Apache httpd hardening
Introduction
Apache is one of the most widely-used and popular web servers. It is also one of the most secure web servers available. In this article, I will explain some tips and tricks that will secure your Apache server.
This is a generic ‘quick n dirty’ hardening profile.
Hide version:
|
1 2 |
ServerSignature Off ServerTokens Prod |
Turn Off Server-Side Includes …Read More
htaccess https simple redirect
How to redirect HTTP traffic to HTTPS using an .htaccess file
The below code when added to an .htaccess file will automatically redirect any traffic destined for http: to https:
|
1 2 3 |
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] |
This is generic code, no domain or page or subfolder needed in the htaccess code.
Redirect From Old Domain to New Domain *keeping* …Read More
Common HTTP Error codes and fixes
Here’s a list with the most common HTTP error codes and solutions for each one.
Error 500: Internal Server Error
Cause 1: Syntax error in .htaccess
Cause 2: Invalid files/directories permissions
Other causes
Errors 502: Bad Gateway & 504: Gateway Timeout
Error 503: Service Unavailable
Error 508: Resource Limit Is Reached
Error 500: Internal Server Error
Error 500
Cause 1: …Read More
Protecting Apache Server From Denial-of-Service Attacks
Protecting Apache Server From Denial-of-Service Attacks
Denial-of-Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where the attack source is …Read More
PHP Sessions in Memcached
PHP Sessions in Memcached
The moment a PHP application grows to run on more servers, normally people will see problems caused by PHP sessions. If the application is not persistent you are lucky and don’t care about this, but if not you will quickly see this regardless of how good the …Read More
Installing Lighttpd with PHP (PHP-FPM mode) and MySQL or MariaDB on Ubuntu 15.04
Installing Lighttpd with PHP (PHP-FPM mode) and MySQL or MariaDB on Ubuntu 15.04
Lighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on an Ubuntu 15.04 server with PHP support (through PHP-FPM) and MySQL. PHP-FPM (FastCGI Process Manager) is an …Read More
Centos 7 Configure Django with Apache
Django is a high-level and powerful Python Web framework. In fact, this tool will help to make rapid development and concrete design. It is free and open source application that can help you to have your python application and website rapidly.
What Is Django?
Django was created at the end of 2003 …Read More
Check / Determine Your Version of Tomcat and Java
Determine Your Version of Tomcat using console
Linux:
java -cp lib/catalina.jar org.apache.catalina.util.ServerInfo
Windows:
java.exe -cp lib\catalina.jar org.apache.catalina.util.ServerInfo
The output should be similar to this:
java -cp catalina.jar org.apache.catalina.util.ServerInfo
Server version: Apache Tomcat/7.0.42
Server built: Jul 18 2014 10:08:19
Server number: 7.0.42.0
OS Name: Linux
OS Version: 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64
Architecture: amd64
JVM Version: 1.7.0_75-mockbuild_2015_01_22_07_15-b00
JVM Vendor: Oracle Corporation
Location of catalina.jar in cPanel server is:
/usr/local/easy/share/java/easy-tomcat7
Determine Your Version …Read More
Enable Apache UserDir In CentOS 7 / RHEL 7 with SELinux
Lets show you how to install userdir for Centos 7 with Selinux Enabled. In this method all users should have their own public_html directory.
1. Go to root user
|
1 |
su - root |
2. Create /etc/httpd/conf.d/userdir.conf file
Install apache:
|
1 |
yum install httpd -y |
Enable Apache Userdirs
|
1 |
vi /etc/httpd/conf.d/userdir.conf |
add:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<IfModule mod_userdir.c> # # UserDir is disabled by default since it can confirm the presence # of a username on the system (depending on home directory # permissions). # UserDir enabled nixpal # # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: # UserDir public_html </IfModule> <Directory /home/*/public_html> Options Indexes Includes FollowSymLinks ##For apache 2.2,Please use: AllowOverride All Allow from all Order deny,allow #For apache >= 2.4,Please use : Require all granted </Directory> |
Restart apache
|
1 |
systemctl restart httpd.service |
Then create user’s public_html and assign permissions.
|
1 |
mkdir /home/nixpal/public_html |
|
1 |
chmod 711 /home/nixpal |
|
1 |
chown nixpal:nixpal /home/nixpal/public_html |
|
1 |
chmod 755 /home/nixpal/public_html |
Then here’s the other new things, especially you are using …Read More
Chmod all files to 644 and all folders to 755 of a directory
Why to chmod ? Using suPHP or FastCGI you gonna notice that they need special permissions. In dso for example 777 is the default. Having those permissions using suPHP is first
dangerous and secondly
not recommended
Especially when almost all providers forbid 777 when using suPHP. So we need to change permissions at …Read More
LAMP Server (Apache / MariaDB /PHP) on Fedora 19+ and Centos/RHEL 7
LAMP is a combination of operating system and open-source software stack. The acronym LAMP comes from the first letters of Linux, Apache HTTP Server, MySQL/MariaDB database, and PHP, Perl or Python (and sometimes PhpMyAdmin too.)
Installing Apache
Change to root (if not root already) user using the following command:
|
1 |
su - |
and install apache using …Read More
Linux: 25 PHP Security Best Practices For Sys Admins
Linux: 25 PHP Security Best Practices For Sys Admins
by NIXCRAFT on NOVEMBER 23, 2011 · 58 COMMENTS· LAST UPDATED FEBRUARY 20, 2014
in PHP, REDHAT/FEDORA LINUX, SECURITY
PHP is an open-source server-side scripting language and it is a widely used. The Apache web server provides access to files and content via the …Read More