Security Protection for Apache services on UNIX platforms

Source: Internet
Author: User
Tags wrappers password protection
Security Protection of Apache services on UNIX platforms-Linux Enterprise applications-Linux Server Applications. The Apache server is a secure program among many WEB servers, but it also has many defects, such as the possibility of using HTTP protocol to reject access attacks. Therefore, proper configuration is the primary task to ensure that the Apache service is not under attack.
  
   1. Apache service Defect Analysis
  
Buffer overflow. Attackers can exploit some defects in programming to make the program deviate from the normal process, and then send a super-long request to cause the buffer overflow. Once the system buffer overflows, attackers can use various malicious commands on the attack side.
  
The root permission is easily obtained. This vulnerability is mainly caused by the fact that Apache servers run with the root permission. Attackers can obtain the root permission to control the entire Apache system.
  
DoS attacks. It mainly exists in Apache's chunk encoding, which is an HTTP-Defined Function for receiving data submitted by web users. This will cause a sharp increase in Apache's demand for system resources, and eventually lead to system slowdown or even paralysis.
  
   Ii. Master Apache service configuration reference
  
In addition to the main configuration file httpd. conf, the Apache Service also has two important configuration files:
  
Enter the resource file in srm. conf.
Access. conf
  
All three files are located in the/usr/local/apache/conf directory. Most service configurations are completed in these three files.
  
1. Configure Directory Security Authentication for the Apache server.
  
In Apache Server,. htaccess is allowed for Directory Security protection. to read the protected directory, you must first enter the correct user account and password. This can be used as a directory for specialized management of web page storage or as a Member area. You can also add the following content to the configuration file "httpd. conf:
  
Options indexes followsymlinks
Allowoverride authconfig
Order allow, deny
Allow from all
  
2. Set access control properly.
  
It mainly sets the configuration file "access. conf ". It contains some command controls, such as allowing users to access the Apache directory. You can use the following settings to allow access from a domain, an IP address, or an IP segment.
  
  
  
Order deny, allow
Deny from all
Allow from safechina.net
  
  
  
Explanation: In this configuration instruction, set "deny from all" as the initialization instruction, and then use the "allow from" command to open the access permission.
  
3. Set password protection properly.
  
Password protection is a concern for any program or system. In the Apache service environment, you can use the "AccessFileName" command in the "httpd. conf" or "srm. conf" configuration file to open access control of the directory. Example:
  
AuthName PrivateFiles
AuthType Basic
AuthUserFile/path/to/httpd/users
Require Phoenix
# Htpasswd-c/path/to/httpd/users Phoenix # Add a user
  
   Summary:
  
Apache is a very good server. As long as the Apache server can be correctly configured and maintained, it will surely feel the attractiveness of the Apache service. In general, you should pay attention to the following issues during Apache installation and maintenance:
  
Check whether the permissions of files and directories are appropriate.
  
Whether the configuration files httpd. conf, srm. conf, and access. conf are set properly.
  
Use password protection (. htaccess) for directories that require special protection ).
  
Make the server log file as detailed as possible.
  
Encapsulate the CGI script. If the CGI script is written in Perl, check its security in detail.
  
Use TCP Wrappers and Tripwire security tools. "TCP Wrappers" can restrict access permissions for Telnet and FTP, while "Tripwire" is a data integrity monitoring tool that can be used to monitor system changes in real time.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.