Initial Import

DOC/.htacces.FORWARD_FRAME

@@ -0,0 +1,8 @@
+<IfModule mod_rewrite.c>
+RewriteEngine On
+RewriteBase /
+RewriteRule ^index\.html$ - [L]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule . /index.html [L]
+</IfModule>

DOC/README.Exclude_Files_and_Directories_From_Apache_Auth

@@ -0,0 +1,12 @@
+<Location "/">  
+   AuthType Basic  
+   AuthName "Restricted Files"  
+   AuthUserFile /var/www/clients/client12/web17/passwd  
+   AuthGroupFile /dev/null  
+   Require valid-user  
+   SetEnvIf Request_URI "^/(admin|skin|js|index)(.*)$" allow  
+   SetEnvIf Request_URI "^/favicon.ico$" allow  
+   Order allow,deny  
+   Allow from env=allow  
+   Satisfy Any  
+</Location>

DOC/README.apache_mpm_event

@@ -0,0 +1,33 @@
+Apache 2.4 default values MPM event
+===================================
+
+<IfModule mpm_event_module>
+    StartServers             3
+    MinSpareThreads         75
+    MaxSpareThreads        250
+    ThreadsPerChild         25
+    MaxRequestWorkers      400
+    MaxConnectionsPerChild   0
+</IfModule>
+
+
+ServerLimit = MaxRequestWorkers / ThreadsPerChild
+
+MaxRequestWorkers = 400
+ThreadsPerChild   = 25
+   => ServerLimit = 16 (apache 2.4 default)
+
+simultanous connections = ThreadsPerChild * ServerLimit = MaxRequestWorkers
+   => simultanous Connection = 400
+
+(ND Server)
+==========
+
+## - MaxConnectionsPerChild
+## -
+## - We want every httpd prozess to restart aproximately once a day
+## -
+Set MaxConnectionsPerChild = (requests/per day)/ServerLimit
+requests / day ~  1.600.000
+/ServerLimit   = 16
+   => MaxConnectionsPerChild = 1600000/16 = 100000 = 100.000

DOC/README.fcgi

@@ -0,0 +1,68 @@
+
+## - 1.) Installiere fcgi
+## -
+
+mkdir -p /usr/local/src/fcgi
+cd /usr/local/src/fcgi
+
+wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
+
+gunzip < fcgi-2.4.0.tar.gz | tar -xf -
+cd fcgi-2.4.0
+
+## - !! Bemerkung !!
+## -
+## - Die Datei include/fcgio.h muss angepasst werden.
+## -
+## - Ergänze hinter der Zeile die "#include <iostream>" enthält:
+## -
+## -    #include <cstdio>
+## -
+
+## -----------------------
+
+diff -Naur fcgi-2.4.0-ORIG/include/fcgio.h fcgi-2.4.0/include/fcgio.h
+--- fcgi-2.4.0-ORIG/include/fcgio.h 2002-02-25 14:16:11.000000000 +0100
++++ fcgi-2.4.0/include/fcgio.h   2011-02-24 13:19:35.000000000 +0100
+@@ -31,6 +31,7 @@
+ #define FCGIO_H
+
+ #include <iostream>
++#include <cstdio>
+
+ #include "fcgiapp.h"
+
+## -----------------------
+
+./configure
+make
+make install
+
+
+
+## - 2.) Installiere mod_fcgi
+## -
+
+cd /usr/local/src/apache2
+
+wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
+
+gunzip < mod_fastcgi-2.4.6.tar.gz | tar -xf -
+
+cd mod_fastcgi-2.4.6
+
+cp Makefile.AP2 Makefile
+make
+make install
+
+
+## - Add to httpd.conf
+## -
+## -    #
+## -    # mod_fastcgi
+## -    #
+## -    LoadModule fastcgi_module modules/mod_fastcgi.so
+## -
+vim /usr/local/apache2/conf/httpd.conf
+
+

DOC/README.ldap

@@ -0,0 +1,14 @@
+## - Some configure scripts cannot find ldap library.
+## - 
+## - So create a symlink 
+## -    /usr/lib/libldap.so -> /usr/lib/x86_64-linux-gnu/libldap.so
+## -
+ln -s /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/libldap.so
+## - or
+ln -s x86_64-linux-gnu/libldap.so /usr/lib/libldap.so
+
+## - Note:
+## -
+## - If 'apr' and apr-utils' wasn't compiled with ldap support (that
+## - is, if libldap.so wasn't present), recompile both
+## -

