Talk In Code

URL canonicalisation is where you have a website with different URLs outputting the same content. When search engine spiders see all this content that is the same they can get confused as to what page to display in search engine result pages. The following URLs, although they are different, actually produce the same content.

http://www.example.com
http://example.com
http://www.example.com/
http://www.example.com/index.html

The way to solve this issue is to redirect any requests to a single page using mod_rewrite. Add a .htaccess file to your root directory and include the following line to turn on the engine.

RewriteEngine On

The following rule will redirect the www page to the non-www page.

#Redirecting non-www to www.domain.com:
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]


Use the following rule to redirect from the index.html page to the directory name.

#Redirecting /index.html to /:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html
RewriteRule ^index\.html$ http://www.domain.com/ [R=301,L]


If you want to detect for the existence of mod_rewrite you can include all of the previous lines in an if statement like this.

<IfModule mod_rewrite.c>
RewriteEngine On
 
#Redirecting non-www to www.domain.com:
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
 
#Redirecting /index.html to /:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html
RewriteRule ^index\.html$ http://www.domain.com/ [R=301,L]
</IfModule>


Using a simple .htpasswd to password protect a directory or website is fine if you only have a few users, and they don’t change very much. However, this quickly becomes impossible to maintain if you have lots of users. For example, if you wanted to secure access to the company Intranet you might spend quite some time trying to update your .htpasswd file. The best way to do this is to transfer all of the user administration over to an LDAP server and then get Apache to communicate with this directly. The Active Directory (AD) system that Microsoft uses allows LDAP communications, and as this is in use across many company networks it is an ideal candidate to use.

You first need to set of the LDAP modules on your Apache server. Uncomment or add the following lines in your http.conf file. You will need to make sure that the files actually exist as well.

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so

Also make sure that the are put before the following line.
LoadModule auth_basic_module modules/mod_auth_basic.so

Restart Apache to load the modules into the system.

What you need to do now is figure out how to get to your user information within AD. If you are using Windows XP you can download the Windows support tools from the Microsoft website for free. This contains a program called ldp.exe. You can use this program to figure out the object hierarchy leading to your user’s information. So if your company Intranet is called company.local then you might see the correct information at company.local->MyBusiness->Users.

The next step is to set up a user so that Apache can access the AD. Just create a default user with virtually no access, it just needs to be able to access the user system.

Next you need to open your httpd.conf and put in the following lines right after the module declarations.

<Location />
 # LDAP authentication...
 AuthType Basic
 AuthName "Talk In Code Secure"
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative On
 
 AuthLDAPBindDN CN=localuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=talkincode,DC=local
 AuthLDAPBindPassword localuserpassword
 
 AuthLDAPURL ldap://server.talkincode.local:389/OU=Users,OU=MyBusiness,DC=talkincode,DC=local?sAMAccountName?sub?(objectClass=*)
 
 Require valid-user
 
</Location>

Restart your server and try to access it; you should be presented with a login screen.

If you can’t access Apache then open up the file error.log and take a look at the last line. It will give you a good idea of what is going wrong.

If the username you entered is correct but your password is wrong then you will see the following line:
[Tue Dec 18 08:58:00 2007] [warn] [client 10.0.0.1] [1] auth_ldap authenticate: user theusername authentication failed; URI / [ldap_simple_bind_s() to check user credentials failed][Invalid Credentials]
[Tue Dec 18 08:58:00 2007] [error] [client 10.0.0.1] user theusername: authentication failure for “/”: Password Mismatch

If your username is incorrect then you will see the following line.
[Tue Dec 18 09:06:13 2007] [warn] [client 10.0.0.1] [1] auth_ldap authenticate: user a_non_valid_username authentication failed; URI / [User not found][No Such Object]
[Tue Dec 18 09:05:02 2007] [error] [client 10.0.0.1] user a_non_valid_username not found: /

I have found that when you can’t get this module to work it is usually because you can’t access the LDAP server. If you are getting login prompts but can’t get it to understand the correct user information then try having a look at the LDAP server firewall.

After installing PHP on Apache you can use the php.ini file to set various different options to do with PHP. When Apache starts it uses what is contained in this file to set up and run PHP.

On both Windows, Unix and Linux systems Apache will look in a number of default locations for the php.ini file before giving up. You can explicitly tell Apache 2.x where to look for the file by using the PHPIniDir directive in the http.conf file.

#
# This is the directory containing php.ini
#
PHPIniDir "/usr/local/apache/conf"


For Apache 1.3.x this can be set using the SetEnv PHPRC directive.
# specify the directory where php.ini is
SetEnv PHPRC /usr/local/apache/conf

This not only speeds up the time taken for Apache to start, but will also allow you to make sure that the php.ini file you are using is the one you are editing.

You can find the current location of the php.ini file by using the phpinfo() function.
<?php
  phpinfo();
?>