Spun

A friend of mine disables image hotlinking from her site using mod_rewrite, but she also syndicates her weblog to LiveJournal, so she allowed livejournal.com to hotlink with her .htaccess file, like this:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?livejournal.com.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ images/stealingbandwidth.gif [L]

But recently LJ changed their URL scheme to subdomains, so all her friends were seeing her “You’re stealing bandwidth!” image when they read her journal from username.livejournal.com.

So, we modified her .htacess mod_rewrite rule to:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://([a-zA-Z0-9_]+\.)?livejournal.com.*$ [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ images/stealingbandwidth.gif [L]

And in the process I was once again reminded how the simplest of regex’s can still completely kick my ass.

This guide to securing Apache is way handy. I liked the bit about limiting access by IP address.

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Is good way to make sure no one else on the network is hitting your dev server.

I published a detailed tutorial on how to set up Apache web server on a Windows PC at Lifehacker today. It’s pretty basic httpd.conf editing and .htaccess/.htpasswd authentication setup stuff. I’ve been running Apache at home for years now, using it for dev sites and to share music and other files.

What was interesting is that when I started writing the piece I saved all my config files and uninstalled Apache, so I could go through all the steps of installation again and get screengrabs for the writeup. And when I tried, the installation would fail, telling me another service was running on port 80. I thought was going nuts - Apache had been removed, and IIS wasn’t running, my firewalls were all off… then I found a board post that explained how to troubleshoot:

A common during-installation error with Apache reads, “Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down. Unable to open logs.” This means that some other server program (like Skype) is interfering with Apache. To figure out what program it is, open a command prompt and type:

netstat -a -o

Find the PID (Process ID) of the program running on your local machine on port 80 (or http.) Then open the Windows Task Manager (Cntl-Alt-Del). In the View menu, choose Select Columns, and check off PID. Then match the PID to the running process to find out what server program is running, and stop the program. Then retry the Apache installation.

Anyway, it was Skype that was running an http server on port 80, blocking my Apache (re)install. Skype! WTF?

Apache’s Logresolve is a little utility translates all those IP addresses in your server logs into English, ie displays 67.19.139.26 as ginatrapani.org. Before my host resolved this site’s logs for me, this batch file on my Windows box resolved logs named something.log and saved them in a folder named “resolved”:

for %%F in (*.log) do "c:/program files/apache group/apache2/bin/logresolve" < %%F > resolved/%%F