If you can see this check that

Main Page


Apache Web Application Configuration

User:
Password:

This tutorial is concerned with the configuration of an http server, namely Apache, in the kali environment.

To reset all the check buttons from a previous attempt click here

Question 1: Run the apache server

Each time you make a configuration change to the Apache server you must restart (or at the very least reload) the http service. Remember to start apache for the first time do:

sudo systemctl start apache2
And if you make changes to the configuration file as you answer the questions, you should reload the configuration by doing:
sudo systemctl reload apache2

Now get the web server running...

Tests - not attempted
Run apache UNTESTED

Question 2: Add a web page

Lets create a webpage in the main apache document directory, known as the DocumentRoot. Use your favourite editor.

sudo nano /var/www/html/hello.html

The contents of this file should be:

<html>
<body>
<h1>HOST</h1>
<p>
I am clever
</p>
</body>
</html>

The "/var/www/html/hello.html" file must be readable by other. This should be the default. If you create directories in this DocumentRoot, then they must be executable by others. However if needed you can always do this manually:

chmod 701 /var/www/html/some_directory
chmod o+r /var/www/html/hello.html

You can direct your browser to see this page by using the URL

http://yourmachinename/hello.html
Replace "yourmachinename" with the output of running the "hostname" command, eg
[root@host-19-17 kali]# hostname
host-19-17.linuxzoo.net
Note that, once working, you can access your linuxzoo web pages just by doing http:// in front of your hostname, or your virtual hostnames, followed by the rest of your URL as normal.

Tests - not attempted
hello.html is readable by others and owned by root UNTESTED
hello.html contains the word HOST (case sensitive) UNTESTED
http://host/hello.html actually works UNTESTED

Question 3: Add two new directories/files

Create the following directories, each of which must be executable for other:

  • /var/www/html/web
  • /var/www/html/vm

Remember to use sudo.

In each of these new directories create a file called "hello.html", indentical to hello.html from /var/www/html/public_html, except in "web/hello.html" replace the word HOST with WEB. In "vm/hello.html" replace the word HOST with VM. Case is important.

Tests - not attempted
Can read http://../web/hello.html UNTESTED
http://../web/hello.html contains WEB UNTESTED
Can read http://../vm/hello.html UNTESTED
http://../web/hello.html contains VM UNTESTED

Question 4: Create 2 virtual hosts

You are now going to create two virtual hosts in your apache configuration.

The names of your virtual hosts have to be worked out by yourself from your current hostname. Type in the command "hostname" and you will get something like:

host-3-2.linuxzoo.net

Your machine is known by this name in DNS. It is also known by two other names, where the word "host" has been replaced with "web" and "vm". It is these two names which we are going to use in our virtual host definition. In this example of host-3-2, this machine is therefore also known as:

web-3-2.linuxzoo.net
vm-3-2.linuxzoo.net

IMPORTANT: Do not just copy this example, as your machine number is likely to have a different name from the example. Use "hostname" and work your machine names out for yourself. Note too that your hostname can change each time you reboot, so double check each time you reboot!

Once you have your web and vm machine names, you need to create a virtual host entry for each of web-?-?.linuxzoo.net and vm-?-?.linuxzoo.net, so that the DocumentRoot of web is /var/www/html/web and the DocumentRoot of vm is /var/www/html/vm.

Each VirtualHost tagged area (you need 2) looks something like:

<VirtualHost *:80>
    ServerAdmin noreply@linuxzoo.net
    DocumentRoot /home/gordon/public_html/db/public_html/activesql
    ServerName www.mywebsite.com
</VirtualHost>
Remember to set the ServerName and the DocumentRoot. The other fields are not important. Remember DocumentRoot is a directory not a file.

The VirtualHost information goes into a special file. Create a file called "mysite.conf" in "/etc/apache2/sites-available/". Put your two virtual host definition into that file. Remember to use sudo.

Once the file exists you need to activate it using

sudo a2ensite mysite
Remember to reload your apache2 service after enabling the site, and after every configuration change.

