Category Archives: Apache

Apache Web Server Security & Hardening Tips for Administrator

Apache is one of the best, popular, fast, free & open-source Web Server which is currently holding 33.56% of market share as per netcraft Feb’2016 survey. As a server administrator, make sure we should hardening the web server to prevent attacks. Here i’m listing most important security tips which will help you to secure your… Read More »

Apache Web Server Hardening & Security Guide

A practical guide to secure and harden Apache Web Server. 1. Introduction The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack. Having default configuration supply much sensitive information which may help… Read More »

Securing Apache with SSL

Let’s install mod24_ssl sudo yum install mod24_ssl And generate private key + CSR openssl req -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out server.csr don’t forget to copy this file in save location ! /etc/pki/tls/private/localhost.key if we got our purchased SSL certyficate, we have to create file with it. Usually you have to marge all of them… Read More »

13 Apache Web Server Security and Hardening Tips

We all are very familiar with Apache web server, it is a very popular web server to host your web files or your website on the web. Here are some links which can help you to configure Apache web server on your Linux box. Apache Security and Hardening Tips Install Apache Web Server Setup Your… Read More »

Configuring mod_evasive

Now that the installation is complete and verified, let us look into the configuration of the module. mod_evasive can be easily customized through the mod_evasive.conf configuration file. We will discuss some of the configuration parameters in this tutorial. Please refer to the configuration file for information on all the parameters — it contains a description… Read More »

Force Apache to use proxy

ProxyRemote * More info available on Apache web page:

ModSecurity Advanced Topic of the Week: (Updated) Exception Handling

UPDATE – since this original post, we added new exception handling capabilities to v2.6.0 which are a tremendous help for adding in custom exceptions. See the section below on Updating the Target Lists. This post is long overdue. I will cover the current state of exception handling options within both ModSecurity and the OWASP Core… Read More »

Integrating Apache with Active Directory

Here are my requirements:   Must use Active Directory for the user/pass database Must use Active Directory groups to determine membership in “departmentA” Must be able to implement group based restrictions, eg. “repositoryA” must only be accessible by “departmentA” So being a Debian sorta fellow I did a search for all the Apache and LDAP… Read More »

Write cookies with Apache

If you want to write cookies with Apache, you must use mod_headers. After this you can set cookies from every conf file: Header append set-cookie: “MyCookie=myValue; path=/;”