Tag: config

Renaming JSESSIONID

Older versions of Apache Tomcat, as well as the older servlet specifications required that several configuration values need to be set. With servlet 3, you can now modify the name of the session cookie (as well as the ‘rewriting’ attribute name) in the web.xml file

In web.xml: (servlet 3.x)

<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<name>mysessionid</name><!-- default is jsessionid -->
<http-only>true</http-only>
<!-- secure>true</secure-->
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>

Alternately for Tomcat7, modify TOMCAT_HOME\conf\context.xml:
<Context path="/exampleApp" sessionCookieName="myid">

If you are using spring security, then you should try setting disable-url-rewriting attribute of <http> element to true.

REFERENCES:

Name based virtual hosting with Apache2 on Ubuntu

I often find it necessary to setup a temporary server for testing web applications. The easiest way to support this is often to create an integration (beta) test server that can be configured to support multiple hosts.

Initial Installation:

sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo chmod 755 /var/www

To add a new site:

cd /etc/apache2/sites-available
sudo cp 000-default.conf yourdomain.com.conf
sudo vi yourdomain.com.conf
(change values as appropriate)
sudo chown -R YOURUSER:YOURGROUP yourdomain.com.conf
sudo mkdir -p /var/www/yourdomain.com
sudo chmod 755 /var/www
sudo vi /var/www/yourdomain.com/index.html
(add some fluff)
sudo chown -R YOURUSER:YOURGROUP /var/www/yourdomain.com
sudo a2ensite yourdomain.com
sudo service apache2 reload
sudo service apache2 restart

NOTE: replace YOURUSER and YOURGROUP with appropriate values for your server.

Content-Security-Policy HTTP Header

There’s yet another new means to ‘help’ client User-Agents with preventing XSS on your websites.

In it’s simplest form you can simply use the following HTTP Header(s), the second one is for earlier versions of Webkit (Chrome/Safari):

Content-Security-Policy: default-src 'self'
Webkit-CSP: default-src 'self'

You can also add to the above to permit assets to load from other sources.
For example, if you were to permit javascript files from example.com you could include:

Content-Security-Policy: default-src 'self'; script-src http://example.com

Additionally, while failures are noted in the client’s browser console (that most users are not aware of), you can have them sent back to your server by adding a ‘report-uri’ attribute with an appropriate handler:

Content-Security-Policy: default-src 'self'; report-uri http://example.com/csp-report.php

REFERENCES:

Sample Tomcat7 setup

There are a few steps that I generally take to setup a new Tomcat server instance, this enables the following:

  • The manager console
  • HTTP compression
  • UTF-8 encoding

Steps:

  1. tomcat-users.xml – add to bottom:

    <role rolename="manager-gui"/>
    <user username="tomcat" password="s3cr3t" roles="manager-gui"/>

  2. server.xml – add compression and URIEncoding, change port if desired:

    <Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443" compression="on" URIEncoding="UTF-8" />

  3. server.xml – relocate webapps by adding ../ to appBase

    <Host name="localhost" appBase="../webapps"
    unpackWARs="true" autoDeploy="true">

  4. Restart your server, on Ubuntu use:

    sudo service tomcat7 restart

Prevent Firefox browser auto update

Often you find a neeed to keep an old copy of Firefox around for testing or to use a specific plugin (Example: Selenium). In these cases it can often prove problematic to allow the browser to auto-update. Here are some simple steps to prevent this behavior.

Enter “about:config” into the Firefox URL bar, then change the following values. You can click on them to toggle.

app.update.auto = false
app.update.enabled = false

Alternately, on Windows you can edit the config file at: %APPDATA%\Mozilla\Firefox\Profiles\.default\prefs.js

REFERENCES:

NetBeans jdkhome error

After updating the JDK on my development workstations, NetBeans started reporting the following at each start up.

