Category Archives: amazon-web-services

Enable mod-speling on AWS Elastic Beanstalk httpd

I managed to get this working but wanted to share with the community as I had to piece this together from various locations.

mod_speling (yes that's spelt correctly!) can be used when migrating a website from a case-insensitive operating system (such as windows) to a case-sensitive OS such as Linux.

See: https://httpd.apache.org/docs/2.4/mod/mod_speling.html#checkcaseonly

The quick and easy way to enable this functionality on AWS Beanstalk is to create two files by adding the following to your .ebextensions file (you should know what this is if you're deploying to beanstalk).

files:
  "/etc/httpd/conf.modules.d/00-speling.conf" :
    mode: "000644"
    owner: root
    group: root
    content: |
      LoadModule speling_module modules/mod_speling.so

  "/etc/httpd/conf.d/speling.conf" :
    mode: "000644"
    owner: root
    group: root
    content: |
      CheckSpelling on
      CheckCaseOnly on

You should note:

CheckSpelling on = enable the spelling functionality (once the module is loaded in the other file)
CheckCaseOnly on = Only check for case sensitivity.. do not do spell checking of words and file extensions (speed up requests and cause less load) 

I hope this provides some benefit to someone in the future.

Freshly Installed Apache-Tomcat on the AWS server, how can I access from outside world

I have installed an App with Apache tomcat on AWS ec2 instance. I am able to access the tomcat url (which is server_name:8080/BOE/BI) from the AWS instance on Win2016. Also I installed IIS on the server.

Now what are the configurations I need to do to on AWS ec2 instance to access the URL from outside the AWS instance like from my personal PC.

I also tried disabling the firewalls, it did not helped.

AWS EC2 Apache Load Balancer Issue

We have 5 t2.medium instances on AWS, all the instances connect to MariaDB via RDS on a r4.xlarge instance.

The problem is that periodically the 5 instances suddenly stop working, Apache doesn't response anymore and we can't access via SSH.

We need to reboot all instances on the AWS Console to make them work again, the Load Balancer is an application lb, the server folder "/var/www" is on a EFS to share the project.

These are the images of the monitoring, we don't know why this happen so suddenly and how can we handle it.

The last issue was this morning the 5 instances stop working and the Load balancer to.

We share the monitoring of the last 12 hours.

enter image description here

enter image description here

enter image description here

enter image description here

enter image description here Any advice?

Regards.

Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

I got McAfee vulnerability scan result. Don't know how to fix this issue

Some Web servers contain a vulnerability giving remote attackers the ability to attain your internal IP address or internal network name. An attacker connected to a host on your network using HTTPS (typically on port 443) could craft a specially formed GET request from the Web server resulting in a 3XX Object Moved error message containing the internal IP address or internal network name of the Web server. A target host using HTTP may also be vulnerable to this issue.

QID Detection Logic:

The remote check for the web server internal IP address sends a HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address. PCI DSS 3.2 requirement 1.3.7 "do not disclose private IP addresses and routing information to unauthorized parties". This is an "automatic failure" per ASV Program Guide 6.3.3, #4 (page 32).

Setting up vhost for various web applications on AWS

On my AWS instance, I have the following setup

/var/www/html/admin <--- angularjs application
/var/www/html/api <--- angularjs application
/var/www/html/main <--- django application

How do I make them all accessible as "individual sites"? For example, browsing to:

http://ec2-xx-xx-xxx-xxx.eu-west-2.compute.amazonaws.com/admin
http://ec2-xx-xx-xxx-xxx.eu-west-2.compute.amazonaws.com/api
http://ec2-xx-xx-xxx-xxx.eu-west-2.compute.amazonaws.com/main

Should each be like going to a self contained site.

Right now going to http://ec2-xx-xx-xxx-xxx.eu-west-2.compute.amazonaws.com/main for instance (which is an AngularJS application), I see errors like this:

Failed to load resource: the server responded with a status of 404 (Not Found)

I logged onto the site and noticed that it thinks the assets live a directory above as opposed to in the "main" subdirectory. I can understand that I need to set up vhosts somehow... where do these go on an AWS instance and would they look like this?

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName main.com
    ServerAlias www.main.com
    DocumentRoot /var/www/html/main

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName main.com/api
    ServerAlias www.main.com/api
    DocumentRoot /var/www/html/api

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName main.com/admin
    ServerAlias www.main.com/admin
    DocumentRoot /var/www/html/admin

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Deploying Symfony 4 Application to AWS Elasticbeanstalk

I have a working Symfony 4.0.1 application running on PHP 7.1.14 (locally) that I would like to deploy to AWS Elastic Beanstalk using the EB CLI

I have a dist package of the application on my master git branch configured for production (vendor folder removed etc) that I am able to successfully deploy to Heroku. Now I need to deploy to AWS EB.

The AWS EB environment has already been set up (although I dont have access to the console). Some environment details are as follows:

Platform: arn:aws:elasticbeanstalk:us-east-2::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7
Tier: WebServer-Standard-1.0

At first, I was able to successfully deploy the application, but accessing the URL gave a 404 error for every page.

enter image description here I did some googling and found a few articles describing the use of .config files. I have added one named 03_main.config with the following contents.

commands:
    300-composer-update:
        command: "export COMPOSER_HOME=/root && composer.phar self-update -n"
container_commands:
    300-run-composer:
        command: "composer.phar install --no-dev --optimize-autoloader --prefer-dist --no-interaction"
    600-update-cache:
        command: "source .ebextensions/bin/update-cache.sh"
    700-remove-dev-app:
        command: "rm web/app_dev.php"

Deploying with this .config file gives the following deployment failure error:

ERROR: [Instance: i-0c5f61f41d55a18bc] Command failed on instance. Return code: 127 Output: /bin/sh: composer.phar: command not found. command 300-composer-update in .ebextensions/03-main.config failed. For more detail, check /var/log/eb-activity.log using console or EB CLI.