DOC/README.modfcgid

@@ -0,0 +1,81 @@
+## - Configure mod_fcgid
+## -
+## - see also: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#examples
+## -
+
+httpd.conf
+=========
+
+LoadModule fcgid_module modules/mod_fcgid.so
+<IfModule mod_fcgid.c>
+
+   # in Abstimmung mit PHP variablen
+   #    post_max_size = 128M
+   #    (upload_max_filesize = 32)
+   #
+   # 134217728 = 128*1024*1024 =128M
+   #
+   FcgidMaxRequestLen 134217728
+
+   # By default, PHP FastCGI processes exit after handling 500 requests, 
+   # and they may exit after this module has already connected to the 
+   # application and sent the next request. When that occurs, an error 
+   # will be logged and 500 Internal Server Error will be returned to 
+   # the client. This PHP behavior can be disabled by setting 
+   # PHP_FCGI_MAX_REQUESTS to 0, but that can be a problem if the PHP 
+   # application leaks resources. Alternatively, PHP_FCGI_MAX_REQUESTS 
+   # can be set to a much higher value than the default to reduce the 
+   # frequency of this problem. FcgidMaxRequestsPerProcess can be set to 
+   # a value less than or equal to PHP_FCGI_MAX_REQUESTS to resolve the 
+   # roblem.
+   FcgidMaxRequestsPerProcess 500
+
+</IfModule>
+
+
+vhost config
+============
+
+<VirtualHost <ip-address>:<port>>
+
+   ...
+
+   DocumentRoot "/var/www/adm.warenform.de/htdocs/"
+   <Directory /var/www/adm.warenform.de/htdocs/>
+      FCGIWrapper /var/www/adm.warenform.de/conf/fcgid .php
+      <FilesMatch \.php$>
+         SetHandler fcgid-script
+      </FilesMatch>
+      AllowOverride All
+      Options +ExecCGI -Indexes
+      Require all granted
+   </Directory>
+
+   ...
+
+<//VirtualHost>
+
+
+/var/www/adm.warenform.de/conf/fcgid
+====================================
+
+
+
+#!/bin/sh
+export PHPRC="/var/www/adm.warenform.de/conf/"
+export TMPDIR="/var/www/adm.warenform.de/tmp"
+
+# PHP child process management (PHP_FCGI_CHILDREN) should 
+# always be disabled with mod_fcgid, which will only route one 
+# request at a time to application processes it has spawned; 
+# thus, any child processes created by PHP will not be used 
+# effectively. (Additionally, the PHP child processes may not 
+# be terminated properly.) By default, and with the environment 
+# variable setting PHP_FCGI_CHILDREN=0, PHP child process 
+# management is disabled.
+PHP_FCGI_CHILDREN=0
+export PHP_FCGI_CHILDREN
+
+exec /usr/local/php-5.3.28/bin/php-cgi
+
+

DOC/apache_benchmark.test

@@ -0,0 +1 @@
+/usr/local/apache2/bin/ab -c 1 -n 1 -C JSESSIONID=FD80667D7583DB886A59418638AD06F5 http://localhost:8080/opdb/core/consult_new/show.do

DOC/config_ciphers_apache2.2.txt

@@ -0,0 +1,34 @@
+
+## - must go here - NOT in VirtualHost section !!
+## -
+SSLCompression off
+
+<VirtualHost <ip-addresss>:443>
+
+   ...
+
+   SSLEngine on
+
+   ## - don't support weak ciphers
+   SSLStrictSNIVHostCheck off
+   SSLHonorCipherOrder on
+   SSLCompression off
+   SSLProtocol ALL -SSLv2 -SSLv3
+   SSLCipherSuite 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
+
+   ## - HTTP Strict Transport Security (HSTS)
+   ## -
+   ## - HSTS tells a browser that the website should only be accessed through
+   ## - a secure connection. The HSTS header will be remembered by a standard
+   ## compliant browser for max-age seconds.
+   ## -
+   ## - Remember this settings for 1/2 year
+   ## -
+   Header add Strict-Transport-Security "max-age=15768000"
+
+   SSLCertificateFile ..
+   SSLCertificateKeyFile ..
+   SSLCertificateChainFile ..
+   ...
+
+</VirtualHost>

DOC/config_pfs_apache2.4.txt

@@ -0,0 +1,42 @@
+<VirtualHost <ip-addresss>:443>
+
+   ...
+
+   SSLEngine on
+
+   ## - don't support weak ciphers
+   SSLHonorCipherOrder On
+   SSLCompression Off
+   SSLProtocol ALL -SSLv2 -SSLv3
+   SSL_Cipher_Suite='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'
+
+
+   ## - HTTP Strict Transport Security (HSTS)
+   ## -
+   ## - HSTS tells a browser that the website should only be accessed through
+   ## - a secure connection. The HSTS header will be remembered by a standard
+   ## - compliant browser for max-age seconds.
+   ## - 
+   ## - An important point is that HSTS only works after the user has received the
+   ## - header via HTTPS. So you will still need to have a redirect from your
+   ## - HTTP-site to HTTPS, also for supporting browsers that still do not understand
+   ## - HSTS.
+   ## - 
+   ## - This is easily accomplished using Apache’s mod_rewrite:
+   ## - 
+   ## - <IfModule mod_rewrite.c>
+   ## -   RewriteEngine On
+   ## -   RewriteCond %{HTTPS} off
+   ## -   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+   ## - </IfModule>
+   ## - 
+   ## - Thus, with a few lines of configuration, you can make the web a safer place to
+   ## - be for your users. So, what are you waiting for?
+   ## -
+   ## - Remember this settings for 1/2 year
+   ## -
+   Header add Strict-Transport-Security "max-age=15768000"
+
+   ...
+
+</VirtualHost>

DOC/index.html.FORWARD_FRAME

@@ -0,0 +1,17 @@
+<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+<TITLE>Willkommensnetzwerk "Pankow Hilft!"</TITLE>
+</HEAD>
+<FRAMESET ROWS="*,0">
+<FRAME SRC="http://pankowhilft.blogsport.de/" NORESIZE>
+<NOFRAMES>
+Your browser does not support frames. </ br>
+
+Klicke hier: <a href:"http://pankowhilft.blogsport.de">pankowhilft.blogsport.de </a> 
+         </td>
+      </tr>
+   </table>
+</NOFRAMES>
+</FRAMESET>
+</HTML>