Cannot locate java installation in specified jdkhome:
C:\Program Files\Java\jdk1.7.0_04
Do you want to try to use default version?
[ Yes | No ]

Thankfully, after a little searching, I found that the solution is very simple. You can change the value or comment it out with a # in:
C:\Program Files\NetBeans #.#.#\etc\netbeans.conf

netbeans_jdkhome="C:\Program Files\Java\jdk1.7.0_04

REFERENCES:

Disable Cisco NAC Agent logging

I recently had to use a Windows computer with Cisco NAC installed, and found that there was a lot of disk activity for logging.

These files would grow to approximately 5MB before rotation.

C:\Documents and Settings\All Users\Application Data\Cisco\Cisco NAC Agent\logs\NACAgentLogCurrent.log
C:\Documents and Settings\All Users\Application Data\Cisco\Cisco NAC Agent\logs\NACAgentLogOld.log

To reduce this overhead (when no problems exist), the config file is exposed in XML.

  1. Open C:\Program Files\Cisco\Cisco NAC Agent\NACAgentCFG.xml
  2. Add/modify the LogFileSize attribute to 0 (zero) as shown below:

    <?xml version="1.0" ?>
    <cfg>
    <DiscoveryHost></DiscoveryHost>
    <LogFileSize>0</LogFileSize><!-- default 5 -->
    </cfg>
  3. Reboot
  4. Remove the old .log files

NOTE: if you ever have networking issues and require support, you will need to restore the default value to ‘5’.

REFERENCES:

Web Proxy Autodiscovery Protocol (WPAD)

If you take a close look at your logs you may occasionally see requests for a file named wpad.dat. This file is related to automatic proxy configuration in many browsers.

To provide this capability to your users and website,

  1. DNS:

    Default behavior is to traverse the domain in reverse, looking for one with a file named /wpad.dat

    Example (using my domain for example):
    wpad.www.giantgeek.com
    wpad.giantgeek.com
    wpad.com

  2. Then in httpd.conf, set the MIME type:
    AddType application/x-ns-proxy-autoconfig .pac
  3. Also in httpd.conf, add a redirect to the actual file you wish to use.
    Redirect permanent /wpad.dat http://www.giantgeek.com/proxy.pac
  4. In the new file, add the following default contents, modify if you use a proxy:

    /* 'proxy.pac' - This is the main function called by any browser
    NOTE: there is NO proxy!
    */
    function FindProxyForURL(url, host)
    {
    return “DIRECT”;
    } // End function FindProxyForUrl

REFERENCES:

Enabling .htaccess in Apache 2.x

There may come a time when you want to change server behaviors for a specific path on your web server. Often times this becomes necessary if you host web sites that the customer wants to manage externally.

There are only a few small changes required:

  1. In your httpd.conf file…
    # use .htaccess files for overriding,
    AccessFileName .htaccess
    # and never show any file starting with .ht
    <files ~ "^\.ht">
    Order allow,deny
    Deny from all
    </files>
  2. The for the paths (or virtual hosts, you’ll need to add this line):
    AllowOverride All
  3. Add the appropriate .htaccess files where needed.

DISCLAIMER: This technique CAN result in performance improvements, but should be put in your main server configuration file (httpd.conf), rather than in .htaccess files. .These files, by their very nature, cause performance degradation on your website, and so should be avoided whenever possible as they require an increase in file I/O (reads) on the server.

REFERENCES:

Colored terminal window text on Ubuntu (Linux)

After a clean install, or simply access to a new machine, I often find it helpful to enable colored prompts in the terminal/command line environment.
For standard Ubuntu / Debian / Linux environments, this only requires you to remove a comment from a single line in a config file.

In /home/%USERID%/.bashrc you will find the following text, the last line simply needs to have the hash removed:

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

Open vi/vim or your editor of choice and remove it and you are done!

NOTE: If you are using Nautilus, you will not see this file as it is hidden, choose “View”, “Show Hidden Files” (CTRL-H) and it should appear.