Dec 29

Analysis access logs of Nginx by awstats

By jason Nginx Server 10 Comments »

Foreword

In my previous article “Using Nginx to enhance the speed of site visits,” introduced Nginx the HTTP server and how to accelerate through its Web site access.  In the actual Web site operators, we often need to understand that the site visit, for example, the number of IP day visit, PV is the number, which URL to visit the largest, most users browser which is what way to know this site and the number of users access to an error and so on, through mastering the information to improve the user experience, thereby improving the quality of the site.  Generally we can visit free of charge through a number of statistics to sites such as Google Analytics or the information.   But the inadequacies of such sites is only an analysis of the page does not include static documents; There may be a lot of regulators do not want to use such tools to expose their own data, all sorts of these factors make regulators want to analyze access logs.  And awstats is enough to meet all these requirements.

Awstats in SourceForge to develop quickly a Perl of WEB-based log analysis tool, a full analysis of the log so that Awstats shows you the following information:

  1. Visits, the number of unique visitors,
  2. Access time and the last visit,
  3. User authentication, the recent certification visit
  4. Weekly peak time (the number of pages, click-through rate per hour and week kilobytes),
  5. Name / country hosts visitors (pages, click-through rate, byte, 269 domains / countries detected, geoip detection),
  6. Host list of recently visited and did not resolve the IP address list
  7. Most have read the entry and exit pages,
  8. , File types,
  9. Site compression tables (mod_gzip or mod_deflate),
  10. Operating system (one for each operating system, the number of pages, click-through rate, byte, 35 OS detected),
  11. Using a browser,
  12. Robot visits (319 robots detected),
  13. Worm attacks (5 worm family),
  14. Search engines, use keyword search to find your address,
  15. HTTP protocol error (the most recent inspection did not find the page),
  16. Other reports based on the personalized URL, link parameters, involving the field of integrated marketing purpose.
  17. Your site by adding “favorite bookmarks.” Views.
  18. Screen size (in the index page of the need to add some HTML tags).
  19. The proportion of browser support: Java, Flash, RealG2 reader, Quicktime reader, WMA reader, PDF reader.
  20. The ratio of load-balancing server cluster report.

Awstats operating environment requires PERL support awstats documents from view, its support for Apache HTTP Server is a very perfect, and when we Nginx replaced after the Web server to run awstats become very troublesome.  First Nginx support Perl itself is relatively weak, and even the official does not recommend the use of; another format in the log there is a need to revised in order to run.

This paper mainly introduces awstats by allowing the outcome of the survey on the log to generate a static page, and then through Nginx statistical output in order to achieve the effect of Nginx access logs, including how to make automatic cutting Nginx log files.

Nginx configure automatic log cutting

With the Apache HTTP Server (hereinafter referred to Apache) The difference is, Apache will log the output of the way through the pipeline re-orientation, and so to automatically log cutting. In the current version of Nginx could not, like Apache, through parameters such as% YY in batches by date to create the log, but nginx process through to send a specific signal, can regenerate nginx log files.  We can implement a Shell script to switch the log, rename or transfer, the specific script is as follows:

# mv  /opt/nginx/logs/access.log /opt/nginx/logs/access_`date +%Y%m%d`.log
# killall –s USR1 nginx

The above script will be saved as a file name content logcron.sh depositors to self-directory, for example, / opt / nginx / sbin / logcron.sh

Crontab allow the use of script in a day 23:59 self-executing, you can do so by the day to create the log.

To install and configure Awstats

Before installing the need to confirm your server Perl environment already in place.

perl –version See the current environment is a Perl version of the command perl-version

We also need to log format Nginx be small changes will not be able to otherwise awstats statistics.

Examples are as follows (bold part):

# vi /opt/nginx/conf/nginx.conf

server {
listen       80;
server_name  localhost;

location ~ ^/web/ {
root   /data/web;
index  index.html;
error_log off;
charset utf-8;
}

log_format  new_log
'$remote_addr - $remote_user [$time_local] $request '
        '"$status" $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  logs/access.log new_log;
}

 

 

Download the latest version of awstats package, download the address, see the end, the article references. To download the tar package extract to any directory, for example: /usr/local/awstats. And then the implementation of tools directory awstats_configure.pl Configuration Wizard, create a new statistics.

-----> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
#> none

Enter

Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)

-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
  File awstats.model.conf updated.

-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?
#> y

Enter

-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
#> www.moabc.net
www.moabc.net

Enter

-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
#>

Enter directly using the default, then there will be the following tips

----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.moabc.net
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now

A SIMPLE config file has been created: /etc/awstats/awstats.www.moabc.net.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.moabc.net' with command:
> perl awstats.pl -update -config=www.moabc.net
You can also build static report pages for 'www.moabc.net' with command:
> perl awstats.pl -output=pagetype -config=www.moabc.net

Press ENTER to finish...

Enter the completion of the wizard, then modify configuration www.moabc.net statistics

#vi /etc/awstats/awstats.www.moabc.net.conf
Statistics of the log file to find the path

LogFile=”/var/log/httpd/mylog.log”
Changed
LogFile=”/opt/nginx/logs/access_%YYYY-0%MM-0%DD-0.log

Nginx above the corresponding log cutting procedures generated directory storage structure, attention should be paid to the date Awstats format Nginx with different wording. We are now the order of the implementation of statistics are:

Nginx generated log -> Log Cutting -> Nginx continue to produce the log -> Save cutting logs -> by Awstats Statistics -> generate results

In this article, the statistics Awstats logs, have been cut down that part. Can also reverse the order of a further cut before the end statistics.  But this is easier statistical omission.  Configuration modifications are completed, save quit.  Then we can begin to try manually.

  1. First implementation of the log cutting logcron.sh script to log Nginx cut.
  2. Awstats log and then update the implementation of the beginning of statistical analysis.
# /opt/nginx/sbin/logcron.sh
# /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.moabc.net

Create/Update database for config "/etc/awstats/awstats.www.moabc.net.conf"
        by AWStats version 6.7 (build 1.892)
From data in log file "/opt/nginx/logs/access_20080804.log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 450421)
Jumped lines in file: 450421
 Found 450421 already parsed records.
Parsed lines in file: 120
 Found 0 dropped records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 120 new qualified records.

