% % & ' % ' ' ( ) ' ' * )+' ', " '' % & )+ $ '" % & -./ $ '$ 0&) ) $ '1 0 2*3 4 '1 ) 4 '1 *&,3 5

% % & ' % ' ' ( ) ' ' * )+' ', " '' % & )+ $ '" % & -./ $ '$ 0&) ) $ '1 0 2*3 4 '1 ) 4 '1 *&,3 5 '4 /,) '4 &) '4 /,) '4 /,). '4' /,), '5 0&) '5 '5 - '5 0, ' 6 ' ' / ' ' & ' ' ( 7 " '' 6 *& " '" 0 " '$ /+ 66! $ '1!) $ " 6 66! 1 ", 1 " 0&) 1 " 0&) 4 $ ).8. 1, 4 0 2*) 4 %.. 4 %/" 5 6,*, 9:,&) * *3 " % % " % ;##<= " % ;##) = ",& "!& $ 9:,&) 66! 1 8& 1 %& 1 %&66! 2*3& 1 %&66! 4 8<.8.>:, 5 8? "#$# #

1. Préambule 0,!;>##<<<) )#@&#&,= 0, ) A% % B,, C! 0, DE* B? *,!,*& : %,??, &).,, F@,G:H), 2. A.N.F.A.!*%.-!IJ0 I%&? ;<<<& )=,*&,?J0%&? ) 3. Définition 7?, ) & 7!* ) 7;,,/+9= & ;),),,@,?F,)& ) = 0&, 8JJ.;8@ J:J &. = - 0$$F$45'";>##<<<&? )# &# &$$,=! 8JJ. J0.#. & 4,,? "#$# #

4. Apache 4.1. Origines % 7(, ;$K,, 7?B &,=,3 & 55" :,06%;0 & 6,) %?*),, ) 7>/= %, %6&< &555? A& & & F) ) 7%! A& 7 F&F&&&?,, ),&, %A *?,I&,), :! *% ''? L 1? 3 A L?! *?), L, %ML*,) 4.2. Installation avec l archive tgz % /usr/local/apache,!?f&),, 6?*,F J ) *% &, )+ )#<) ;G1 )+=F & *) ; :=F, ; N+:&=F % G1F 9:,,>./configure --prefix=/usr/local/apache?,f 0,,,makeF 6? ;=F,,make installf - &, )> ln s /usr/local/apache/bin/apachectl /etc/init.d/httpdf, <,,service httpd start, 6 F "#$# '#

J < ) <;>##1>44#F &, 44 :@= -,?>7 %,*% 4.3. Installation avec les rpms 6?*,F J ),*% >##,&> o I1I,O"4$, o I,,I1I,O"4$, o I&I1I,O"4$, o I,I1I,O"4$, o I,I1I,O"4$,;= o II1I,O"4$,;=F o II$4$,;.8.=F o,g II4$,;. =F o,gi4i,o,; 66!=F & *) -./; : =F 6? ;=F,> Rpm ivh apache-1.3.27-2mdk.i586.rpm \ apache-common-1.3.27-1mdk.i586.rpm \ apache-conf-1.3.27-2mdk.i586.rpm \ apache-modules-1.3.27-1mdk.i586.rpm \ mod_perl-1.21-20.i386.rpm \ mod_ssl-2.8.12-1mdk.rpm "#$# "#

, <,,service httpd start, 6 F J < ) <;>##1>44#F &, 44 :@= 4.4. Arborescence des fichiers en installation tgz /usr/local/apache/bin > : cgi-bin > & ),,) de )@,?0 conf >&) htdocs > &<,* icons >A*2 & )< include >& *,) libexec > *:*;,,= logs >& A : man >,, proxy >, :@?, 4.5. Arborescence des fichiers en installation RPM /etc/httpd/conf>&) /usr/bin> : /sbin> : /lib/apache> *:% /share/man>,, /share/doc>, /var/log/apache>& A : /www/>racin< &,8J/! /www/cgi-bin > & ),,) ) @,?0 4.6. Configuration générale!& &) *,"> &>& &) F &>& & 2*3:<F,,@>&@,, ;@ & :F >##<<<I,I )& #PQ#//9, :,,=F,)>&,*&@,,*& ;@ &:=F,&>& &)?*A *! &,& &0I &,*& :,,> (.J(%!9- R690J(STR#690J(S U,, "#$# $#

