Posts tagged module

Mod Security for Apache – Web Server Smart Firewall

Feb 22nd

Posted by nseidm1 in Apache

No comments

Mod security has features that go above and beyond a standard firewall. It will help to prevent denial of service attacks, and also can be used to block traffic based on realtime blackhole lists issued by Spamhaus and others. Mod security is apparently in the Debian repositories as well as Ubuntu. In the Ubuntu repos you will have to enable the third party applications and update the aptitude databases. Then install:

sudo apt-get install libapache2-mod-security

Then enable the module:

sudo a2enmod security

By default there is a configuration file installed. The default configuration will provide you a basic starting point for the various security options available by the module. Please refer to the document for more information about what can be done. This blog shows how to use mod security to hit realtime blackhole lists to block nasty offenders of various natures.

http://www.inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists.html

, , , , , , , , ,

Lighttpd – A lighter Web Server

Dec 26th

Posted by nseidm1 in Apache

No comments

The first thing to do it get lighttpd installed with php and mysql working smoothly. Rather than reiterating the same content here is a convenient post:

http://www.howtoforge.com/lighttpd_mysql_php_debian_etch

Interesting options and various configuration for lighttpd can be found here:

http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions

One insteresting, built in, option is throttling. Use connection.kbytes-per-second and you can effectivly limit users to particular data transmission rates. There is also a compression module, and a caching module. Much like apache these modules can be installed with apt-get. Issue:

sudo apt-cache search lighttpd

This will list various packages that can be installed. I know the apache modules are packaged as libapache2-mod-*.

With built in round robin and proxy modules this is an interesting package to investigate using.

, , , , , , , , ,

Apache Mod – Cband

Aug 23rd

Posted by nseidm1 in Apache

No comments

The Cband Apache module can be downloded from the official website here:

http://cband.linux.pl/

This module provides full bandwith limiting of all Apache VirtualHosts. First reference the newly added module with:

LoadModule cband_module /etc/apache2/mod_cband.so

You can put the module anywhere you want, just adjust the directory location accordingly. Now you can add a VirtualHost as usually, and add the addition cband configuration parameters to establish desired functionality.

<VirtualHost *>

ServerName www.bgevolution.com

ServerAdmin admin@bgevolution.com

DocumentRoot /home/user/bgevolution/

CBandSpeed 5000kb/s 24 16

CBandRemoteSpeed 2500 12 8

</VirtualHost>

The CbandSpeed parameter established a maximum bandwidth limit on the entire VirtualHost. The 24 refers to the maximum requests per second, and the 16 refers to the maximum sustained connections at any one time. The CbandRemoteSpeed parameter establish bandwidth throttling for any one specific website visitor. With this parameter you can limit each visitor specifically. Play around with the numbers, try and download something, and you will see in real time the effect your configuration has on the actual download speed.

, , , , , , , ,