Security Protection for Apache services on UNIX platforms

Security Protection of Apache services on UNIX platforms-Linux Enterprise applications-Linux Server Applications. The Apache server is a secure program among many WEB servers, but it also has many defects, such as the possibility of using HTTP protocol to reject access attacks. Therefore, proper configuration is the primary task to ensure that the Apache service is not under attack.
　　
　　 1. Apache service Defect Analysis
　　
Buffer overflow. Attackers can exploit some defects in programming to make the program deviate from the normal process, and then send a super-long request to cause the buffer overflow. Once the system buffer overflows, attackers can use various malicious commands on the attack side.
　　
The root permission is easily obtained. This vulnerability is mainly caused by the fact that Apache servers run with the root permission. Attackers can obtain the root permission to control the entire Apache system.
　　
DoS attacks. It mainly exists in Apache's chunk encoding, which is an HTTP-Defined Function for receiving data submitted by web users. This will cause a sharp increase in Apache's demand for system resources, and eventually lead to system slowdown or even paralysis.
　　
　　 Ii. Master Apache service configuration reference
　　
In addition to the main configuration file httpd. conf, the Apache Service also has two important configuration files:
　　
Enter the resource file in srm. conf.
Access. conf
　　
All three files are located in the/usr/local/apache/conf directory. Most service configurations are completed in these three files.
　　
1. Configure Directory Security Authentication for the Apache server.
　　
In Apache Server,. htaccess is allowed for Directory Security protection. to read the protected directory, you must first enter the correct user account and password. This can be used as a directory for specialized management of web page storage or as a Member area. You can also add the following content to the configuration file "httpd. conf:
　　
Options indexes followsymlinks
Allowoverride authconfig
Order allow, deny
Allow from all
　　
2. Set access control properly.
　　
It mainly sets the configuration file "access. conf ". It contains some command controls, such as allowing users to access the Apache directory. You can use the following settings to allow access from a domain, an IP address, or an IP segment.
　　
　　
　　
Order deny, allow
Deny from all
Allow from safechina.net
　　
　　
　　
Explanation: In this configuration instruction, set "deny from all" as the initialization instruction, and then use the "allow from" command to open the access permission.
　　
3. Set password protection properly.
　　
Password protection is a concern for any program or system. In the Apache service environment, you can use the "AccessFileName" command in the "httpd. conf" or "srm. conf" configuration file to open access control of the directory. Example:
　　
AuthName PrivateFiles
AuthType Basic
AuthUserFile/path/to/httpd/users
Require Phoenix
# Htpasswd-c/path/to/httpd/users Phoenix # Add a user
　　
　　 Summary:
　　
Apache is a very good server. As long as the Apache server can be correctly configured and maintained, it will surely feel the attractiveness of the Apache service. In general, you should pay attention to the following issues during Apache installation and maintenance:
　　
Check whether the permissions of files and directories are appropriate.
　　
Whether the configuration files httpd. conf, srm. conf, and access. conf are set properly.
　　
Use password protection (. htaccess) for directories that require special protection ).
　　
Make the server log file as detailed as possible.
　　
Encapsulate the CGI script. If the CGI script is written in Perl, check its security in detail.
　　
Use TCP Wrappers and Tripwire security tools. "TCP Wrappers" can restrict access permissions for Telnet and FTP, while "Tripwire" is a data integrity monitoring tool that can be used to monitor system changes in real time.