9,&& F&) B ),, service http reload ou service http restart!&) <*% & ;>##1>44#= 0??! > > &> >44> &,0 &.,0!,,*,4, B, >&>,, @. *.0! >&>, <. J0.! @:!H.>.!.# J0.0,,); = >@>)*?B : ;* @:U, * =%F& )!*? 3 :)7& )?I *??V<V User web >@>,B,?, )?*:% >,H,GG >, <, 0 && )* >,G6GG>, ;<<<,,,= &,0 W,8 ># ###>0, &CO< ># ##> 0, C 0,&)!" >, & &?* 0 2*3 #$>)# G)> A ) &9 @)F A ) &1@)9& 3 XF &: ) ),,? 3 3 X %&'>)#O> ),, "#$# 1#

&'>)#> CO, 3 *%0& )@3,, **%@ ): &'> )#G>,, && *% (> * *%> -? @3, O & )*% ($># ###)#G),,>?B &! @: chemin_vers_le_fichier règle_de_formatage_des_traces!&,) & 3)!), &,,), && 4.7. Contrôle d accès 4.7.1. Directives générales! ),& & R @S? 3 && )*>:,:,>*)*&&?, & ) &??B ;<<<,,,# <<<,,,#:,=9 )?& 9, &? & * F +>& F*,& 2*3,& & 9 > %>&/<F <6@,!O>*@,?F 9:0> *:0F > @6 I6IF (9L90 >,, 0 U: UF :> * )*& &, @:* ; =F /<>.,& ) &@,, I?, &,,3 ;, :=.F 6@,O&(< / >, <6@,!O, &? &,B, '',+>&?,3 B,& 7 Y& ; %,= )0 > %>,& F >& ) F "#$# 4#

%0&)>% Z) % +?,, & ; %Q/ F %Q/ F % F %,F %J@F % F -? F, *%=F &> % Z) 2 Z3 : @, ; %9)F %!))F %J@F &J@F 9,F!)). @F,*%=F :>.,& *: *&&) )*:; % F%F%Q@9)F%Q@J@F &F @:F @:)F 8,F :) F :(F -,,F,*%=F!,>% Z) 23 2;<F@ = (>% Z) 2 &&? ; ) (,% LQ8O= &' > >, & &? * 3 4.7.2. Directives d authentification et de limitation des accès! B R @S,, I & & 3 -,?>?R @S*? F & *??*? '',"-%<&,% > &, *3 & ;%< &,,,=F +-@F%<>&*? @%<! > @F%<>*3 &F?* W @? W < F %<F@>*3? &F?* W <? W @?F /I& > <,? @ 0, %<F@! *&,3 &&) *% > > :? *? *& 0,) W &B )#,&* *?) *),*,)*&, ),.> Q> &, *&! Q )!*&Q)$' *&) /"9 3)) F*Q&& "#$# 5#

&'>##G >&?,? 0&, ),,<; =!& B %!@:& >!)>,G @!)>,G @ &'> ##G) > &? )? &&! ), B &!& B %!@: & > > > />&!&& @:> -? > & F -? ) ) > ) & F -? I > & F -? &I< >* B & * @3,,B,)B & F -? &I) >,&I<,) ) @3,! & ) ),, < ; * %=> 0 & > htpasswd c /etc/apache_users username > & G,,,, %A* #,&*,> htpasswd /etc/apache_users username >A*,, 6 * > & ;=, ) *!& * :? :, 2*3 : 4.8. Multihoming 4.8.1. Directives de configuration!,,) ),B, )! > '>%#,G GG& >,& * J?B>##<<<,,# ),G GG& "#$# #

