Security Configuration and maintenance of Apache WEB Server (on)

Source: Internet
Author: User
Tags apache error log apache log

In the current Internet era, homepage has become an important means to establish a company image and display itself. It is especially important to configure a powerful and secure Web Server. Among many Web Server products, Apache is the most widely used product and a very secure program. However, Apache also has security defects like other applications. This article describes in detail how to correctly configure and maintain the security of Apache WEB Server.

  I. Introduction to Apache server

Apache server is one of the most widely used Web server software on the Internet. The Apache server is originated from the Web server project of the National super technology Computing Application Center (NCSA. At present, it has assumed a leading position in the Internet. The Apache server must be carefully configured before it can adapt to high-load, high-throughput Internet work. Quick and reliable. with Simple API extensions, the Perl/Python interpreter can be compiled into the server, and is completely free of charge and fully open to source code. If you need to create a Web server that is accessible to millions of people every day, Apache may be the best choice.

  Ii. Main security defects of Apache server

As we mentioned in the preface, although the Apache server is the most widely used, it is designed to be a very secure program. However, Apache also has security defects like other applications. After all, it is the full source code. The security defect of Apache server is mainly the denial of service (denial of service) attacks using HTTP), buffer overflow attacks, root permissions granted by attackers, and the latest malicious attackers initiate DoS attacks. Reasonable network configuration can protect Apache servers from multiple attacks. Let's introduce the main security defects:

(1) DoS attacks using HTTP ?? (Denial of service) security defects

In this way, attackers can use some methods to make the server refuse to respond to HTTP requests. This will increase Apache's demand for system resources (CPU time and memory), resulting in a slowdown or even complete paralysis of the Apache system.

(2) security defects of Buffer Overflow

In this method, attackers use some defects in programming to make the program deviate from the normal process. The program uses the static allocated memory to store request data. attackers can send an ultra-long request to overflow the buffer. For example, some Perl gateway scripts for processing user requests. Once the buffer zone overflows, attackers can execute malicious commands or shut down the system.

(3) security defects caused by attackers to gain root privileges

This security defect is mainly caused by the fact that Apache servers generally run with the root permission (parent process), through which attackers can obtain the root permission to control the entire Apache system.

(4) security defects caused by DoS attacks by malicious attackers

This latest vulnerability found in June 17 mainly exists in Apache's chunk encoding, which is an HTTP protocol-Defined Function for receiving data submitted by web users. Hackers can launch effective attacks on Apache servers running on FreeBSD 4.5, OpenBSD 3.0/3.1, and NetBSD 1.5.2.

All said that the use of the highest and latest Security versions is essential to enhance the security of Apache Web servers. Ask the majority of Apache server administrators to go to http://www.apache.org/dist/httpd/download the patch program to ensure the security of their webserver!

  3. correctly maintain and configure the Apache server

Although Apache server developers pay great attention to security, due to the huge project of Apache server, there will inevitably be security risks. It is important to correctly maintain and configure the Apache WEB server. Notes:

(1) Apache server configuration file

The Apache Web server has three configuration files, which are located in the/usr/local/apache/conf directory. The three files are:

Httpd. con -----> main configuration file
Srm. conf ------> Add Resource file
Access. conf ---> set Object access Permissions

Note: Specific configuration can refer to: http://httpd.apache.org/docs/mod/core.html

(2) log files of the Apache server

We can use the log format command to control the information of log files. Use the LogFormat "% a % l" command to record the IP address and Host Name of the browser sending an HTTP request to the log file. For the sake of security, we should know at least the WEB users who failed the verification in the log, and add the LogFormat "% 401u" command in the http. conf file to achieve this purpose. This command has many other parameters. You can refer to the Apache documentation. In addition, the Apache error log file is also very important to the system administrator. The error log file contains the server startup, stop, CGI execution failure, and other information. For more information, see Apache Log Series 1-5.

(3) Directory Security Authentication for Apache servers

In Apache Server,. htaccess is allowed for Directory Security protection. to read the protected directory, you must first enter the correct user account and password. This can be used as a directory for specialized management of web page storage or as a Member area.

Put an archive in the protected directory named. htaccss

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.