I understand the purpose of .config files but do not understand what additional configuration is needed for get this Symfony app running.

TypeError: ‘module’ object is not callable for all the def function():

I am a newbie. I am running python web application on AWS-Ubuntu. My goal is to access this app from the browser with IP address.

I have configured Apache web server. Below are my conf and wsgi file.

.conf file

<VirtualHost *:80>
ServerName 13.58.200.92
ServerAdmin [email protected]
WSGIDaemonProcess catalog threads=5
WSGIProcessGroup catalog
WSGIScriptAlias / /var/www/catalog/catalog.wsgi
<Directory /var/www/catalog/Catalog/>
    Order allow,deny
    Allow from all
</Directory>
Alias /static /var/www/catalog/Catalog/static
<Directory /var/www/catalog/Catalog/static/>
    Order allow,deny
    Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined

.wsgi file

#!/usr/bin/python3.5
import sys
import os
import logging
logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
sys.path.insert(0,"/var/www/catalog/")
sys.path.append('/var/www/catalog/Catalog')

from Catalog import Employee as application
application.secret_key = 'super'

catalog.py

#!/usr/bin/env python3

from flask import Flask, render_template, url_for, request, redirect, 
jsonify
from flask import flash
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from database_setup import Base, Department, Employee, User
from flask_httpauth import HTTPBasicAuth

# Anti Forgery State Token Code
from flask import session as login_session
import random
import string

# Import for 'Gconnect' step
from oauth2client.client import flow_from_clientsecrets, FlowExchangeError
import httplib2
import json
from flask import make_response
import requests

auth = HTTPBasicAuth()

CLIENT_ID = json.loads(open('/var/www/catalog/Catalog/client_secrets.json',
                        'r').read())['web']['client_id']

app = Flask(__name__)

# Connect to Database and create database session
engine = create_engine('postgresql://empcat:[email protected]/emp_catalog')
Base.metadata.bind = engine

DBSession = sessionmaker(bind=engine)
session = DBSession()

@app.route('/')
def showLogin():
    state = ''.join(random.choice(string.ascii_uppercase +
                string.digits) for x in range(32))
    login_session['state'] = state
    return render_template('login.html', STATE=state)


@app.route('/gconnect', methods=['POST'])
def gconnect():
    # Validate state token
    if request.args.get('state') != login_session['state']:
        response = make_response(json.dumps('Invalid state parameter.'), 
        401)
        response.headers['Content-Type'] = 'application/json'
        return response
    # Obtain authorization code

Program is erroring out with below error

TypeError: 'module' object is not callable
[Mon May 07 01:07:49.166142 2018] [wsgi:error] [pid 30509:tid 
139706086553344] [remote 68.80.159.72:8163] mod_wsgi (pid=30509): Exception 
occurred processing WSGI script '/var/www/catalog/catalog.wsgi'.
[Mon May 07 01:07:49.166236 2018] [wsgi:error] [pid 30509:tid 
139706086553344] [remote 68.80.159.72:8163] TypeError: 'module' object is 
not callable

at below code lines

def showLogin()

def gconnect and all other

I have tried commenting these lines. But getting the same error at next def function line.

WordPress site on Apache and AWS crashes without obvious leads

I recently migrated my Wordpress site to AWS for practice in self-hosting on the cloud. I have an EC2 instance in an autoscaling group behind an Application Load Balancer, and I have my Wordpress data on an EFS that gets mounted when an instance gets provisioned, and I am leveraging RDS for my database(MySQL).The site gets minimal traffic, besides me, maybe 2-3 visitors per week, so very much a personal project really.

Everything worked flawlessly until last week when my site went offline. Trying to access the url I received a 504 error, I wasn't able to ssh into the servers, and upon a reboot, I was able to see that there were a large amount of httpd instances are running. The site stays up for about 10 minutes before the servers become unresponsive. Looking through the logs on reboot, I see a lot of out of memory errors, specifically:

Cannot allocate memory: AH00481: fork: Unable to fork new process

I updated my httpd config to include custom prefork settings as noted in: Problems with Apache servers and A LOT of httpd processes

As well as : https://arstechnica.com/civis/viewtopic.php?t=1185478 I also thought it could be code related, but no code had changed for more than a week prior to this issue occurring.

I also scaled up my instance type up to a t2.small from a t2.micro, so my instance went from having 1 gig of RAM to about 2 gigs.

In the past, I've had sites go down due to brute force attacks so I checked the access logs for anything peculiar. I saw a few requests posting to xmlrpc.php, so I updated my .htaccess to block access to that file, as noted in: https://wordpress.stackexchange.com/questions/156522/restrict-access-to-xmlrpc-php

I also noticed healthy traffic from:

  • ELB health checks
  • JetPack plugin
  • Wp-Cron
  • Bots(bingbot, I verified the IP as being legitimate) - this was interesting because I noticed a few times after bingbot crawled my site that it would hose the server, with more out of memory errors. It could just be a coincidence though.

I also see entries in the logs that I concluded to be port scanning, as well as:

- - [06/May/2018:19:18:32 +0000] "POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1" 404 20630 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"

- - [06/May/2018:19:14:02 +0000] "GET /jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system%3Aservice%3DMainDeployer HTTP/1.1" 404 20630 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"

Given that the return code is 404 for these requests, I don't think that they are anything to worry about.

I wonder if my Wordpress configuration, or EFS performance has anything to do with the issue, but everything is pretty much out of the box.

Does anybody have any ideas of other troubleshooting steps I can try, or anything I may have overlooked or done incorrectly?