'>6 %,,[,,>,&, J?B&,, ) &)?)3,,9, 8 0'1>, 81>4>,* ),,) &,<.!& J0.*) * AO [,,). 0'1 2)-!"0'1 > & * *.!*.B, [ ;,,),= 33> &) ).,3 ) 4.8.2. Multihoming par arborescence!&& ),B,.,B,,,&& 0&) &?)3 2 *3 R @S & &> Alias /site1 /meswebs/site1 Alias /site2 /meswebs/site2 Alias /site3 /home/user_site3 4.8.3. Multihoming par adresse IP ou par port!&& &&.#! 8 Listen 192.168.1.1 :80 Listen 192.168.1.1 :443 Listen 192.168.1.2 :80 <VirtualHost 192.168.1.1:80> ServerName www.mondomaine.com DocumentRoot /mesweb/mondomaine.com </VirtualHost> <VirtualHost 192.168.1.1:443> ServerName www.mondomaine.com DocumentRoot /mesweb/mondomaine_secure.com </VirtualHost> <VirtualHost 192.168.1.2:80> ServerName www.trucmuche.com DocumentRoot /mesweb/tructmuche.com </VirtualHost>! >! <<<,,, * 5$4F & #,<#,,,F "#$# #

! <<<,, * 5$4F & #,<#,,! <<<,,, * 5$466!; ''=F & #,<#,,G, %>,?6,B 6 4.8.4. Multihoming par nom!&& ),B,.,B,,&&,& & &) ), 8& 8 NameVirtualHost * <VirtualHost *> ServerName www.mondomaine.com DocumentRoot /mesweb/mondomaine.com </VirtualHost> <VirtualHost *> ServerName www.tructmuche.com DocumentRoot /mesweb/trucmuche.com </VirtualHost> <VirtualHost *> ServerName www.bazar.com ServerAlias bazaar.com *.bazar.com DocumentRoot /mesweb/bazar.com </VirtualHost>! >! <<<,,, 3 : & #,<#,,,F! <<<,, 3 : & #,<#,,F J[+,3:& #,<#+, %>,?6,B 6 -,?>, & ) *F, 8 4.9. Configuration avancée 4.9.1. Directives 1%>&&>, & 6? & &?,& *.0)3 & )6*?? ; A &&?* *3,, =F "#$# #

4*>>&, &? B :?B!?*@ &?FA?* 4>">&,,,, &? *?B 4*('>"$>,,:,,?B,? B,,:,, &?,B,,!?B, 4*/('>,,:,,?B?* & %F 0,*, & Y%, )3, &! 5 '>>,\% 8JJ.?,?B:J0.&*, &, 4*5 '/>>&,,:,,?B? *,B,\%!,.+>>&,,:,,?% * 4'>!/,G, :# >, ), @,?*A &!& : *% 9:,>!/,G :#,G!, *%/ 4'>%/,G,>, *, );, %F )!/! ('4',,, ) )64' '7!")64' >, & &) **, 4.9.2. Répertoires utilisateurs, %, G I>AddModule mod_userdir.c &?CO), > RIfModule mod_userdir.c> UserDir public_html </IfModule>!?B >##<<<,,#P # 3 :& O P #G, 4.9.3. Compilation avancée! *,;#&) =F B > 886*9""''">,& C %] "#$# #