See above shows that the log cutting and running Awstats have been correct. Statistical analysis is completed, the results also Awstats database.  In Apache, you can directly open a Perl program page view statistics.   However, the beginning of this article has already been mentioned, Nginx support of Perl is not good, so we need a change in methods, the use of the tool will awstats the outcome of the survey to generate static documents, concrete steps are as follows:

  • First of all, in the webroot directory, create a folder.
  • Then let Awstats to generate static pages to the directory
# mkdir  /data/webroot/awstats

# /usr/local/awstats/tools/awstats_buildstaticpages.pl -update  \
-config=www.moabc.net -lang=en -dir=/data/admin_web/awstats  \
-awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl

The specific meaning of the order is as follows:

  • /usr/local/awstats/tools/awstats_buildstaticpages.pl  Awstats static page generation tool
  • -update-config = www.moabc.net update the configuration item
  • -lang = en language is English
  • -dir=/data/admin_web/awstats  statistical results output directory
  • -awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl  Awstats log update path.

Next, just nginx.conf in the directory can be configured up.  Examples are as follows: (bold part):

server {
listen       80;
server_name  localhost;

location ~ ^/web/ {
root   /data/web;
index  index.html;
error_log off;
charset utf-8;
}

location ~ ^/awstats/ {
        root   /data/webroot/awstats;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
}

location ~ ^/icon/ {
        root   /usr/local/awstats/wwwroot;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        }
}

 

Use your browser to view the detailed results of the statistical http://youhostname/awstats/awstats.www.moabc.net.html

At this point, the use of awstats have been able to fully support the Nginx log statistics.

Configured to run automatically Awstats

In order for the entire statistical process log auto-complete, we need to set up crontab scheduled tasks, so that Nginx Log Awstats automatic cutting and running, from time to time to generate results page.

#vi /etc/crontab

11 59 * * * /opt/nginx/sbin/logcron.sh
00 1 * * * /usr/local/awstats/tools/awstats_buildstaticpages.pl  \
-update -config=www.moabc.net -lang=cn -dir=/data/admin_web/awstats \
-awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl  

#00:01  Awstats analysis log

#crontab /etc/crontab

The protection of the log results page

Regulators are generally reluctant to make people aware of their station not the real traffic, so results should Awstats password-protected pages. Nginx using Apache with the same password in encrypted format, where the need to bring their own tools apache used htpasswd.

If you default on this machine equipped with Apache, which you only in its directory run

For example:

#/usr/local/apache2/bin/htpasswd -c admin.pass admin

New password:
Re-type new password:
Adding password for user admin

server {
 	listen       80;
 	server_name  localhost;
 	location ~ ^/web/ {
 	root   /data/web;
 	index  index.html;
 	error_log off;
 	charset utf-8;
 	} 

 	location ~ ^/awstats/ {
        root   /data/admin_web;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        auth_basic     "admin";
     /opt/ngx/conf/admin.pass;
        }

        location ~ ^/icon/ {
        root   /usr/local/awstats/wwwroot;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        }
}

Aggregate

Although with the Apache HTTP Server comparison, Nginx function is relatively weak, but we can still use some techniques to circumvent these weaknesses, Nginx designers certainly give full consideration to this issue.  Now a growing number of third-party development in a gradual expansion module Nginx function.  But from the perspective of the application itself, Nginx more inclined to superior performance, rather than function, which in a number of additional functions, we can not too high on the requirements.

Reference resources

  • Nginx English site: http://www.nginx.net
  • Awstats Web site: http://awstats.sourceforge.net

Tagged with:
Dec 29

Nginx visit the Web site to enhance the use of speed

By jason Nginx Server 2 Comments »

About Nginx

Nginx ( "engine x") is a high-performance and HTTP reverse proxy server is also a proxy server IMAP/POP3/SMTP. Nginx by Igor Sysoev to visit Russia in the second volume of Rambler.ru development of the site, which has been the site of more than two and a half years of operation. Igor will be the source code to BSD-type license issued in the form. Despite the still beta, but, Nginx because it has the stability of the rich feature set, and low-profile example of system resources consumption and a well-known.

Nginx before use to know

At present, the official Nginx does not support Windows, you can only include Linux, UNIX, BSD system to install and use;

1.  Nginx itself is only a HTTP proxy server and reverse, it can not be the same as Apache by installing a variety of modules to support different page script, such as PHP, CGI, etc.;

2. Nginx support of a simple load balancing and fault-tolerant;

3. As support for basic HTTP server functionality, such as logging, compression, Byte ranges, Chunked responses, SSL, virtual host, and so on, everything.

In the Linux install Nginx

In order to ensure that Nginx in the use of regular expressions for a more flexible configuration, installation prior to the need to determine whether the system installed PCRE (Perl Compatible Regular Expressions) package.  You can ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ download the latest PCRE source package, compiled using the following command to download and install the PCRE package

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz
# tar zxvf pcre-7.7.tar.gz 
# cd pcre-7.7
# ./configure
# make
# make install

If  your OS is CentOS,you can:
yum install pcre

Then install Nginx, Nginx general there are two versions of which are stability and development of version version, you can choose your purpose of the two versions of one of the following is to install Nginx to / opt / nginx detailed directory : 
# wget http://sysoev.ru/nginx/nginx-0.6.34.tar.gz
# tar zxvf nginx-0.6.34.tar.gz
# cd nginx-0.6.34
# ./configure –with-http_stub_status_module –prefix=/opt/nginx 
# make
# make install

Parameters of which –with-http_stub_status_module to nginx opening of the NginxStatus function to monitor the current state of Nginx.

After the success of the installation /opt/nginx four sub-directory are: conf, html, logs, sbin. Nginx one of the profile stored in conf / nginx.conf, Nginx is only one program file is located in the sbin directory nginx document. The 80 ports to ensure that the system did not have been occupied by other programs, run sbin / nginx order to start Nginx, open the browser to access the machine’s IP, if the browser appears Welcome to nginx! Said Nginx have been installed and running successfully.

Nginx common parameters and control

Running parameters

Nginx only after the installation of a program file itself does not provide a variety of management procedures, it is the use of the system parameters and mechanism of signal Nginx control of the process itself.  Nginx parameters include the following:

-c <path_to_config>: the use of specified profile rather than the conf directory nginx.conf.
-t: test configuration file is correct, the need to re-load the run-time configuration, this command is very important to detect the revised profile of whether there is a syntax error.
-v: show nginx version number.
-V: show nginx version of its compiler, as well as environmental information, as well as compile-time parameters.

