Posts tagged security

Mod Security for Apache – Web Server Smart Firewall

Feb 22nd

Posted by nseidm1 in Apache

No comments

Mod security has features that go above and beyond a standard firewall. It will help to prevent denial of service attacks, and also can be used to block traffic based on realtime blackhole lists issued by Spamhaus and others. Mod security is apparently in the Debian repositories as well as Ubuntu. In the Ubuntu repos you will have to enable the third party applications and update the aptitude databases. Then install:

sudo apt-get install libapache2-mod-security

Then enable the module:

sudo a2enmod security

By default there is a configuration file installed. The default configuration will provide you a basic starting point for the various security options available by the module. Please refer to the document for more information about what can be done. This blog shows how to use mod security to hit realtime blackhole lists to block nasty offenders of various natures.

http://www.inliniac.net/blog/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists.html

, , , , , , , , ,

Apache Security – Necessary Settings

Feb 20th

Posted by nseidm1 in Apache

No comments

PHP is powerful, and allows static html pages to become dynamic. It also allows information to translate into commands and functions. Because of this you should implement a variety of security features. The biggest security feature, which increases security of the host machine, is setting the basedir parameter. This locks PHP functions to a particular directory, not allowing them to run processes or effect files further down the tree. Use nano and the cntrl-w function to search for “open_basedir” in /etc/php5/apache/php.ini. It will most likely be commented with a # sign. Remove the # sign and add the document root of your website. If you virtualhost, you can add the root of all documents served.

Also turn off several other parementers.

allow_url_fopen

allow_url_include

display_errors

register_globals

safe_mode

Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.

, , , , , , , , ,