Debugging libtool

While debugging Apache this week, I wanted to get verbose output from libtool. After digging around on the web, I found that setting LTFLAGS to “–debug” will cause libtool to display numerous useful pieces of information:

$ export LTFLAGS=”–debug”

$ apxs -c mod_dtrace.c
Link command: /tmp/apache/build/libtool –debug –mode=link gcc -o mod_dtrace.la -rpath /tmp/apache/modules -module -avoid-version mod_dtrace.lo
/tmp/apache/build/libtool –debug –mode=compile gcc -prefer-pic -DAP_HAVE_DESIGNATED_INITIALIZER -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -I/tmp/apache/include -I/tmp/apache/include -I/tmp/apache/include -c -o mod_dtrace.lo mod_dtrace.c && touch mod_dtrace.slo
libtool: enabling shell trace mode
+ preserve_args=’ –debug’
+ test 16 -gt 0
+ arg=–mode=compile
+ shift
+ case $arg in
++ echo X–mode=compile
++ /bin/sed -e ‘1s/^X//’ -e ‘s/[-_a-zA-Z0-9]*=//’
+ optarg=compile
[ … ]

If you are trying to figure out how things are built with libtool, this will definitely helpful!

Disabling directory indexing with Apache

If you have visited a website and been greeted with a list of files instead of a webpage, the web server is configured to use directory indexes. Directory indexes can be helpful for users who need to locate unknown files, but pose a considerable security threat, and are often used by unscrupulous individuals to locate sensitive data (e.g., passwords, quicken files, product designs, etc.).

Due to the security issues associated with directory indexes, I prefer to disable them on the Apache web servers I support. This is easily accomplished by negating the “Indexes” option in the httpd.conf Directory and Location stanzas, or by overriding the Indexes option in an .htaccess file:

$ cat .htaccess
Options -Indexes

If an .htaccess file is used to override the web server directory indexing default configuration, the web server will need to be configured to allow overrides. There is also a performance penalty associated with .htaccess files, since the web server needs to check for the existance of an .htaccess file in each directory it processes.

Apache Name-based virtual hosts

Name-based virtual hosts allow a web server to host multiple domain names (www.daemons.net, mail.daemons.net, blatch.daemons.net) from one IP address. This allows a web hosting infrastructure to conserve IP address space, and simplify namespace management.

Apache name-based virtual hosts are configured with the “NameVirtualHost” and “VirtualHost” directives, and rely on the HTTP “Host:” header attribute. This attribute is required in HTTP 1.1, and should be present with every request. The following example grabs /index.html using the HTTP/1.1 protocol:

$ telnet www.daemons.net 80
Trying 66.36.244.105...
Connected to www.daemons.net.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.daemons.net

HTTP/1.1 200 OK
Date: Thu, 24 Feb 2005 16:33:23 GMT
Server: Apache/2.0.52
Last-Modified: Sun, 20 Jun 2004 14:39:21 GMT
ETag: "d54a2-912-c108d840"
Accept-Ranges: bytes
Content-Length: 2322
Content-Type: text/html

[ ... ]

Based on this output, it looks like my friend Clay needs to obscure his “Server:” header. Server identification is controlled with the “ServerTokens” directives.

Apache HTTP to HTTPS redirects

The Apache web server provides a flexible and customizable web hosting environment, and contains a plethora of features. One nice feature is the ability to redirect clients to different areas of a site based on URL location, or the port they are connecting to. Redirection is accomplished with the “Redirect” and “RedirectMatch” directives, which are part of the mod_alias module. To redirect all HTTP:// connections to HTTPS://, you can setup a VirtualHost, and use the Redirect directive to forward all requests for /* to a secure URL:

<VirtualHost *:80>
        Redirect permanent / https://www.daemons.net/something/blah.jsp
</virtualhost>

This assumes that non-secure connections are terminated on TCP port 80, and secure connections are terminated on TCP port 443.