For example, we have to test whether or not to write a profile in the right, we can use the following command
sbin/nginx – t – c conf/nginx2.conf

Through the signal to the control Nginx

Nginx support of the table signals:

Signal 000

Description of the role of the

TERM, INT TERM, INT
Rapid closure of the program, currently suspended to deal with the request
QUIT
End to deal with the current request to close the program
HUP
Re-configured to load and open a new process, to shut down the process, this will not interrupt request
USR1
Re-open the log file for the switch logs, for example, every day a new generation of log files
USR2
Smooth upgrade executable
WINCH
Easily shut down the work process

There are two ways to control these signals Nginx, the first through the logs directory nginx.pid view the currently running Nginx the process ID, through the kill – XXX <pid> to control Nginx, which is the XXX out on the table The signals were out.  If your system is only one Nginx process, you can also killall order to complete, such as running killall -s HUP nginx to let Nginx reload configuration.

Configuration Nginx

A first look at the actual profile:

 user  nobody;
 worker_processes  4;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info; 

 #pid        logs/nginx.pid; 

 events {
    use epoll;
    worker_connections  2048;
 } 

 http {
    include       mime.types;
    default_type  application/octet-stream; 

    #log_format  main  '$remote_addr - $remote_user [$time_local] $request '
    #                  '"$status" $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"'; 

    #access_log  off;
    access_log  logs/access.log;

    sendfile        on;
    #tcp_nopush     on;
    tcp_nodelay     on; 

    keepalive_timeout  65; 

    include 	 gzip.conf; 

   upstream tomcats {
	 server 192.168.0.11:8080 weight=10;
	 server 192.168.0.11:8081 weight=10;
	 server 192.168.0.12:8080 weight=10;
	 server 192.168.0.12:8081 weight=10;
	 server 192.168.0.13:8080 weight=10;
	 server 192.168.0.13:8081 weight=10;
    } 

    server {
        listen       80;
        server_name  localhost; 

        charset utf-8; 

        #access_log  logs/host.access.log  main; 

	 location ~ ^/NginxStatus/ {
	    stub_status on;
	    access_log off;
	 } 

	 location ~ ^/(WEB-INF)/ {
	    deny all;
	 } 

	 location ~ \.(htm|html|asp|php|gif|jpg|jpeg|png|bmp|ico|rar|css|js|
	 zip|java|jar|txt|flv|swf|mid|doc|ppt|xls|pdf|txt|mp3|wma)$ {
             root /opt/webapp;
	    expires 24h;
        } 

        location / {
	    proxy_pass http://tomcats;
	    include proxy.conf;
        } 

        error_page 404 /html/404.html; 

        # redirect server error pages to the static page /50x.html
        #
	 error_page 502 503 /html/502.html;
        error_page 500 504 /50x.html;
        location = /50x.html {
            root   html;
        }
    }
 }

Nginx monitoring

Above is an example of the actual site configuration, in which gray text for that configuration. The above configuration, first of all, we define a location ~ ^ / NginxStatus /, so you can monitor http://localhost/NginxStatus/ through to the run Nginx message that reads as follows: 

Active connections: 70
server accepts handled requests
 14553819 14553819 19239266
Reading: 0 Writing: 3 Waiting: 67

NginxStatus display the contents of the meaning is as follows:

· active connections – currently being processed Nginx to connect the activities of a few.

· server accepts handled requests – handled a total of 14,553,819 connection, the success of the creation of 14,553,819 times to shake hands (no proof of failure in the middle), handled a total of 19,239,266 requests (average of 1.3 shook hands to deal with requests for information).

· reading – nginx read to the client’s Header information number.

· writing – nginx returned to the client’s Header information number.

· waiting – open the keep-alive, equal to the value of the active – (reading + writing), meaning that Nginx have been processed are still waiting for the next request to connect the presence of the command.

Static document processing

Through the regular expression, we can set up Nginx identified a variety of static documents, such as the path to the images under all requests can be written as follows: 

location ~ ^/images/ {
    root /opt/webapp/images;
}

The following is the definition of the configuration files of several types of requests for treatment. 

location ~ \.(htm|html|gif|jpg|jpeg|png|bmp|ico|css|js|txt)$ {
    root /opt/webapp;
    expires 24h;
}

For example, pictures, static HTML files, js script files and documents, such as css style, we hope to deal directly with Nginx and return to the browser, which can greatly speed up the web browsing speed. Therefore we need to file for this type of instruction to root through the designated path of the file stored at the same time as such documents are not often modified by expires in order to control the browser’s cache, so as to reduce unnecessary requests. expires order to control HTTP response in the "Expires" and "Cache-Control" of the header (to control play the role of the page cache). For example, you can use the following form to write Expires: 

expires 1 January, 1970, 00:00:01 GMT;
expires 60s;
expires 30m;
expires 24h;
expires 1d;
expires max;
expires off;

Dynamic page request to deal with

Nginx does not support the popular JSP, ASP, PHP, PERL, and other dynamic page, but it can reverse proxy will be sent to the request of the back-end servers, such as Tomcat, Apache, IIS, and other dynamic page to complete the deal with the request. In front of the configuration example, we first defined by the Nginx to deal directly with a number of requests for static files, all other requests through the proxy_pass instructions sent to the back-end server (in the above example is the Tomcat). The simplest proxy_pass use are as follows: 

location / {
    proxy_pass        http://localhost:8080;
    proxy_set_header  X-Real-IP  $remote_addr;
}

Here we do not have to use the cluster, but the request will be sent directly to run in the 8080′s Tomcat port services up to complete a similar JSP and Servlet to deal with the request.

When the page is visited very often require multiple application servers to share the dynamic operation of the implementation of the page, then we need to use the structure of the cluster. Nginx through upstream order to define a cluster server, the first complete example of our definition of a cluster of tomcats, this cluster of three servers, including a total of 6 Tomcat service. The wording of the directive proxy_pass become: 

location / {
    proxy_pass        http://tomcats;
    proxy_set_header  X-Real-IP  $remote_addr;
}

Nginx in the cluster configuration, Nginx use of the simplest rules of the average distribution to each cluster node allocation requests. Once a node fails, or re-onset time, Nginx will be very timely to deal with changes in the state to ensure that the user will not affect the visit.

Summary

Nginx official functions of the various modules to provide everything that these modules can be combined with the full requirements of a wide range of configurations, such as: compression, anti-Daolian, clusters, FastCGI, streaming media server, Memcached support, URL rewriting, and so on, but also the key Nginx that have HTTP server Apache and other high-performance unmatched.  You can even without changing the structure of the original Web site, through the introduction of front-end Nginx to increase the speed of site visits.

This article is a brief introduction Nginx common, as well as the installation of the basic configuration and use more information on Nginx read the article refer to the back of resources. Here are very grateful to my friend – Chen Lei (chanix@msn.com), he has been doing the Nginx WIKI(http://wiki.codemongers.com/Main), at the same time he introduced me so well Of a software.

If your site is running on Linux, if you do not have to use some of the very complex and can not be completed to determine the function of Nginx, and that you should try Nginx.