It is easy to make a syntax error in the config file. If you have problems you can check for syntax errors using the command:

apache2ctl -t

You should now be able to view your own pages by using your browser, opening a new window, and visiting e.g. http://vm-?-?.linuxzoo.net/hello.html, after replacing the "?" with the actual numbers. Try it for "web" too.

Tests - not attempted
mysite enabled UNTESTED
VirtualHost detected for web-?-?.linuxzoo.net UNTESTED
VirtualHost detected for vm-?-?.linuxzoo.net UNTESTED
http://web-?-?.linuxzoo/hello.html contains WEB UNTESTED
http://vm-?-?.linuxzoo/hello.html contains VM UNTESTED

Question 5: Basic Authentication

These questions are concerned with the configuration of Basic Authentication in apache.

Create a directory in /var/www/html called "tom" and ensure it is executable by others. This should be the default permissions.

Now within that new directory "tom", create a file p1.html and ensure it is readable by others. This should be the default permissions. The contents of this file should be:

<html>
<body>
<h1>TOM</h1>
<p>
Document body goes here.
</p>
</body>
</html>

Use can if needed use the chmod commands from earlier, except this time on tom and on p1.html rather than hello.html. Again much easier to "su" to tom.

Tests - not attempted
Apache Running UNTESTED
p1.html is readable by others UNTESTED
p1.html contains the word TOM (case sensitive) UNTESTED
http://host/tom/p1.html actually works UNTESTED

Question 6: Basic Auth permission

To use basic authentication in the /var/www/http/tom directory you need to add permission for this in the apache configuration. We will add this to the mysite.conf file we created earlier.

Edit the file

sudo nano /etc/apache2/sites-available/mysite.conf

and insert the following at the end

<Directory /var/www/html/tom/>
        AllowOverride FileInfo AuthConfig Limit Indexes
        Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
        Require method GET POST OPTIONS
</Directory>

Remember to restart apache after this configuration change.

  sudo systemctl reload apache2
  
Tests - not attempted
AllowOverride in sites-available UNTESTED
enabled site has AllowOverride UNTESTED

Question 7: Add two new directories/files

Create the following directories in the tom directory, each of which must be executable by others:

  • /var/www/html/tom/richard
  • /var/www/html/tom/harry

In each of these new directories create a file similar to p1.html, but called:

  • /var/www/html/tom/richard/p2.html
  • /var/www/html/tom/harry/p3.html

In "richard/p2.html" replace the word TOM with RICHARD. In "harry/p3.html" replace the word TOM with HARRY. Case is important.

Tests - not attempted
Can read http://../tom/richard/p2.html UNTESTED
http://../tom/richard/p2.html contains RICHARD UNTESTED
Can read http://../tom/harry/p3.html UNTESTED
http://../tom/harry/p3.html contains HARRY UNTESTED

Question 8: Basic Auth file

Create a password file for basic authentication in /var/www/. Remember to use sudo.

The htpasswd command allows you to create the file, and to add users to the file. Use it to create a basic authentication password file called "/var/www/webpasswd". Put into this file two users with the following passwords:

User: richard              Password: pass1
User: harry                Password: pass2
Tests - not attempted
/var/www/webpasswd exists and seems readable UNTESTED
Contents semi-sensible for richard? UNTESTED
Contents semi-sensible for harry? UNTESTED

Question 9: Secure richard/

Secure the tom/richard directory by using an appropriate .htaccess file in that directory so only a user with the basic authentication details of richard, password pass1, can access the files.

Confim the behaviour by visiting with your browser your secured page: http://host-1-1.linuxzoo.net/tom/richard/p2.html
Remember to replace the "1-1" with your host number.

Tests - not attempted
Basic Auth needed on tom/richard/p2.html UNTESTED
Basic Auth using richard/pass1 works for tom/richard/p2.html UNTESTED
Basic Auth using harry/pass2 fails for tom/richard/p2.html UNTESTED

Question 10: Secure harry/

Secure the tom/harry directory so only a user with the basic authentication details of group "magic" can access the contents.

