scary! If your snipe bid was successful and you won, jBW forgets about the other items in the multi-snipe. If you lost, it'll wait for the next auction to come to and end and try again.
I've been looking to get a second processor for my desktop, and they've been running about $42 before shipping. The other day before leaving for work, I started jBW and selected 4 auctions for the processor. I put my max bid at $45 (some were going as high as $60-70) and left. Later in the day, I got an e-mail that I'd won the auction at $34! Not too shabby!
This really is a great piece of software, and if you buy a lot on eBay, you owe it to yourself and your wallet to just try it a few times.
My favorite sniper is still the oldest: jBidWatcher. It's a Java app so that means it runs on prett much every OS (and it also means it's really SLOW! LOL!). There's even an app bundle for OSX so it looks and runs just like a native app. jBW can sync with your MyEbay list and watch all of your auctions. My favorite feature, and one I haven't seen in any of the other free watchers (did I mention all of this functionality is FREE?!) is the multi-snipe. To multi-snipe, you select a bunch of auctions in your watch window, right-click and choose "snipe". The software sees you selected multiple items, so it enables the multi-snipe. You put in the maximum bid you want to pay for these items, and the jBW does its thing. It sits there and waits. Patiently. When the first of these auctions is close to the end, it snipes! Ahhh! Scary! If your snipe bid was successful and you won, jBW forgets about the other items in the multi-snipe. If you lost, it'll wait for the next auction to come to and end and try again.
I've been looking to get a second processor for my desktop, and they've been running about $42 before shipping. The other day before leaving for work, I started jBW and selected 4 auctions for the processor. I put my max bid at $45 (some were going as high as $60-70) and left. Later in the day, I got an e-mail that I'd won the auction at $34! Not too shabby!
This really is a great piece of software, and if you buy a lot on eBay, you owe it to yourself and your wallet to just try it a few times.
Replacing it all
As mentioned in an earlier post, my current project has me revamping the home network. Everything that's in place has served me well, but it's time for me to get some more functionality out of everything, as well as cut down on the number of computers I have running 24/7. Considering my previous employer is also my electric company, I want them to get as little of my money as I can! Maybe not so much out of spite, but mostly 'cause I know pretty much how much money they waste every month, and dammit, I KNOW my bills could be HALF what they are now.
But, I digress...
Let's get into it. Currently, I have four computers running pretty much 24/7 at home. "Four computers for one guy, you say? Are you mad?!" Nope, just a dork. :) But, as you'll see, they each have a purpose. Well, most do:
Twoface
This is my firewall/router. (As you'll see, my network has a Batman theme. Twoface seemed appropriate for a name since it's dual-homed on my network and the Internet. A good face and a bad face. :) It's a Celeron 600 w/ 128M of RAM and a pair of hard drives, each 4G. Yup, 4G. It runs Linux. Specifically, it runs Linux From Scratch version 5.1. LFS is, by its nature, a small "distribution" as the only things installed are what you compile from scratch. I believe the total size on disk for this machine is less than 500M. I have two disks in there 'cause I like to try newer versions, and when I first set it up, I only gave it one partition of the 4G, and, really, what am I going to do with the second 4G drive?
It does a little more than just act as firewall/router, though:
Apache 2.0.48: This is setup as a reverse proxy only. My primary server, Alfred, runs IIS and has a couple of web-enable apps running. But they use their own servers, rather than the IIS on the machine. Using Apache this way, I have one external URL, but it delivers content from multiple machines. For example, if you go to www.mydomain.com, you'll get the default website on IIS running on Alfred. If you go to www.mydomain.com/homeseer, you'll get the HomeSeer web interface running on port 8000 on Alfred. www.mydomain.com/wireless gives you the web interface from my wireless router, which is obviously a totally different machine. All URLS have been changed to protect the innocent. Me. :)
Samba 2.0.something: acts as the PDC for my "domain". That's pretty much the only reason I run it.
ASSP & PopFile: provide spam filtering. I don't give out my "real" e-mail address liberally, so I really don't get a lot of spam, but I try to cut down on what little I do get. ASSP provides spam protecting on my incoming SMTP (I use no-ip.com for dynamic DNS services, more on that in another article). PopFile acts as a proxy between internal POP3 clients and outside mailboxes. I've got POP3 boxes for other things, and this "protects" them, too.
There's also a couple other things I can't think of at the moment, such as Bind for DNS.
Alfred
Alfred was originally supposed to be my "media server" (It's a server. Alfred. Server. Get it?) It's grown into being a bit more, but its original purpose still remains. It's a Dual PII-333 w/ 192M of RAM. Keep that in mind when you read what's running on it...
Windows 2000 Advanced Server: I got this soon after W2K was RTMed back in 1999. I could only get a copy of AS, so that's what I use. And, yes, it was installed over 5 years ago and hasn't been reinstalled. I hate doing that.
ShowShifter: The primary purpose of the machine. This all-in-one interface allows me to watch TV, video files, DVDs and play MP3s and audio CDs. It also acts like a PVR, but I'm on digital cable, so it hasn't seen much use in that regard. Development of SS has been exceedingly slow, and replacing it is one of the main reasons for the revamp.
