Apache security
SSL/TLS
HTTP server and client can use security channel. SSL/TLS is the answer.
HTTP over SSL uses 443 port to establish connection.
Apache uses mod_ssl to using HTTPS.
With ISRG Internet Security Research Group, we can use free SSL certification.
(But it has to renew every 90 days)
The Link above is the guide to install SSL certification via certbot utility.
After installation, you can check the httpd configuration file.
1 2 3 4 5 6 7 8 9 | RewriteEngine on RewriteCond %{SERVER_NAME} =www1.hy.cdn-cpart.site RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent] <IfModule mod_ssl.c> NameVirtualHost *:443 </IfModule> Include /etc/httpd/conf/httpd-le-ssl.conf | cs |
Rewrite*
Redirect the http connection request to https connection
Include ...
httpd-le-ssl.conf is the virtual host configuration file that using https connection
In the ssl configuration file
1 2 3 | SSLCertificateFile /etc/letsencrypt/live/www1.hy.cdn-cpart.site/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/www1.hy.cdn-cpart.site/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/www1.hy.cdn-cpart.site/chain.pem | cs |
You can check the SSL certification, private key, and CA's certification.
Security Configuration
- AllowOverride FileInfo: To control file upload
- Header set X-XXS-Protection "1; mode=block": To prevent XSS (Cross Site Scripting) attack
- Block remote root login
- Use normal user on User/Group account in apache
- Directory Indexes removal
- FollowSymLinks removal
- LimitReqeustBody: To limit the file upload size
- Stop the unused / weak services
CORS
Set Header set Access-Control-* on the apache
'System Engineering > Linux' 카테고리의 다른 글
| Find files and directory which is using disks very highly (0) | 2018.08.17 |
|---|---|
| Check and recover disk badblocks (0) | 2018.08.16 |
| Apache: httpd set-up (0) | 2018.08.03 |
| DNS on Linux: BIND (0) | 2018.07.27 |
| DNS Query Tools: nslookup and dig (0) | 2018.07.27 |