Reference

· Access to Nginx English site.

· Access to Nginx Chinese WIKI.

· Access to Nginx English WIKI.

· Another lightweight HTTP server lighttpd.

Access to products and technologies

· Download the latest version of Nginx.

· Download PCRE.

Tagged with:
Dec 29

Fix: “This Site May Harm Your Computer”

By jason The Google World 1 Comment »

Today, a keyword search in Google when suddenly discovered that many have seen “the site may harm your computer.” tips I had in the management of a site’s search results, really It is depressing, a few days ago the morning to go to work when the site was found because the process itself has been linked to the horse, then quickly finished cleaning up, log read the morning when people were injected, did not expect so soon Google was the GI mark, according to the system quickly prompted to do so, after the pilot was not found in the words of the process to issue to share with you all.

clip_image002

First of all, from the search results directly to your site address, the address was not open your web address, but a http://www.google.com/interstitial?url = at the beginning of the Web site, which read, Google’s warning Information, tips by clicking into StopBadware.org:

clip_image002[6]

Reopen a website on the current site is why Google will be labeled the reason, if you are the site’s webmaster, please point in the upper right corner of the Request a Review into words:

If you determine your site has no trojan, then please fill out the serious look of the current form of it, the mailbox must be based on your domain name suffix of it, the “Reason you are requesting review” you can refer to the system to submit examples of Any one of them, and then send point.

Next will receive noreply@stopbadware.org sent a message that has accepted your request:

Thank you for contacting StopBadware.org.  We are currently re-reviewing a number of websites via our request for review process, and we have added your site to that testing queue. Thank you for contacting StopBadware.org. We are currently re-reviewing a number of websites via our request for review process, and we have added your site to that testing queue.

……………..

The StopBadware Team

Google generally within three days will be prompted to delete the hateful words, at the same time you will receive reviews@stopbadware.org sent the e-mail:

We have received and processed your request for review of your website, www.jctx.com.cn/html/news/. It appears that your site does not currently host or distribute badware. As such, the Google warning page for your site has either already been removed or should be removed shortly. In addition, if your site has been listed in our Badware Website Clearinghouse, we will be removing your site from the Clearinghouse list.

……………..

The StopBadware Team

Tagged with:
Dec 28

Split Apache Log With Cronolog

By jason Apache Server No Comments »

About Cronolog

cronolog is a simple filter program that reads log file entries from standard input and writes each entry to the output file specified by a filename template and the current date and time. When the expanded filename changes, the current file is closed and a new one opened. cronolog is intended to be used in conjunction with a Web server, such as Apache, to split the access log into daily or monthly logs


Install cronolog in the Linux

#wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
#tar zxvf cronolog-1.6.2.tar.gz
#cd cronolog-1.6.2
#./configure
#make
#make install

cronolog options

Long form

Short form

Meaning

–hardlink=NAME

-H NAME

maintain a hard link from NAME to the current log file

–symlink=NAME

-S NAME

maintain a symbolic link from NAME to the current log file

–prev-symlink=NAME

-P NAME

maintain a symbolic link from NAME to previous log

–link=NAME

-l NAME

same as -S/–symlink

–help

-h

print a help message then exit

–period=PERIOD

-p PERIOD

set the rotation period explicitly (new in 1.6.2)

–delay=DELAY

set the rotation period delay (new in 1.6.2 — this will be renamed –rotation-offset with a short form of -o in 1.6.3)

–once-only

create single output log from template (not rotated)

–debug=FILE

-x FILE

write debug messages to FILE ( or to standard error if FILE is "-")

–american

-a

Interprete ambiguous start dates in American date formats (mm/dd/yy[yy])

–european

-e

Interprete ambiguous start dates in European date formats (dd/mm/yy[yy] – default)

–start-time=DT

-s DT

starting date and time (in ambiguous cases interpreted according to –american or –european specification)

–time-zone=TZ

-z TZ

use TZ for timezone

–version

-V

print version number, then exit

Template specifiers

Specifier

Description

%%

a literal % character

%n

a new-line character

%t

a horizontal tab character

Time fields

%H

hour (00..23)

%I

hour (01..12)

%p

the locale’s AM or PM indicator

%M

minute (00..59)

%S

second (00..61, which allows for leap seconds)

%X

the locale’s time representation (e.g.: "15:12:47")

%Z

time zone (e.g. GMT), or nothing if the time zone cannot be determined

Date fields

%a

the locale’s abbreviated weekday name (e.g.: Sun..Sat)

%A

the locale’s full weekday name (e.g.: Sunday .. Saturday)

%b

the locale’s abbreviated month name (e.g.: Jan .. Dec)

%B

the locale’s full month name, (e.g.: January .. December)

%c

the locale’s date and time (e.g.: "Sun Dec 15 14:12:47 GMT 1996")

%d

day of month (01 .. 31)

%j

day of year (001 .. 366)

%m

month (01 .. 12)

%U

week of the year with Sunday as first day of week (00..53, where week 1 is the week containing the first Sunday of the year)

%W

week of the year with Monday as first day of week (00..53, where week 1 is the week containing the first Monday of the year)

%w

day of week (0 .. 6, where 0 corresponds to Sunday)

%x

locale’s date representation (e.g. today in Britain: "15/12/96")

%y

year without the century (00 .. 99)

%Y

year with the century (1970 .. 2038)


Cronolog usage:

Edit your httpd.conf file

CustomLog "|/path/to/cronolog [OPTIONS] logfile-spec" [format]

CustomLog "|/usr/sbin/cronolog /web/logs/%Y/%m/%d/access.log" combined
ErrorLog "|/usr/sbin/cronolog /web/logs/%Y/%m/%d/errors.log"

Security issues with cronolog

As far as I am aware noone has done a formal security audit of cronolog. However I have checked the code for potential buffer overflows and such like, and have not found anything untoward. Users should however be aware that cronolog is normally invoked from the web server and passed a filename template from which it constructs the names of the log files that are written. On Unix-like systems piped log programs are started by the initial server process, which runs as root; thus cronolog will usually run as root. If an attacker can write to the web server configuration file then he or she could cause cronolog to write to critical files. Mind you if an attacker does manage to change the web server configuration file then all sorts of nefarious actions are open to them.