HomeSeer: This is the best home automation software on the market. It's fairly feature-complete, but highly extensible via scripts and plug-ins makeing it amazingly flexible and infinitely useful. Despite the fact that this machine will be converted to Linux, I have plans to keep this around.
IIS: My primary webserver. Pretty much all of the apps I have on it, though are written in PHP. Not really much reason to use IIS then.
MySQL: Pretty good F/OSS database software. Great for home use like I use it, but its lack of mature transaction support and stored procedures make it a poor choice for the enterprise. I'll be keeping it around, though.
Subversion: For version control. I've begun playing around with it for maintaining my data on multiple machines. That's a story for another article, though.
Batman
My desktop. Already pretty much replaced, but here for historical reference. It's a PIII-1G w/ 256M of RAM running XP Pro. The guts of this machine will be used to build my new server. The mobo supports dual CPUs, but I never got around to getting one, until this week. I've also got another 512M of RAM to go into it. It's going to need it!
Batmobile
My new machine. It's a 12" Apple Powerbook G4 1.3Ghz with 512M of RAM, 80G hard drive and SuperDrive. Runs OSX 10.3.8. I bought it about six months ago...actually, to be more precise, I bought it the day before I was let go from my previous job. Fortunately, I had 6 months no payments no interest! :) I've finally gotten down to using it as my primary machine. It ain't been easy going doing the switch, but I've gotten used to some of the quirks and have plans for workaround for some of the remaining. On the whole, though, I've been happy with it. I like OSX a lot, but pretty much because the FreeBSD-based undersystem allows me to run pretty much all of the F/OSS software available without having to deal with Linux as a desktop. Tried it, hated it.
So, that tells you where I am today. Some time soon, I'll be telling you where I'm going, and why. I've got some wicked weird ideas for the future! ;-)
But, I digress...
Let's get into it. Currently, I have four computers running pretty much 24/7 at home. "Four computers for one guy, you say? Are you mad?!" Nope, just a dork. :) But, as you'll see, they each have a purpose. Well, most do:
Twoface
This is my firewall/router. (As you'll see, my network has a Batman theme. Twoface seemed appropriate for a name since it's dual-homed on my network and the Internet. A good face and a bad face. :) It's a Celeron 600 w/ 128M of RAM and a pair of hard drives, each 4G. Yup, 4G. It runs Linux. Specifically, it runs Linux From Scratch version 5.1. LFS is, by its nature, a small "distribution" as the only things installed are what you compile from scratch. I believe the total size on disk for this machine is less than 500M. I have two disks in there 'cause I like to try newer versions, and when I first set it up, I only gave it one partition of the 4G, and, really, what am I going to do with the second 4G drive?
It does a little more than just act as firewall/router, though:
Apache 2.0.48: This is setup as a reverse proxy only. My primary server, Alfred, runs IIS and has a couple of web-enable apps running. But they use their own servers, rather than the IIS on the machine. Using Apache this way, I have one external URL, but it delivers content from multiple machines. For example, if you go to www.mydomain.com, you'll get the default website on IIS running on Alfred. If you go to www.mydomain.com/homeseer, you'll get the HomeSeer web interface running on port 8000 on Alfred. www.mydomain.com/wireless gives you the web interface from my wireless router, which is obviously a totally different machine. All URLS have been changed to protect the innocent. Me. :)
Samba 2.0.something: acts as the PDC for my "domain". That's pretty much the only reason I run it.
ASSP & PopFile: provide spam filtering. I don't give out my "real" e-mail address liberally, so I really don't get a lot of spam, but I try to cut down on what little I do get. ASSP provides spam protecting on my incoming SMTP (I use no-ip.com for dynamic DNS services, more on that in another article). PopFile acts as a proxy between internal POP3 clients and outside mailboxes. I've got POP3 boxes for other things, and this "protects" them, too.
There's also a couple other things I can't think of at the moment, such as Bind for DNS.
Alfred
Alfred was originally supposed to be my "media server" (It's a server. Alfred. Server. Get it?) It's grown into being a bit more, but its original purpose still remains. It's a Dual PII-333 w/ 192M of RAM. Keep that in mind when you read what's running on it...
Windows 2000 Advanced Server: I got this soon after W2K was RTMed back in 1999. I could only get a copy of AS, so that's what I use. And, yes, it was installed over 5 years ago and hasn't been reinstalled. I hate doing that.
ShowShifter: The primary purpose of the machine. This all-in-one interface allows me to watch TV, video files, DVDs and play MP3s and audio CDs. It also acts like a PVR, but I'm on digital cable, so it hasn't seen much use in that regard. Development of SS has been exceedingly slow, and replacing it is one of the main reasons for the revamp.
HomeSeer: This is the best home automation software on the market. It's fairly feature-complete, but highly extensible via scripts and plug-ins makeing it amazingly flexible and infinitely useful. Despite the fact that this machine will be converted to Linux, I have plans to keep this around.
