With the mature application of lamp environment, the security of the Apache site has also been proposed, and sometimes because of the various causes of accidents, will lead to some information inside the site leakage, as unnecessary trouble. So Apache security is raised, and security is elevated, Apache security can start with the following:
Experimental environment:
Red Hat Enterprise Linux 5.4 32-bit
httpd-2.4.4.tar.bz2
Mysql-5.6.10.tar-gz
Php-5.4.14.tar.gz
First part: Authentication
[Root@bogon ~]# vim/etc/httpd/conf/httpd.conf
For authentication
Under the home directory of the site
Description file. htaccess
Htpasswd-c. htaccess User Name
#第一次使用时, use the instructions above, otherwise you don't need to add parameter-C
Part II: Source Control
IP address-based access
Can deny access to certain IP addresses
The following is a demonstration of a 192.168.30.200 host access 192.168.30.100 the denial of IP address
[Root@bogon ~]# vim/etc/httpd/conf/httpd.conf
More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/web/
#拒绝来源IP为192.168.30.200 's Machine
Part III: HTTPS
HTTPS is developed by Netscape and built into its browser to compress and decompress data, and to return results that are sent back over the network. HTTPS actually applies Netscape's Secure Sockets Layer (SSL) as a child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP for communication like HTTP.) SSL uses the 40-bit keyword as the RC4 stream encryption algorithm, which is appropriate for business information encryption. HTTPS and SSL support use X.509 digital authentication, and users can confirm who the sender is if needed.
In other words, its main function can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission, the other is to confirm the authenticity of the site.
The difference between HTTPS and HTTP
First, the HTTPS protocol to the CA to apply for a certificate, the general free certificate is very small, need to pay fees.
HTTP is a Hypertext Transfer Protocol, information is transmitted in clear text, and HTTPS is a secure SSL encrypted transport protocol.
Three, HTTP and HTTPS use a completely different connection method, the port is not the same, the former is 80, the latter is 443.
Four, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol, which is constructed by Ssl+http protocol, which can encrypt transmission and authentication, and is more secure than HTTP protocol.
STEP1: Establish a certification authority root CA
Establish 3 directories and two files required by the root CA organization
Cd/etc/pki/ca
mkdir certs CRL Newcerts
Touch Serial Index.txt
echo "A" > Serial//give serial file an initialization serial number of 01
Generate the root CA's private key file and modify the permissions to generate the certificate file from the private key file
STEP2: Generate the Apache service's private key file, have the private key file to generate the certificate request file
mkdir-pv/etc/httpd/certs/
cd/etc/httpd/certs/
STEP3: Submit a certificate request file to the root CA to generate a certificate file
STEP4: Changes to Apache configuration, combining SSL
To modify a master configuration file that combines SSL to add related path information for a certificate
Vim/etc/httpd/extra/httpd-ssl.conf
Vim/etc/httpd/httpd.conf
HTTPS access site, certificate installation process
HTTPS access site after certificate has been installed
End!!!
This article is from the "No Mark" blog, please be sure to keep this source http://hucwuhen.blog.51cto.com/6253667/1283074