Tagged with:
Dec 28

nginx rewrite parameters

By jason Nginx Server No Comments »

Regular expressions to match, of which:
* ~ For the case-insensitive match
* ~ * For the case-insensitive match
*! ~ And! ~ * Are case-sensitive does not match and are not case-sensitive documents and directories do not match to match, of which:
*-F and!-F used to determine the existence of a document
*-D and!-D used to determine the existence of directory
*-E and!-E used to determine the existence of files or directories
*-X and!-X used to determine whether the executable fileflag markers are:
* Last equivalent to Apache’s [L] tag that complete rewrite, no longer match the back of the rules
* Break with the last similar
* Redirect the return of 302 temporary redirect
* Permanent return of 301 permanent redirect some of the available global variables can be used to determine the conditions (to be completed)
$args $ args
$content_length $ content_length
$content_type $ content_type
$document_root $ document_root
$document_uri $ document_uri
$host $ host
$http_user_agent $ http_user_agent
$http_cookie $ http_cookie
$limit_rate $ limit_rate
$request_body_file $ request_body_file
$request_method $ request_method
$remote_addr $ remote_addr
$remote_port $ remote_port
$remote_user $ remote_user
$request_filename $ request_filename
$request_uri $ request_uri
$query_string $ query_string
$scheme $ scheme
$server_protocol $ server_protocol
$server_addr $ server_addr
$server_name $ server_name
$server_port $ server_port
$uri $ uri

 

 

Tagged with:
Dec 28

Apache Performance Tuning

By jason Apache Server 1 Comment »

Forewarning:

…in other words, don’t implement in extra complexity if you don’t need it. A site handling a few thousand requests per day will do fine on a default configuration and just about any hardware. This article is geared towards a site that needs to handle multiple concurrent requests [ten to several hundred per second].

General [in order of importance]

RAM

The single biggest issue affecting webserver performance is RAM. Have as much RAM as your hardware, OS, and funds allow [within reason].

The more RAM your system has, the more processes [and threads] Apache can allocate and use; which directly translates into the amount of concurrent requests/clients Apache can serve.

Generally speaking, disk I/O is usually a close 2nd, followed by CPU speed and network link. Note that a single PII 400 Mhz with 128-256 Megs of RAM can saturate a T3 (45 Mbps) line.

Select MPM

Chose the right MPM for the right job:

prefork [default MPM for Apache 2.0 and 1.3]:
  • Apache 1.3-based.
  • Multiple processes, 1 thread per process, processes handle requests.
  • Used for security and stability.
  • Has higher memory consumption and lower performance over the newer Apache 2.0-based threaded MPMs.
worker:
  • Apache 2.0-based.
  • Multiple processes, many threads per process, threads handle requests.
  • Used for lower memory consumption and higher performance.
  • Does not provide the same level of isolation request-to-request, as a process-based MPM does.
winnt:
  • The only MPM choice under Windows.
  • 1 parent process, exactly 1 child process with many threads, threads handle requests.
  • Best solution under Windows, as on this platform, threads are always “cheaper” to use over processes.

Configure MPM

Core Features and Multi-Processing Modules

Default Configuration
<IfModule prefork.c>
  StartServers            8
  MinSpareServers         5
  MaxSpareServers        20
  MaxClients            150
  MaxRequestsPerChild  1000
</IfModule>

<IfModule worker.c>
  StartServers            2
  MaxClients            150
  MinSpareThreads        25
  MaxSpareThreads        75
  ThreadsPerChild        25
  MaxRequestsPerChild     0
</IfModule>

<IfModule mpm_winnt.c>
  ThreadsPerChild       250
  MaxRequestsPerChild     0
</IfModule>
Directives
MaxClients, for prefork MPM

MaxClients sets a limit on the number of simultaneous connections/requests that will be served.

I consider this directive to be the critical factor to a well functioning server. Set this number too low and resources will go to waist. Set this number too high and an influx of connections will bring the server to a stand still. Set this number just right and your server will fully utilize the available resources.

An approximation of this number should be derived by dividing the amount of system memory (physical RAM) available by the maximum size of an apache/httpd process; with a generous amount spared for all other processes.

MaxClients ¡Ö (RAM – size_all_other_processes)/(size_apache_process)Use ‘ps -ylC httpd –sort:rss’ to find process size. Divide number by 1024 to get megabytes. Also try ‘top’.

Use ‘free -m’ for a general overview. The key figure to look at is the buffers/cache used value.

Use ‘vmstat 2 5′ to display the number of runnable, blocked, and waiting processes; and swap in and swap out.

Example:

  • System: VPS (Virtual Private Server), CentOS 4.4, with 128MB RAM
  • Apache: v2.0, mpm_prefork, mod_php, mod_rewrite, mod_ssl, and other modules
  • Other Services: MySQL, Bind, SendMail
  • Reported System Memory: 120MB
  • Reported httpd process size: 7-13MB
  • Assumed memory available to Apache: 90MB

Optimal settings:

  • StartServers 5
  • MinSpareServers 5
  • MaxSpareServers 10
  • ServerLimit 15
  • MaxClients 15
  • MaxRequestsPerChild 2000

With the above configuration, we start with 5-10 processes and set a top limit of 15. Anything above this number will cause serious swapping and thrashing under a load; due to the low amount of RAM available to the [virtual] Server. With a dedicated Server, the default values [ServerLimit 256] will work with 1-2GB of RAM.

When calculating MaxClients, take into consideration that the reported size of a process and the effective size are two different values. In this setup, it might be safe to use 20 or more workers… Play with different values and check your system stats.

Note that when more connections are attempted than there are workers, the connections are placed into a queue. The default queue size value is 511 and can be adjusted with the ListenBackLog directive.

ThreadsPerChild, for winnt MPM

On the Windows side, the only useful directive is ThreadsPerChild, which is usually set to a value of 250 [defaults to 64 without a value]. If you expect more, or less, concurrent connections/requests, set this directive appropriately. Check process size with Task Manager, under different values and server load.

MaxRequestsPerChild

Directive MaxRequestsPerChild is used to recycle processes. When this directive is set to 0, an unlimited amount of requests are allowed per process.

While some might argue that this increases server performance by not burdening Apache with having to destroy and create new processes, there is the other side to the argument…

Setting this value to the amount of requests that a website generates per day, divided by the number of processes, will have the benefit of keeping memory leaks and process bloat to a minimum [both of which are a common problem]. The goal here is to recycle each process once per day, as apache threads gradually increase their memory allocation as they run.

Note that under the winnt MPM model, recycling the only request serving process that Apache contains, can present a problem for some sites with constant and heavy traffic.

Requests vs. Client Connections

On any given connection, to load a page, a client may request many URLs: page, site css files, javascript files, image files, etc.

Multiple requests from one client in rapid succession can have the same effect on a Server as “concurrent” connections [threaded MPMs and directive KeepAlive taken into consideration]. If a particular website requires 10 requests per page, 10 concurrent clients will require MPM settings that are geared more towards 20-70 clients. This issue manifests itself most under a process-based MPM [prefork].