To answer this question, create a group file "/var/www/webgroup" with the following contents:

magic: richard harry

Make sure in the .htaccess file in the harry directory you use only "Require group" and not some sort of "Require user" command.

You will likely have to enable the apache component which looks after group based Basic Authentication. You need to do:

  sudo a2enmod authz_groupfile
  sudo systemctl restart apache2
  

Once working try accessing these resources using your browser.

Tests - not attempted
/var/www/webgroup exists and seems readable UNTESTED
/var/www/webgroup contains right magic: definition UNTESTED
No Require User in .htaccess UNTESTED
Using Require Group magic in .htaccess UNTESTED
Basic Auth needed on tom/harry/p3.html UNTESTED
authz_groupfile enabled UNTESTED
Basic Auth using richard/pass1 works for tom/harry/p3.html UNTESTED
Basic Auth using harry/pass2 works for tom/harry/p3.html UNTESTED

Question 11: Server Side Scripting

Now we will create a simple server-side CGI script. Firstly, With an editor and using sudo edit /usr/lib/cgi-bin/hack.htm and insert the following Python code.

#!/usr/bin/python3
import os
from urllib.parse import parse_qs

user=""

try:
    url = os.environ['QUERY_STRING']
    user = parse_qs(url)['user'][0]
except Exception as e:
    pass

print ("Content-Type: text/html; charset=ISO-8859-1")
print ("")
print ("<body>")
print ("<h1>Welcome to hack",url,"</h1>")
print ("<p>Glad to have you back ",user,"</p>",sep="")
print ("</body>")

You also need to "sudo chmod o+x /usr/lib/cgi-bin/hack.htm".

You will likely have to enable the apache component which looks after CGI handling. Remember to do this as root. You need to do:
  sudo a2enmod cgi
  sudo systemctl restart apache2
  

You can access this via the browser using "http://YOURHOSTNAME/cgi-bin/hack.htm?user=Gordon", where YOURHOSTNAME is the string given when you type "hostname". The string "Gordon" can be replaced with any name you like. Try it.

Tests - not attempted
Can read http://../cgi-bin/hack.htm?user=me UNTESTED
Script is dynamic UNTESTED
CGI module enabled UNTESTED

This script hosts a cross-scripting issue. If "user=gordon" become something more risky, like

hack.htm?user=gordon<script>alert("YouAreHacked")</script>

Then when you run this you get to run arbitary javascript on the page. This can be adapted to ask for passwords on sites hosted by banks, or make spoof pages look like they are genuine. Try it (you should get a popup alert if it works).

The right thing to do here is to sanitise the script. To do this edit the file. Add the following new line just after the "import os" line

import re

And directly after the line with the word "pass", enter the following lines

pattern=r'[^a-zA-Z0-9]'
if re.search(pattern,user):
    user="hacker"

Note the indents are significant in python.

Tests - not attempted
Can read http://../cgi-bin/hack.htm?user=me UNTESTED
Script is dynamic UNTESTED
Script validates illegal user UNTESTED


Centos 7 intro: Paths | BasicShell | Search
Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net SELinux1 SELinux2 fwall DNS diag Apache1 Apache2 log Mail
Caine 10.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Mock Exam |
Caine 13.0: Essentials | Basic | Search | Acquisition | SysIntro | grep | MBR | GPT | FAT | NTFS | FRMeta | FRTools | Browser | Registry | Mock Exam |
CPD: Cygwin | Paths | Files and head/tail | Find and regex | Sort | Log Analysis
Kali 2020-4: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7 | 8a | 8b | 9 | 10 |
Kali 2024-4: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7 | 8a | 8b | 9 | 10 |
Useful: Quiz | Privacy Policy | Terms and Conditions

Linuxzoo created by Gordon Russell.
@ Copyright 2004-2025 Edinburgh Napier University