88'8'9'7> *,] 88'89'7 >, &, * @,?] 888'988'8>3), %] 88'8'9'7> *,&*%] 88'8*> ),, :?, % ) * *:;) :F = 4.10. Sécurisation? @3,!: A ) ; F, F?)&? B,*) = 4.10.1. Modules à désactiver! ),@F,:*F&,:,,,, * -disable-module * *, -disable-module=all?, *,,,?, &? ; B &=>,G,&*-!,G < *-!,G @3,; 7 =,G: &) ;:=,G 6 6;66=,G) 0,,<@ &;0=;&+.8.=,G 0&,) ^ *%;,=,G,*&, *,G,,)?2 & ),, 7 &;,? <<< )= 4.10.2. Droits sur les fichiers %* :&?*,F&* ) *? F &?*?: % )**3 &?,,B, &Y ) 7 B # %; :,) I< =*?*, F*:?? )F)7B : "#$# '#

! *% ; = B,& *?:%!, &,, * 3 #: %,F+ *3 *:*%F&?I ) < F* %,* : F <III:II: mkdir /usr/local/apache cd /usr/local/apache mkdir bin conf logs chown 0. bin conf logs chgrp 0. bin conf logs chmod 755. bin conf logs #Suivez la procédure d installation chown 0 /usr/local/apache/bin/httpd chgrp 0 /usr/local/apache/bin/httpd chmod 511 /usr/local/apache/bin/httpd 4.10.3. Options sur le site Web 6& : F & %<(??,3 &),&) B,&, & &? *3&? &? +? )> <Directory /> AllowOverride None Order Deny,Allow Deny from all </Directory>. :& @3,;?##<= <Directory /usr/local/apache/htdocs> AllowOverride None Order Deny,Allow Allow from all </Directory> /< &!:F <@,OB, 6&+* @:&*B )? ) & 4.10.4. Support de l authentification 6 )C F&,,, *& 2*3 4.10.5. CGIs! 0 7 @,?,, : 3, 0*?F 3 B "#$# "#

6F &+ ),,?*, && I &<, 3) 2,3 &&;0 66 ) :,= 6F ) +??, *:?*, 2 4.10.6. Mettez en place le support de SSL 6 + * @:) 7 66! A 4.10.7. Utilisez mod_security,,g @F%, 2 &&*?,;<<<, @ )= %+,*AddModule mod_security.c ; 0&), & > <IfModule mod_security.c> AddHandler application/x-httpd-php.php SecAuditEngine On SecAuditLog logs/audit_log SecFilterScanPOST On SecFilterEngine On </IfModule> +R#&/S), & *?066> SecFilterDefaultAction "deny,log,status:500" SecFilter "<(. \n)+>" 0*?*:,&) F,G @*&, A 4.10.8. Logs *+ *, A : & 3) O)F * ) *@ 0:I+ +*: 4.10.9. Chroot! ) *%,, *: *%!:!)%* 3?*:&?,, * & ##< @3, : & *% 0, * ) * *,@3, 0 ; @3,=>,O # #< 0 @3,> "#$# $#

cd /chroots/web mkdir bin dev etc sbin tmp usr var usr/lib usr/share usr/share/local usr/share/zoneinfo chmod +rwxogu tmp chmod +t tmp 0 & &, *%,;,F &,?FA+,,N=> #création d un device /dev/null mknod m 666 dev/null c 1 3 #paramétrage de la zone cp pi /usr/share/zoneinfo/[votrezone] usr/share/zoneinfo cd etc #paramétrage de l heure ln s../usr/share/zoneinfo/[votrezone] localtime cd.. cp a /usr/share/locale/[votrelocale] usr/share/locale #copie de quelques libs utiles cp -pi /lib/libtermcap.so.2 /lib/ld-linux.so.2 /lib/libc.so.6 lib/ #copie d un shell cp -pi /bin/sh /bin/cat bin/ #création des fichiers d utilisateurs touch etc/passwd etc/group etc/shadow chmod 400 etc/shadow #creation d un utilisateur pour l exécution d Apache (aucun utilisateur root ne sera créé) echo 'www:x:888:888:web Account:/webhome:/usr/bin/false' > etc/passwd echo 'www:x:888:' > etc/group echo 'www:*:10882:-1:99999:-1:-1:-1:134537804' > etc/shadow cp pi /bin/false bin #les fichiers binaires sont en exécution seule chmod 111 bin/* chmod 111 usr/local/apache/bin/* #libs nécessaires au DNS cp -pi /lib/libnss_files.so.2 lib/ cp -pi /lib/libnss_dns.so.2 lib/ 0&) 6F +& > #<& passwd: files shadow: files group: files hosts: files dns # & domain mondomaine.com # adresse du DNS (ici un cache local) nameserver 127.0.0.1 # 127.0.0.1 localhost loopback #adresse IP interne du serveur 192.168.196.2 ns.mondomaine.com ns www 0 & *%> Cp pi /usr/local/apache usr/local/apache #quelques libs nécessaires au fonctionnement d Apache cp -pi /lib/libdl.so.2 /lib/libm.so.6 /lib/libcrypt.so.1 /lib/libdb.so.3 lib/ cp -pi lib/ 0 7 > & &?? 7/messites/webF /chroots/web/messites/web "#$# 1#