Separate Static and Dynamic Content

Use separate servers for static and dynamic content. Apache processes serving dynamic content will carry overhead and swell to the size of the content being served, never decreasing in size. Each process will incur the size of any loaded PHP or Perl libraries. A 6MB-30MB process size [or 10% of server's memory] is not unusual, and becomes a waist of resources for serving static content.

For a more efficient use of system memory, either use mod_proxy to pass specific requests onto another Apache Server, or use a lightweight server to handle static requests:

  • lighttpd [has experimental win32 builds]
  • tux [patched into RedHat, runs inside the Linux kernel and is at the top of the charts in performance]

The Server handling the static content goes up front.

Note that configuration settings will be quite different between a dynamic content Server and a static content Server.

mod_deflate

Reduce bandwidth by 75% and improve response time by using mod_deflate.

LoadModule deflate_module modules/mod_deflate.so
<Location />
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml application/x-javascript
</Location>

Loaded Modules

Reduce memory footprint by loading only the required modules.

Some also advise to statically compile in the needed modules, over building DSOs (Dynamic Shared Objects). Very bad advice. You will need to manually rebuild Apache every time a new version or security advisory for a module is put out, creating more work, more build related headaches, and more downtime.

mod_expires

Include mod_expires for the ability to set expiration dates for specific content; utilizing the ‘If-Modified-Since’ header cache control sent by the user’s browser/proxy. Will save bandwidth and drastically speed up your site for [repeat] visitors.

Note that this can also be implemented with mod_headers.

KeepAlive

Enable HTTP persistent connections to improve latency times and reduce server load significantly [25% of original load is not uncommon].

prefork MPM:

KeepAlive On
KeepAliveTimeout 2
MaxKeepAliveRequests 80

worker and winnt MPMs:

KeepAlive On
KeepAliveTimeout 15
MaxKeepAliveRequests 80

With the prefork MPM, it is recommended to set ‘KeepAlive’ to ‘Off’. Otherwise, a client will tie up an entire process for that span of time. Though in my experience, it is more useful to simply set the ‘KeepAliveTimeout’ value to something very low [2 seconds seems to be the ideal value]. This is not a problem with the worker MPM [thread-based], or under Windows [which only has the thread-based winnt MPM].

With the worker and winnt MPMs, the default 15 second timeout is setup to keep the connection open for the next page request; to better handle a client going from link to link. Check logs to see how long a client remains on each page before moving on to another link. Set value appropriately [do not set higher than 60 seconds].

SymLinks

Make sure ‘Options +FollowSymLinks -SymLinksIfOwnerMatch’ is set for all directories. Otherwise, Apache will issue an extra system call per filename component to substantiate that the filename is NOT a symlink; and more system calls to match an owner.

<Directory />
Options FollowSymLinks
</Directory>

AllowOverride

Set a default ‘AllowOverride None’ for your filesystem. Otherwise, for a given URL to path translation, Apache will attempt to detect an .htaccess file under every directory level of the given path.

<Directory />
AllowOverride None
</Directory>

ExtendedStatus

If mod_status is included, make sure that directive ‘ExtendedStatus’ is set to ‘Off’. Otherwise, Apache will issue several extra time-related system calls on every request made.

ExtendedStatus Off

Timeout

Lower the amount of time the server will wait before failing a request.

Timeout 45

Other/Specific

Cache all PHP pages, using Squid, and/or a PHP Accelerator and Encoder application, such as APC. Also take a look at mod_cache under Apache 2.2.

Convert/pre-render all PHP pages that do not change request-to-request, to static HTML pages. Use ‘wget’ or ‘HTTrack’ to crawl your site and perform this task automatically.

Pre-compress content and pre-generate headers for static pages; send-as-is using mod_asis. Can use ‘wget’ or ‘HTTrack’ for this task. Make sure to set zlib Compression Level to a high value (6-9). This will take a considerable amount of load off the server.

Use output buffering under PHP to generate output and serve requests without pauses.

Avoid content negotiation for faster response times.

Make sure log files are being rotated. Apache will not handle large (2gb+) files very well.

Gain a significant performance improvement by using SSL session cache.

Outsource your images to Amazon’s Simple Storage Service (S3).

Measuring Web Server Performance

Load Testing

Apache HTTP server benchmarking tool
httperf
The Grinder, a Java Load Testing Framework

Benchmarks

I have searched extensively for Apache, lighttpd, tux, and other webserver benchmarks. Sadly, just about every single benchmark I could locate appeared to have been performed completely without thought, or with great bias.

Do not trust any posted benchmarks, especially ones done with the ‘ab’ tool.

The only way to get a valid report is to perform the benchmark yourself.

For valid results, note to test under a system with limited resources, and maximum resources. But most importantly, configure each httpd server application for the specific situation.

Tagged with:
Dec 27

Secure Your Apache Server Configuration

By jason Apache Server 1 Comment »

First, make sure you’ve installed latest security patches

There is no sense in putting locks on the windows, if your door is wide open. As such, if you’re not patched up there isn’t really much point in continuing any longer on this list. Go ahead and bookmark this page so you can come back later, and patch your server.

Hide the Apache Version number, and other sensitive information.

By default many Apache installations tell the world what version of Apache you’re running, what operating system/version you’re running, and even what Apache Modules are installed on the server. Attackers can use this information to their advantage when performing an attack. It also sends the message that you have left most defaults alone.

Edit in your httpd.conf file and add two directives:

ServerSignature Off
ServerTokens Prod

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache

If you’re super paranoid you could change this to something other than "Apache" by editing the source code, or by using mod_security (see below).

Make sure apache is running under its own user account and group

Several apache installations have it run as the user nobody. So suppose both Apache, and your mail server were running as nobody an attack through Apache may allow the mail server to also be compromised, and vise versa.

User apache
Group apache

Ensure that files outside the web root are not served

We don’t want apache to be able to access any files out side of its web root. So assuming all your web sites are placed under one directory (we will call this /web), you would set it up as follows:

<Directory />
  Order Deny,Allow
  Deny from all
  Options None
  AllowOverride None
</Directory>
<Directory /web>
  Order Allow,Deny
  Allow from all
</Directory>

Turn off directory browsing

You can do this with an Options directive inside a Directory tag. Set Options to either None or -Indexes

Options -Indexes

Turn off server side includes

This is also done with the Options directive inside a Directory tag. Set Options to either None or -Includes

Options -Includes

Turn off CGI execution

If you’re not using CGI turn it off with the Options directive inside a Directory tag. Set Options to either None or -ExecCGI

Options -ExecCGI

Don’t allow apache to follow symbolic links

This can again can be done using the Options directive inside a Directory tag. Set Options

to either None or -FollowSymLinks

Options -FollowSymLinks

Turning off multiple Options

If you want to turn off all Options simply use:

Options None


If you only want to turn off some separate each option with a space in your Options directive:

Options -ExecCGI -FollowSymLinks -Indexes

Turn off support for .htaccess files

This is done in a Directory tag but with the AllowOverride directive. Set it to None.

