Apache is one of the best, popular, fast, free & open-source Web Server which is currently holding 33.56% of market share as per netcraft Feb’2016 survey. As a server administrator, make sure we should hardening the web server to prevent attacks. Here i’m listing most important security tips which will help you to secure your… Read More »
A practical guide to secure and harden Apache Web Server. 1. Introduction The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack. Having default configuration supply much sensitive information which may help… Read More »
Let’s install mod24_ssl sudo yum install mod24_ssl And generate private key + CSR openssl req -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out server.csr don’t forget to copy this file in save location ! /etc/pki/tls/private/localhost.key if we got our purchased SSL certyficate, we have to create file with it. Usually you have to marge all of them… Read More »
We all are very familiar with Apache web server, it is a very popular web server to host your web files or your website on the web. Here are some links which can help you to configure Apache web server on your Linux box. Apache Security and Hardening Tips Install Apache Web Server Setup Your… Read More »
Now that the installation is complete and verified, let us look into the configuration of the module. mod_evasive can be easily customized through the mod_evasive.conf configuration file. We will discuss some of the configuration parameters in this tutorial. Please refer to the configuration file for information on all the parameters — it contains a description… Read More »
ProxyRemote * http://ip.of.proxY.host:port More info available on Apache web page: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyremote
UPDATE – since this original post, we added new exception handling capabilities to v2.6.0 which are a tremendous help for adding in custom exceptions. See the section below on Updating the Target Lists. This post is long overdue. I will cover the current state of exception handling options within both ModSecurity and the OWASP Core… Read More »
Here are my requirements: Must use Active Directory for the user/pass database Must use Active Directory groups to determine membership in “departmentA” Must be able to implement group based restrictions, eg. “repositoryA” must only be accessible by “departmentA” So being a Debian sorta fellow I did a search for all the Apache and LDAP… Read More »
In the latest SVN trunk version of the CRS (2.0.9), we have implemented the capability for users to easily toggle between Traditional or Anomaly Scoring detection modes. This will most likely come as very welcomed enhancement for many users. With the initial CRS v2.0, I feel that we jumped the gun a bit and in… Read More »
If you want to write cookies with Apache, you must use mod_headers. After this you can set cookies from every conf file: Header append set-cookie: “MyCookie=myValue; path=/;”