, % *, ;?*% # #<# ##= > chroot /chroots/web /usr/local/apache/bin/apachectl start 6 +.8.,@6M! F *.8. O# #,#,@?O,@6M!& *: *,. 3,+:> 6, # #,#,@?O,B, @?F + @??&?,@6M!, ># #,#,@?O # #<# #,#,@?O 6F+&).8.,@6M!.? &),@6M!.; & < = -,?> &) F & *% 9 ) ;= B,F *,? &?? 3?, &,?+ "#$# 4#

5. Sécurité avec SSL 5.1. Installation de modssl &* O)(66!; <<< )= &,66!,G;<<<, )= 6 J ) &,GI4I1)+ <<<, ) & ), & *%;#,= %,G> cd mod_ssl-2.8.12-1.3.27 0&),G>./configure --with-apache=../apache_1.3.27 --with-ssl=chemin_openssl \ --with-crt=/usr/local/apache/conf/ssl.crt/server.crt \ --with-key=/usr/local/apache/conf/ssl.key/server.key \ --prefix=/usr/local/apache. **% -,?>,, *,, <<<, ) 5.2. Configuration du serveur && 66!&) *%. F,66! % &) ) 66!;:,&) & := AddType application/x-x509-ca-cert.crt AddType application/x-pkcs7-crl.crl 0,% W &,,& ) &66! '$>>?%C ; =? 3)& 7!*??*,, )*% (>,># ###)#G>&, & C O 66! (.>> 4*> file:/usr/local/apache/logs/ssl_mutex : &, & C O,? 3)3 66! > > @ ) Q ) (66! 0 B &), ) *% ;66!-,6 =: ;66!-,6= $>V# ###)#G)G)V>& A, 66!;&,,66!= $'>&>A, 66! "#$# 5#

!&? <?66! B 8? &?)366! J0.'' #$>>66!J: & 66! (>%!!>_%8>_9L."$>-0'`-6%>`88>`/9/>`!(7>`66!>`9L.>`!!> @) (66&'># ###&# # >&? & (65&'> # ###&#O@# O@ > &? & (6(&'> # ###&# # > &? W,3 & ( (6># ###&# >, *3 & *% 0 &?)3 ( (6&'># ###&# # > &? & *% 0 &?)3 ( ># ###&# >,? )3 &,!*,, )/ &> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 5.3. Configuration des répertoires!*&) & & &. > / > >, *3 66! * 0 *?*66! 06('> > #? >, * *&66!? & 2?*), (,* &?* -? :* &;?) 0% = +>`69 >,& &,66!! ;:=> `69 > & *,?,,? : 0 *66! `6 -? & 2 * 66!? 66!-? 66!, "#$# #

` OQ%>,&Q *&66! & 2*3 2*3 %; =. F&A & % ) &!, *,, & V0a #(a/0%#(a/#,% a H,,V!,* B V< V />Kb66!G0!9JG6GG0cbV Vc>,& &?*&66!*:,F0,,, &B :,: "#$# #