AllowOverride None


If you require Overrides ensure that they cannot be downloaded, and/or change the name to something other than .htaccess. For example we could change it to .httpdoverride, and block all files that start with .ht from being downloaded as follows:

AccessFileName .httpdoverride
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

Run mod_security

mod_security is a super handy Apache module written by Ivan Ristic, the author of Apache Security from O’Reilly press.

You can do the following with mod_security:

  • Simple filtering
  • Regular Expression based filtering
  • URL Encoding Validation
  • Unicode Encoding Validation
  • Auditing
  • Null byte attack prevention
  • Upload memory limits
  • Server identity masking
  • Built in Chroot support
  • And more

Disable any unnecessary modules

Apache typically comes with several modules installed. Go through the apache module documentation and learn what each module you have enabled actually does. Many times you will find that you don’t need to have the said module enabled.

Look for lines in your httpd.conf that contain LoadModule. To disable the module you can typically just add a # at the beginning of the line. To search for modules run:

grep LoadModule httpd.conf

Here are some modules that are typically enabled but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex.

Make sure only root has read access to apache’s config and binaries

This can be done assuming your apache installation is located at /usr/local/apache as follows:

chown -R root:root /usr/local/apache
chmod -R o-rwx /usr/local/apache

Lower the Timeout value

By default the Timeout directive is set to 300 seconds. You can decrease help mitigate the potential effects of a denial of service attack.

Timeout 45

Limiting large requests

Apache has several directives that allow you to limit the size of a request, this can also be useful for mitigating the effects of a denial of service attack.

A good place to start is the LimitRequestBody directive. This directive is set to unlimited by default. If you are allowing file uploads of no larger than 1MB, you could set this setting to something like:

LimitRequestBody 1048576

If you’re not allowing file uploads you can set it even smaller.

Some other directives to look at are LimitRequestFields, LimitRequestFieldSize and LimitRequestLine. These directives are set to a reasonable defaults for most servers, but you may want to tweak them to best fit your needs. See the documentation for more info.

Limiting the size of an XML Body

If you’re running mod_dav (typically used with subversion) then you may want to limit the max size of an XML request body. The LimitXMLRequestBody directive is only available on Apache 2, and its default value is 1 million bytes (approx 1mb). Many tutorials will have you set this value to 0 which means files of any size may be uploaded, which may be necessary if you’re using WebDAV to upload large files, but if you’re simply using it for source control, you can probably get away with setting an upper bound, such as 10mb:

LimitXMLRequestBody 10485760

Limiting Concurrency

Apache has several configuration settings that can be used to adjust handling of concurrent requests. The MaxClients is the maximum number of child processes that will be created to serve requests. This may be set too high if your server doesn’t have enough memory to handle a large number of concurrent requests.

Other directives such as MaxSpareServers, MaxRequestsPerChild, and on Apache2 ThreadsPerChild, ServerLimit, and MaxSpareThreads are important to adjust to match your operating system, and hardware.

Restricting Access by IP

If you have a resource that should only by accessed by a certain network, or IP address you can enforce this in your apache configuration. For instance if you want to restrict access to your intranet to allow only the 176.16 network:

Order Deny,Allow
Deny from all
Allow from 176.16.0.0/16


Or by IP:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

Adjusting KeepAlive settings

According to the Apache documentation using HTTP Keep Alive’s can improve client performance by as much as 50%, so be careful before changing these settings, you will be trading performance for a slight denial of service mitigation.

KeepAlive’s are turned on by default and you should leave them on, but you may consider changing the MaxKeepAliveRequests which defaults to 100, and the KeepAliveTimeout which defaults to 15. Analyze your log files to determine the appropriate values.

Run Apache in a Chroot environment

chroot allows you to run a program in its own isolated jail. This prevents a break in on one service from being able to effect anything else on the server.

It can be fairly tricky to set this up using chroot due to library dependencies. I mentioned above that the mod_security module has built in chroot support. It makes the process as simple as adding a mod_security directive to your configuration:

SecChrootDir /chroot/apache

There are however some caveats however, so check out the docs for more info.

Acknowledgments

I have found the book Apache Security to be a highly valuable resource for securing an apache web server. Some of the suggestions listed above were inspired by this book.

Suggestions

Please post any suggestions, caveats, or corrections in the comments and I will update the post if necessary.

Tagged with:
Dec 23

Very Useful WordPress Plugins

By jason Wordpress Plugins 21 Comments »
There are several thousands of WordPress plugins in the WordPress community and new plugins are coming out everyday. However, not all plugins are useful, in fact some are very bad written that will mess up your site or harm your WordPress installation. So how do you know which plugins are right for you? Well, here is a list of plugins that I have used or played around before. Hopefully you will something useful here.

WP Cache

To save your SQL server resources, WP Cache works by caching Worpress pages and storing them in a static file for serving future requests directly from the file rather than loading and compiling the whole PHP code and then building the page from the database. It is a very useful plugin if you have a high traffic site or low performance server.

WP eCommerce

Want to sell stuffs on your blog? You must check out this WP eCommerce plugin by Instinct. It is an Ajax powered shopping cart, very easy to use. You can setup your shop in minutes through the Admin panels.

Intouch Ajax contact form

I¡¯ve been using this contact form for over a year. It works very good and filters all the spams. Seriously, NO SPAM at all. It also allows you to customize the email subject, thank you messages, and adds addition form fields.

Secure and Accessible Contact Form

Another contact form by Mike Cherim and Mike Jolley. Although, I have never used this contact form before, but I¡¯ve been hearing good rating on them. So, give it a shoot.

Sideblog

One of the popular WordPress plugins, Sideblog is the best way to post short notes on the sidebar. I use it for Best Web Gallery. It gives you options to define the sideblog category, how many entries to display, and whether to exclude from RSS feeds.

WP PageNavi

WP PageNavi adds a better paging navigation to your WordPress site. It is nice if you have a lot of posts because it allows your visitors to skip from page to page. I use it on N.Design Studio and Best Web Gallery.

