Apache

VirtualBox Manager – Whats Next?

May 16th

Posted by nseidm1 in Apache

No comments

There is a small bug on the delete hosts page that will be fixed. I’m going to keep the max number of hosts, at this time, to 7 to support smaller screens without having to rewrite the code to support multiple pages of hosts. I’m going to add, at mininum, an additional class where I want to allow users to connect to the virtual machine itself to run commands. I will configure the virtual machine menu the same way as the host control menu. VirtualBox Manager will scan the virtual machine and display buttons with relevant servers that are running. For example if the machine has apache, sendmail, and mysql it will detect them and display a button for each service. The user can then start, stop, or reset the service.

I should have this update implemented in the next couple of days. I will also set a toggle in the main menu to enable a main application password required before connecting to any host. Although I may reserve this feature for the enterprise level application.

, , , , , , , , ,

Apache2 Virtualhosting with a Single SSL Host

Mar 13th

Posted by nseidm1 in Apache

No comments

To start, Apache2 cannot process multiple ssl virtualhosts. It can handle multiple regular virtualhosts, and a single ssl host.

Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol. [1]

NameVirtualHost IP1:80
NameVirtualHost IP1:443
ServerName main_server:80
DocumentRoot "/var/www/html"
ServerName 2nd_server:80
DocumentRoot "/var/www/2nd_server"
ServerName 3rd_server:80
DocumentRoot "/var/www/3rd_server"
ServerName main_server
DocumentRoot "/var/www/secure_html"
SSLEngine on

I plan to implement a store to sell various items, and I want to make people feel comfortable. To feel comfortable the visitor needs to see the lock icon in their web browser, and maybe a third party certification so the title bar becomes green in newer browsers.

, , , ,

Mod Security for Apache – Web Server Smart Firewall

Feb 22nd

Posted by nseidm1 in Apache

No comments

Mod security has features that go above and beyond a standard firewall. It will help to prevent denial of service attacks, and also can be used to block traffic based on realtime blackhole lists issued by Spamhaus and others. Mod security is apparently in the Debian repositories as well as Ubuntu. In the Ubuntu repos you will have to enable the third party applications and update the aptitude databases. Then install:

sudo apt-get install libapache2-mod-security

Then enable the module:

sudo a2enmod security

By default there is a configuration file installed. The default configuration will provide you a basic starting point for the various security options available by the module. Please refer to the document for more information about what can be done. This blog shows how to use mod security to hit realtime blackhole lists to block nasty offenders of various natures.

http://www.inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists.html

, , , , , , , , ,

Apache Security – Necessary Settings

Feb 20th

Posted by nseidm1 in Apache

No comments

PHP is powerful, and allows static html pages to become dynamic. It also allows information to translate into commands and functions. Because of this you should implement a variety of security features. The biggest security feature, which increases security of the host machine, is setting the basedir parameter. This locks PHP functions to a particular directory, not allowing them to run processes or effect files further down the tree. Use nano and the cntrl-w function to search for “open_basedir” in /etc/php5/apache/php.ini. It will most likely be commented with a # sign. Remove the # sign and add the document root of your website. If you virtualhost, you can add the root of all documents served.

Also turn off several other parementers.

allow_url_fopen

allow_url_include

display_errors

register_globals

safe_mode

Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.

, , , , , , , , ,

Lighttpd – A lighter Web Server

Dec 26th

Posted by nseidm1 in Apache

No comments

The first thing to do it get lighttpd installed with php and mysql working smoothly. Rather than reiterating the same content here is a convenient post:

http://www.howtoforge.com/lighttpd_mysql_php_debian_etch

Interesting options and various configuration for lighttpd can be found here:

http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions

One insteresting, built in, option is throttling. Use connection.kbytes-per-second and you can effectivly limit users to particular data transmission rates. There is also a compression module, and a caching module. Much like apache these modules can be installed with apt-get. Issue:

sudo apt-cache search lighttpd

This will list various packages that can be installed. I know the apache modules are packaged as libapache2-mod-*.

With built in round robin and proxy modules this is an interesting package to investigate using.

, , , , , , , , ,

DOS and Brute Force Prevention Using Fail2ban

Mar 16th

Posted by nseidm1 in Apache

No comments

Dealing with dos and brute force attacks can be a daunting challenge. You can manually adjust your firewall to block particular ip addresses, but why not automate the process? What if a program can monitor your authentication, and other log files for suspicious activity? In these log files is a tremendous amount of info about failed login attempts, and how many times an ip address connects to your web server. Using this information a program can automatically adjust your firewall to block the offending ip addresses. Fail2ban does just this. The program automatically monitors the log files of many programs. Most important is apache, and ssh. http://www.fail2ban.org/wiki/index.php/Main_Page

« Older Entries