Working with Apache Web Server Time Required: 35 minutes Objective: Explore basic settings and tasks in Apache Web Server. Description: Without a doubt, youll run across Apache Web Server systems when conducting a security test. Because Apache is a sophisticated, modular Web server, mastering its features and options can take considerable time. Apaches layout varies, depending on the OS. For example, Apache in Fedora Linux is different from Apache in Ubuntu Linux. In this activity, you explore basic Apache Web Server commands and learn how to find and modify some configuration options (called Apache directives). The goal of this activity is to configure a Web server with a directory that requires authentication. 1. Boot your computer into Linux with the Kali Linux DVD. 2. Open a Terminal shell. At the command prompt, type apache2ctl start and press Enter. You can safely ignore the Could not reliably determine the servers fully qualified domain name error. 3. Start the Iceweasel Web browser. In the address bar, type localhost and press Enter. The Web site displays instructions on how to manipulate the default apache configuration. Read over this page. 4. Open a Terminal shell. At the command prompt, type apache2ctl stop and press Enter. 5. Now, well view the default apache configuration files. In the Terminal shell, type cd/etc/apache2 and press Enter to change directories. Then type grep Include apache2.conf and press Enter to see a listing of files and directories where the Apache server searches for additional directives at startup (see Figure 10-5). Note the next to last line, IncludeOptional sites-enabled/*.conf. This directory is where Apache checks for Web site configuration files. You can add a Web site by adding its configuration file in this directory without having to change the main configuration file apache2.conf. Figure 10-5 Viewing files and directories with an Include statement Source: GNU GPL 6. Type cd /etc/apache2/sites-enabled && ls and press Enter. 7. Open the file in the gvim editor by typing gvim 000-default.conf and pressing Enter. 8. Enter the following lines at the end of the file, below the line : 9. Save your changes and exit the gvim editor by pressing Esc, typing :wq, and pressing Enter. 10. In the Terminal shell, create a new directory by typing mkdir /var/www/html/restricted and pressing Enter. 11. Type cd /var/www/html/restricted to change to the directory you created in Step 12 and press Enter. Then type touch secret.txt and press Enter to create a file in this directory. 12. Next, you create the .htaccess file in the same directory. This file is the local directory configuration file specified in apache2.conf by the AccessFileName directive. If .htaccess exists in any Web site directory, Apache checks it first. In this .htaccess file, you point Apache to the location of AuthUserFile (essentially, a password file). Type gvim.htaccess and press Enter. Type the following for the files contents: 13. Exit and save.