Securing Apache sites under Linux

With the mature application of lamp environment, the security of the Apache site has also been proposed, and sometimes because of the various causes of accidents, will lead to some information inside the site leakage, as unnecessary trouble. So Apache security is raised, and security is elevated, Apache security can start with the following:

Experimental environment:

Red Hat Enterprise Linux 5.4 32-bit

httpd-2.4.4.tar.bz2

Mysql-5.6.10.tar-gz

Php-5.4.14.tar.gz

First part: Authentication

[Root@bogon ~]# vim/etc/httpd/conf/httpd.conf

For authentication

Under the home directory of the site

Description file. htaccess

Htpasswd-c. htaccess User Name

#第一次使用时, use the instructions above, otherwise you don't need to add parameter-C

Part II: Source Control

IP address-based access

Can deny access to certain IP addresses

The following is a demonstration of a 192.168.30.200 host access 192.168.30.100 the denial of IP address

[Root@bogon ~]# vim/etc/httpd/conf/httpd.conf

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/web/

#拒绝来源IP为192.168.30.200 's Machine

Part III: HTTPS

HTTPS is developed by Netscape and built into its browser to compress and decompress data, and to return results that are sent back over the network. HTTPS actually applies Netscape's Secure Sockets Layer (SSL) as a child layer of the HTTP application layer. (HTTPS uses port 443 instead of using port 80来 and TCP/IP for communication like HTTP.) SSL uses the 40-bit keyword as the RC4 stream encryption algorithm, which is appropriate for business information encryption. HTTPS and SSL support use X.509 digital authentication, and users can confirm who the sender is if needed.

In other words, its main function can be divided into two kinds: one is to establish an information security channel to ensure the security of data transmission, the other is to confirm the authenticity of the site.

The difference between HTTPS and HTTP

First, the HTTPS protocol to the CA to apply for a certificate, the general free certificate is very small, need to pay fees.

HTTP is a Hypertext Transfer Protocol, information is transmitted in clear text, and HTTPS is a secure SSL encrypted transport protocol.

Three, HTTP and HTTPS use a completely different connection method, the port is not the same, the former is 80, the latter is 443.

Four, the HTTP connection is very simple, is stateless; The HTTPS protocol is a network protocol, which is constructed by Ssl+http protocol, which can encrypt transmission and authentication, and is more secure than HTTP protocol.

STEP1: Establish a certification authority root CA

Establish 3 directories and two files required by the root CA organization

Cd/etc/pki/ca

mkdir certs CRL Newcerts

Touch Serial Index.txt

echo "A" > Serial//give serial file an initialization serial number of 01

Generate the root CA's private key file and modify the permissions to generate the certificate file from the private key file

STEP2: Generate the Apache service's private key file, have the private key file to generate the certificate request file

mkdir-pv/etc/httpd/certs/

cd/etc/httpd/certs/

STEP3: Submit a certificate request file to the root CA to generate a certificate file

STEP4: Changes to Apache configuration, combining SSL

To modify a master configuration file that combines SSL to add related path information for a certificate

Vim/etc/httpd/extra/httpd-ssl.conf

Vim/etc/httpd/httpd.conf

HTTPS access site, certificate installation process

HTTPS access site after certificate has been installed

End!!!

This article is from the "No Mark" blog, please be sure to keep this source http://hucwuhen.blog.51cto.com/6253667/1283074