Sociable

Sociable appends a list of the social bookmarking sites (ie. Digg, Del.icio.us, Reddit) at the end of your posts and allows your visitors to bookmark. I used this plugin before and it worked very well.

Ajax Post Rating

WP Post Ratings adds a 5-star Ajax rating system to your posts/pages. It works like a charm. Hint: most CSS gallery sites use this plugin.

Ajax Comment

A very simple yet effect Ajax comment plugin, it checks if all fields filled correctly (so your visitors will never see the default error messages), and also makes sure to avoid comment duplication, and has flood protection capabilities as well.

Ajax Inline Comment

This plugin gives your visitors an Ajax live comment preview. It is great if they need to enter HTML tags in your comments. So, no more syntax errors in your comments.

Ajax Polls

As seen on Web Designer Wall, it adds a Ajax poll system to your site. It is very flexible with a lot of features. Layout is completely customizable via Admin panels. It also allows you to archive the polls. Highly recommended!

Gravatar 2 Plugin

It basically display a Gravatar (globally recognized avatar) of your commenters. In case you don¡¯t know yet, Automattic (WordPress creator) just acquired Gravatar and the future Gravatar services will run faster and bigger sizes (up to 128px).

Digg This

Digg this is a WordPress plugin that detects incoming links from Digg.com to your wordpress post and automatically display a link back to the digg post, for people to digg your story. When a digg is first recognized, it will send an email to the site¡¯s admin.

Subscribe to comment

Subscribe to Comments 2.1 is a plugin that allows commenters on your blog to check a box before commenting and get e-mail notification of further comments. You probably seen it already, it adds a checkbox “Notify me of followup comments via e-mail” in the comment form.

Admin Drop Down Menu

I¡¯ve been this plugin since my first WordPress site, it is a must have for every WordPress site. It saves me so much time and clicks. It basically makes your secondary menu activate on mouseover. For example, instead of click Write, then click Page; you can mouseover Write and click Page (this will save one click and one pageload). Big time saver!

Adsense Deluxe

Adsense Deluxe is probably the best Adsense plugin available on the web. Very easy to use: first you define your ad code through the Admin options, then insert a HTML snippet (“<!¨Cadsense¨C>”) into anywhere of your post content, and it will automatically repace it with your ad code.

Search Everything

Default WordPress search engine doesn¡¯t search metadatas, static Pages, etc. This plugin allows you to search everything in the database. Of course, it comes with options, so you can set what to search.

Ajax Calendar

If you use calendar in your sidebar, consider this Ajax Calendar. Your visitor can browse through the calendar without refreshing the page.

Breadcrumb Navigation XT

Although not many sites use breadcrumb navigation now, but if you want, here is one: Breadcrumb Navigation XT. It basically lets you add a breabcrumb navigation to your site.

Google Sitemap Generator

If you need to generate a XML compliant sitemap for search engines, Google Sitemap Generator is the best choice (supported by most popular search engines: Google, Yahoo, Ask.com, and MSN).

Simple Recent Comments

Another must have plugin. In fact, it is in all my WordPress sites. It outputs a list of recent comment excerpt. You can install as WordPress plugin or simply include in your theme folder (no activation required). Simple!

Simple Tags

As of version 2.3, WordPress has a built-in tagging system, however with very limited features. Simple Tags gives you more features: type-ahead / auto suggestion tags, manage tags (rename, delete, add..), edit mass tags, dynamic tag cloud colors, and more!

WP Mailing List

Not sure if anyone would still signup newsletter since we have RSS now. But newsletter is the best way to inform your subscribers with new products and updates. I find this plugin will be useful if you run a WP eCommerce shop. It is not free (cost $14.99), but totally worth it (check out their features).

Category Tag Cloud

If you want to fake your categories into a tag cloud like what I did at Best Web Gallery, here is the plugin Category Tag Cloud. It is very easy to install and customize.

Paged Comments

This plugin is useful if you get a lot of comments on your blog. It breaks your comments into a number of pages. Imagine if your blog gets over a thousand of comments? You definitely need this plugin.

flickrRSS

This plugin allows you to easily display Flickr photos on your weblog. It supports user, public and group photostreams. The plugin is relatively easy to setup and configure via an options panel. It also has support for an image cache located on your server.

Theme Switcher

Theme Switcher allows your readers to switch among installed themes. This plugin is useful if you offer WordPress theme and you want to let your users to preview the themes. I use it to showcase my free

Tagged with:
Dec 22

15 WordPress Plugins For AdSense

By jason Wordpress Plugins 3 Comments »

Many blogs survive thanks to Google AdSense – a fact that¡¯s leading some to debate the use of ad blocking software. However, implementing and tweaking AdSense ads on a WordPress blog can be tedious. We¡¯ve gathered 15 WordPress plugins which help you implement, control and overview AdSense ads on your blog.

Related: WORDPRESS PLUGINS: more Tools for Running Your WordPress Blog

¨C

Adsense Deluxe – probably the most popular and perhaps the best AdSense plugin out there, AdSense Deluxe lets you automatically insert ads (it works with Yahoo ads, too) into your posts or pages. Very configurable and yet simple to use. (at the time of this writing, the official link for this plugin is dead. Hopefully, it¡¯s just temporary.)

AdSense Widget for WordPress Sidebar – Add AdSense to your WordPress sidebar in the form of a widget.

Shylock AdSense – another plugin for easy integration of AdSense ads into your blog; has an interesting feature that lets you set particular ads into blog posts which are more than X days old.

Adsense Injection – random Adsense injection into your blog.

AdMan – integrates ads directly inside your blog posts. Compatible with AdSense.

AdSense Manager – a fully featured AdSense manager. Use the latest version only, as older versions had some issues with the AdSense terms and conditions.

AdRotator – afraid of adblindness? AdRotator rotates (doh!) your AdSense ads, and combines them with other advertising programs.

AdSense Attachment – display extra content, like images, in a new page together with AdSense ads.

MightyAdsense – display AdSense ads without modifying the templates. Has a preview for ads in the WordPress control panel.

Google Ad Wrap – show that pesky Google spider what content on your blog is really important

Adsense Inline – another plugin that makes inserting AdSense into your blog posts really easy.

Author Adsense - split revenue between several blog authors on the same blog.

Author Adsense MU plugin – same as Author AdSense, only commercial and aimed only at WordPress MU (Multi User) users.

AdSense Sharing Revenue and Earnings System – another revenue sharing plugin for AdSense on WordPress. Also shows you your earnings in real time.

Adsense Earnings WordPress Plugin – always be in control of your AdSense earnings, right from the WordPress Admin panel.

Tagged with:
preload preload preload