6. Intégration PHP! 3 ) @,?.8.; <<< =B,3 > 6 J ) 3.8. <<< & *) * ), *.,.8../configure --with-apache=../${src_apache} --with-mysql=/usr/, :,B ).8.?,,@? with-mysql=/usr ;?/@6M! -./ =.8. *&, *) ) 0,,,,O 6.8.,,,O %.8.%>,& & & A > o LoadModule php4_module libexec/libphp4.so > )3?.8. o AddModule mod_php4.c>, o IfModule mod_mime.cfa VAddType application/x-httpdphp.php.php3.php4v?&) /,&.8. 6 I 0&) *.8.,0> <Directory /monsiteweb/scriptsphp> #Directives générales DirectoryIndex index.php index.php3 #charge par défaut la page index.php <IfModule mod_php4.c> #configuration spécifique au module PHP php_value include_path '/usr/local/lib/php:.' # répertoires dans lesquels sont stockés des bilbiothèques de scripts php php_flag magic_quotes_gpc Off #pour la sécurité php_flag track_vars On #pour la sécurité </IfModule> </Directory> J < ;& :,?.8.:= 7. Documentation '-,,,::$ 6 ),,>>##<<<, - 0>>##<<<&? )# &#.8.><<< (66!><<< ) /66!><<<, ) /,>>##<<<I,I )& #PQ#//9,,& Y> >## 5:&,@ )#:#:'d)a,!%/.> >##<<<:& )# #, # 1, /G @>>##<<<, @ ) "#$# #

8. Contrôle de l intégrité des sources 8.1. Avec PGP J ) &..*%;>##<<< )###\9e6= J ) ) FI 1> -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iqa/awuapzrvg4s6yb8iyxxleqkkpgceoxsbexlgyuzewf6mlzd/5+sjrpcaonn6 q7jvnn1yvfn4t3jooy2xm9zg =JeQp -----END PGP SIGNATURE----- & ) &,B,?C+ > % pgpk -a KEYS % pgpv apache_1.3.27.tar.gz.asc % pgp -ka KEYS % pgp apache_1.3.27.tar.gz.asc % gpg --import KEYS % gpg --verify apache_1.3.27.tar.gz.asc 8.2. Avec MD5 9:,,% md5sum apache_1.3.27.tar.gz 0, *0I 1> $"45$"$"1'''4$ "#$# #

9. Script de compilation d apache avec php et modssl! I, F,F?*, ;=,@?;?B =.8., )F& @; @=F +F A)F ) ); B = %,,@,?,,G,&*-!,G < *-!,G @3,; 7 =,G: &) ;:=,G 6 6;66=,G) 0,,<@ &;0=,G 0&,) ^ *%,G,*&, *,G,,)?2 #!/bin/sh #repertoires ou telecharger les sources #www.openssl.org #www.modssl.org #www.apache.org #ftp://ftp.cac.washington.edu/mail/ #www.php.net BUILD_OPENSSL=1 CONFIG_MODSSL=1 CONFIG_APACHE=1 BUILD_IMAP=1 BUILD_PHP=1 BUILD_APACHE=1 SRC_APACHE=apache_1.3.27 SRC_OPENSSL=openssl-0.9.7 SRC_MODSSL=mod_ssl-2.8.12-1.3.27 SRC_IMAP=imap-2002 SRC_PHP=php-4.3.0 DST_APACHE=/usr/local/apache DST_OPENSSL=/usr/local/ssl DST_MODSSL=mod_ssl-2.8.8-1.3.24 DST_IMAP=imap-2002 DST_PHP=php-4.2.1 APACHE_DISABLED_MODULES=--disable-module=proxy \ --disable-module=mod_alias \ --disable-module=mod_rewrite \ --disable-module=mod_userdir \ --disable-module=mod_autoindex \ --disable-module=mod_include \ --disable-module=mod_status \ --disable-module=mod_imap "#$# '#