IIS: My primary webserver. Pretty much all of the apps I have on it, though are written in PHP. Not really much reason to use IIS then.
MySQL: Pretty good F/OSS database software. Great for home use like I use it, but its lack of mature transaction support and stored procedures make it a poor choice for the enterprise. I'll be keeping it around, though.
Subversion: For version control. I've begun playing around with it for maintaining my data on multiple machines. That's a story for another article, though.
Batman
My desktop. Already pretty much replaced, but here for historical reference. It's a PIII-1G w/ 256M of RAM running XP Pro. The guts of this machine will be used to build my new server. The mobo supports dual CPUs, but I never got around to getting one, until this week. I've also got another 512M of RAM to go into it. It's going to need it!
Batmobile
My new machine. It's a 12" Apple Powerbook G4 1.3Ghz with 512M of RAM, 80G hard drive and SuperDrive. Runs OSX 10.3.8. I bought it about six months ago...actually, to be more precise, I bought it the day before I was let go from my previous job. Fortunately, I had 6 months no payments no interest! :) I've finally gotten down to using it as my primary machine. It ain't been easy going doing the switch, but I've gotten used to some of the quirks and have plans for workaround for some of the remaining. On the whole, though, I've been happy with it. I like OSX a lot, but pretty much because the FreeBSD-based undersystem allows me to run pretty much all of the F/OSS software available without having to deal with Linux as a desktop. Tried it, hated it.
So, that tells you where I am today. Some time soon, I'll be telling you where I'm going, and why. I've got some wicked weird ideas for the future! ;-)
Apache a day....
I've always been a fan of IIS....no, it's true. It has a nasty reputation for being insecure, and in some ways, it's not unearned. Problem is, it's easy to secure, it just don't come that way out of the box! Any admin that tells you IIS ain't secure has no idea what they're doing...especially if they went and put an IIS box on the web! If you don't think it's secure, why are you using it??
Anywho, I'll get to the details later, but I'm in the process of revamping the makeup of my home network. One of the phases of the project has me kind of replacing IIS with Apache. Mainly because most of the apps I run on my IIS server are PHP, so it doesn't make a whole lot of sense to not use Apache...
Anyway, I found this site with some fella who've written some really cools mods for Apache at Tangent.
Immediately on reading their site, I saw so many uses:
mod_mp3: turns the Apache Web server into an MP3 or Ogg streaming server. Fantastic! This server's going to be my "media server" and house all of my MP3s anyway! This'll give me the ability to listen to my collection at work where I only have outgoing access to port 80! Nifty!
mod_layout: provides both a Footer and Header directive to automagically include output from other URIs at the beginning and ending of a Web page. Brilliant! The main reason I run a webserver is to give me access to some of my data that I'd like available everywhere, such as phprecipebook and SiteBar. Now, I can create a "master" page with an iframe generated automatically with links to all of these tools so I can switch back and forth with ease. I had planned on doing this manually, but this'll make life easier!
mod_trigger: gives you hooks into each Apache request to launch triggers if certain actions occur. Great! I run a webmail app, I can have Apache send me a mail or some other alert if someone tries to access it. I can write a script that'll exclude domains I normally come from (like work) to cut down on alerts.
MyXML: an UDF extension to the MySQL database. I can't think of a specific use for this at the moment, but I've had a couple of incidents where it would have been nice to be able to generate XML from a database without all the typical work involved.
Very nice stuff, really. Anyone got any other favorite Apache mods they wanna share?
Anywho, I'll get to the details later, but I'm in the process of revamping the makeup of my home network. One of the phases of the project has me kind of replacing IIS with Apache. Mainly because most of the apps I run on my IIS server are PHP, so it doesn't make a whole lot of sense to not use Apache...
Anyway, I found this site with some fella who've written some really cools mods for Apache at Tangent.
Immediately on reading their site, I saw so many uses:
mod_mp3: turns the Apache Web server into an MP3 or Ogg streaming server. Fantastic! This server's going to be my "media server" and house all of my MP3s anyway! This'll give me the ability to listen to my collection at work where I only have outgoing access to port 80! Nifty!
mod_layout: provides both a Footer and Header directive to automagically include output from other URIs at the beginning and ending of a Web page. Brilliant! The main reason I run a webserver is to give me access to some of my data that I'd like available everywhere, such as phprecipebook and SiteBar. Now, I can create a "master" page with an iframe generated automatically with links to all of these tools so I can switch back and forth with ease. I had planned on doing this manually, but this'll make life easier!
mod_trigger: gives you hooks into each Apache request to launch triggers if certain actions occur. Great! I run a webmail app, I can have Apache send me a mail or some other alert if someone tries to access it. I can write a script that'll exclude domains I normally come from (like work) to cut down on alerts.
MyXML: an UDF extension to the MySQL database. I can't think of a specific use for this at the moment, but I've had a couple of incidents where it would have been nice to be able to generate XML from a database without all the typical work involved.
Very nice stuff, really. Anyone got any other favorite Apache mods they wanna share?
Subscribe to:
Posts (Atom)