Joe-Ma Help with Unix, Apple, Web, Mikrotik and Cisco

Securing Apache 1.3 Overview There are many things to keep in mind when trying to secure anything, one of the most important is to make user that the system is usable and secure there is usually a bit of a trade off between security and usability. You could secure Apache by not allowing users to use any sort of scripts or only plain HTML pages but that’s not usually practical. In this article I am going to go over the basic things to keep in mind on how to secure Apache but I will not go into running it in a jailed root mode. There is however a great article on this over at SecurityFocus . Installation Firstly you will need to install Apache if you are using FreeBSD then simply go to your ports directory and run a make install clean /usr/ports/www/apache13 Or any of the other apache 1.3 ports that you might want to install Like apache13-modssl or apache13-ssl/ In the case of the SSL apache versions you would install as follows # make # make certificate ( this is so you can create a s...

Installing and configuring Mod Security ModSecurity is an open source application that acts as a web application firewall or an Intrusion Detection and Prevention system. It can but run as an Apache Module or as standalone. ModSecurity is able to increase web based application security from attacks. Installing ModSecurity This is simple just run a make install clean in FreeBSD's mod_sec port directory, if you are not running FreeBSD and need the source you can get it from the ModSecurity Site. Preparing the ModSecurity config file for use with Apache I have split my httpd.conf file up so I have a separate conf directory in /usr/local/etc/apache you can put your modsecurity.conf directly in that directory but for this example I am going to use /usr/local/etc/apache/conf # mkdir modsec-rules # vi modsecurity,conf AddHandler application/x-httpd-php .php SecAuditEngine RelevantOnly SecAuditLog /var/log/modsec/audit_log SecFilterScanPOST On SecFilterEngine On SecFilterDefaultAction ...

Often when debugging a problem or looking through your logs you will see the apache status codes For Example xxx.xxx.xxx.xxx - - [28/Jul/2006:13:49:28 +0200] "GET /news.php HTTP/1.1" 200 807 "http://www.joe-ma.co.za/news.php" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060703 FreeBSD/amd64 Minefield/3.0a1" Successful Client Requests 200 OK 201 Created 202 Accepted 203 Non-Authorative Information 204 No Content 205 Reset Content 206 Partial Content Client Request Redirected 300 Multiple Choices 301 Moved Permanently 302 Moved Temporarily 303 See Other 304 Not Modified 305 Use Proxy Client Request Errors 400 Bad Request 401 Authorization Required 402 Payment Required (not used yet) 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable (encoding) 407 Proxy Authentication Required 408 Request Timed Out 409 Conflicting Request 410 Gone 411 Content Length Required 412 Precondition Failed 413 Request Entity Too Long 414 Request URI...