if [! -d./logs ]; then mkdir./logs fi if [ $BUILD_OPENSSL -eq 1 ]; then echo Openssl cd ${SRC_OPENSSL} echo " Config"./config --prefix=${dst_openssl} shared >&../Logs/openssl_config.log exit 1 echo " Fin : Config" echo " Compil" ; make >&../Logs/openssl_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/openssl_install.log exit 1 echo " Fin : Install" echo "Openssl fin" cd.. else echo Openssl : ignore fi if [ $CONFIG_MODSSL -eq 1 ]; then echo mod_ssl cd ${SRC_MODSSL} echo " Config"./configure --with-apache=../${src_apache} \ --with-ssl=${dst_openssl} \ --with-crt=${dst_apache}/conf/ssl.crt/server.crt \ --with-key=${dst_apache}/conf/ssl.key/server.key \ --prefix=${dst_apache} >&../Logs/modssl_config.log exit 1 echo " Fin : Config" echo "mod_ssl fin" cd.. else echo mod_ssl : ignore fi if [ $CONFIG_APACHE -eq 1 ]; then echo "Apache (preparation)" cd ${SRC_APACHE} echo " Config"./configure --prefix=${dst_apache} >&../Logs/apache.log exit 1 echo " Fin : Config" echo "Apache fin" cd.. else echo "Apache (preparation) : ignore" fi if [ $BUILD_IMAP -eq 1 ]; then echo imap cd ${SRC_IMAP} echo " Compil" make slx >&../Logs/imap-compil.log exit 1 echo " Fin : Compil" echo "imap fin" cd.. else echo imap : ignore fi if [ $BUILD_PHP -eq 1 ]; then echo PHP cd ${SRC_PHP} "#$# "#

CFLAGS='-O2 -I${DST_OPENSSL}/include' echo " Config"./configure --with-apache=../${src_apache} \ --with-gettext \ --with-freetype-dir \ --with-mysql=/usr/ \ --enable-memory-limit=yes \ --with-imap=../${src_imap} \ --with-zlib-dir=/usr \ --with-jpeg-dir \ --with-png-dir \ --with-gd >&../Logs/php_config.log exit 1 echo " Fin : Config" echo " Compil" ; make >&../Logs/php_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/php_install.log exit 1 echo " Fin : Install" echo PHP fin cd.. else echo PHP : ignore fi if [ $BUILD_APACHE -eq 1 ]; then echo Apache cd ${SRC_APACHE} SSL_BASE=${DST_OPENSSL}/include/ EAPI_MM=../mm-1.1.x echo " Config"./configure --enable-module=ssl \ --enable-shared=ssl \ --prefix=${dst_apache} \ --activate-module=src/modules/php4/libphp4.a \ --enable-shared=php4 \ ${APACHE_DISABLES_MODULES} >&../Logs/apache_config.log (exit 1) echo " Fin : Config" echo " Compil" ; make >&../Logs/apache_compil.log exit 1 echo " Fin : Compil" echo " Install" ; make install >&../Logs/apache_install.log exit 1 echo " Fin : Install" echo "Apache fin" echo Fin cd.. else echo Apache : ignore fi "#$# $#

10. Exemple de configuration d une restriction d accès 10.1. Fichiers AuthUserFile et AuthGroupFile. :,F& *& > 10.1.1. AuthUserFile (/etc/htpasswd)!, @, LLL! V#0a -#6Ja1"TV &66! ; :, 66!= joe:xxx bob:xxx alice:xxx /C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/emailAddress=homme@home.com:XXX /C=FR/ST=75/O=Maison/OU=Maison Users/CN=femme/emailAddress=femme@home.com:XXX root:xxx 10.1.2. AuthGroupFile (/etc/htgroups) Utilisateurs_ssl: "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/emailAddress=ho mme@home.com" "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=femme/emailAddress=femme@ home.com" Utilisateurs_web1: "/C=FR/ST=75/O=Maison/OU=Maison Users/CN=homme/emailAddress=h omme@home.com" alice joe Utilisateurs_misc: joe bob 10.2. Globalement dans access.conf - *3 A> <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require user joe bob alice </Directory>!@:,B, <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd AuthGroupFile /etc/htgroups require user alice require group Utilisateurs_misc </Directory>!@:, < > "#$# 1#

<Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.htm Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require valid-user </Directory> 9&@:,* & ; = <Directory /usr/local/apache/htdocs/secure> AllowOverride AuthConfig # activation du support de fichier htaccess DirectoryIndex index.htm Order allow,deny Allow from all #il est possible de definir un controle d acces qui pourra etre modifier par un fichier htaccess s il existe </Directory> 10.3. Locale via un fichier.htaccess 0,B,?& &, C>. :, A F & > Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd AuthGroupFile /etc/htgroups require group Utilisateurs_misc "#$# 4#

11. Exemple de configuration SSL 11.1. Httpd.conf?*&?* &) = <IfDefine SSL> AddType application/x-x509-ca-cert.crt AddType application/x-pkcs7-crl.crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /usr/local/apache/logs/ssl_engine_log SSLLogLevel info </IfModule> <IfDefine SSL> Listen 443 <VirtualHost *:443> DocumentRoot "/usr/local/htdocs" ServerName www.mondomaine.com ServerAdmin www@mondomaine.com ErrorLog /usr/local/apache/logs/www_ssl_error_log TransferLog /usr/local/apache/logs/www_ssl_access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache/conf/ssl.crt/www.mondomaine.com.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.mondomaine.com.key SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt SSLCACertificatePath /usr/local/apache/conf/ssl.crt SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca.crt SSLCARevocationPath /usr/local/apache/conf/ssl.crl <Files ~ "\.(cgi shtml phtml php php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> 11.2. Access.conf 11.2.1. Authentification SSL avec contrôle d accès dans des fichiers.htaccess <Directory /usr/local/apache/htdocs/secure AllowOverride AuthConfig DirectoryIndex index.htm Order allow,deny "#$# 5#

Allow from all <IfDefine SSL> SSLRequireSSL SSLVerifyClient optional # il est possible de se connecter sans certificats pour de simples utilisateurs declares dans htacccess par exemple SSLOptions +StdEnvVars +StrictRequire +FakeBasicAuth </IfDefine> </Directory> & & % A & ) > CN=root/O=MaCA/OU=Maison/emailAddress=root@home.com:xxj31ZMTZzkVA! ::Af/Jf+O%, D< E @ & % &&* 3&,,> Order allow,deny Allow from all AuthName "Acces restreint" AuthType Basic AuthUserFile /etc/htpasswd require user "CN=root/O=MaCA/OU=Maison/emailAddress=root@home.com" 11.2.2. Authentification SSL avec contraintes *3 * &F ` OQ% *. &) 0% 7,* <Directory /usr/local/apache/htdocs/secure> AllowOverride None DirectoryIndex index.php # pages dynamiques générées par PHP Order allow,deny Allow from all <IfModule mod_php4.c> # configuration de PHP php_value include_path '/usr/local/lib/php:.' php_flag magic_quotes_gpc Off php_flag track_vars On </IfModule> <IfDefine SSL> SSLRequireSSL SSLVerifyClient require # il n est pas possible de se connecter sans certificat SSLOptions +StdEnvVars +StrictRequire SSLRequire %{SSL_CLIENT_S_DN_CN} in {"root"} # le Common Name doit être root </IfDefine> </Directory> "#$# #

12. Helloworld PHP : index.html <html> <head> <title>exemple</title> </head> <body> <?php write "Bonjour, je suis un script PHP!"?> </body> </html> "#$# #

13. Historique des version F'##>.,3! F##>, &*: F'#$#>/G @F "#$# #