SlideShare a Scribd company logo

Hardening Apache Web Server by Aswin

Agate Studio
Agate Studio
EducationTechnology
1 of 11
Download to read offline
@agatestudio Hardening Apache Web Server Security Aswin Knight Agate Studio
HARDENING APACHE WEB SERVER SECURITY Aswin Juari
INTRODUCTION  Security Aspect  Application Level  XSS  SQL Injection  Etc  HTTPD Service & Machine  Exposing Apache Configuration  DOS/DDOS  Etc  Etc
We will learn Security at the Server Machine
SERVER SECURITY  SSH Authentication  Edit SSH Configuration:  Don’t Permit RootLogin  Recommended:  Use Private Key Authorization  Not Use Default Port  Limit Database Access  Authentication  IP WhiteList
APACHE CONFIGURATION HARDENING  Update Apache/SSL Version if any  Hide Apache Version ServerSignature Off ServerTokens Prod  Disable Directory Listing <Directory /var/www/html> Options -Indexes </Directory>  Disable Unnecessary Module  Turn Off CGI Executions
APACHE CONFIGURATION HARDENING  Restrict Directory Access <Directory /var/www/html/Admin> Order allow, deny Allow from xx.xx.xx.xx/24 Deny from all </Directory>  Use Non Root for Run Httpd User apache Group apache  Limit Request Size <Directory /var/www/html/user_uploads> LimitRequestBody 512000 </Directory>
APACHE CONFIGURATION HARDENING  Mod_security  Can scan all messages received by your website  Can help prevent SQL Injection  Return 406 error if user entries URL http://www.webapp.com/login.php?username=admin'">D ROP%20TABLE%20users--  However:  There is additional load on server  The configuration must be done manually
APACHE CONFIGURATION HARDENING  Mod_evasive  If so many requests come to a same page in a few times per second.  If any child process trying to make more than 50 concurrent requests.  If any IP still trying to make new requests when its temporarily blacklisted.  Prevent DOS Attack  Enable Apache Logging  Error Log/Access Log
ANOTHER TOOLS  Fail2Ban  Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.  Feature:  Running as a daemon  Can use various methods to block attack  Iptables  Tcp wrappers (/etc/hosts.deny)  Can handle more than one service: ssh, apache  Can send email notifications  Can ban IP permanent/limited time
FURTHER READING  http://silverdire.com/2013/08/12/haproxy- fail2ban/  http://systembash.com/content/how-to-stop-an- apache-ddos-attack-with-mod_evasive/  http://www.fail2ban.org/wiki/index.php/Main_Pa ge  http://www.tecmint.com/apache-security-tips/

Recommended

Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
 
Understanding a web server and types of web servers ppt
Understanding a web server and types of web servers pptUnderstanding a web server and types of web servers ppt
Understanding a web server and types of web servers pptNivi Sharma
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server SecurityResellerClub
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
IIS 7.0 Architecture And Integration With Asp.Net
IIS 7.0 Architecture And Integration With Asp.NetIIS 7.0 Architecture And Integration With Asp.Net
IIS 7.0 Architecture And Integration With Asp.NetManny Siddiqui MCS, MBA, PMP
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web serverwebhostingguy
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Iis it-slideshares.blogspot.com
Iis it-slideshares.blogspot.comIis it-slideshares.blogspot.com
Iis it-slideshares.blogspot.comphanleson
 

Recommended

Web Server Hardening
Web Server HardeningWeb Server Hardening
Web Server Hardeningn|u - The Open Security Community
 
Understanding a web server and types of web servers ppt
Understanding a web server and types of web servers pptUnderstanding a web server and types of web servers ppt
Understanding a web server and types of web servers pptNivi Sharma
 
Simple tips to improve Server Security
Simple tips to improve Server SecuritySimple tips to improve Server Security
Simple tips to improve Server SecurityResellerClub
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
IIS 7.0 Architecture And Integration With Asp.Net
IIS 7.0 Architecture And Integration With Asp.NetIIS 7.0 Architecture And Integration With Asp.Net
IIS 7.0 Architecture And Integration With Asp.NetManny Siddiqui MCS, MBA, PMP
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web serverwebhostingguy
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Iis it-slideshares.blogspot.com
Iis it-slideshares.blogspot.comIis it-slideshares.blogspot.com
Iis it-slideshares.blogspot.comphanleson
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
06.m3 cms set-upwebserver
06.m3 cms set-upwebserver06.m3 cms set-upwebserver
06.m3 cms set-upwebservertarensi
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)Assay Khan
 
Audit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installationAudit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installationPinto Das
 
Introduction To Iis 7
Introduction To Iis 7Introduction To Iis 7
Introduction To Iis 7amit_monty
 
IIS 7.0 +
IIS 7.0 +IIS 7.0 +
IIS 7.0 +Muhammad Amir
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemuzzal basak
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
 
Introduksjon til web sikkerhet
Introduksjon til web sikkerhetIntroduksjon til web sikkerhet
Introduksjon til web sikkerhetHelge Sverre Hessevik Liseth
 
Add a web server
Add a web serverAdd a web server
Add a web serverAgCharu
 
Apache
ApacheApache
ApacheFathima Ashraf
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
Welcome to MySQL
Welcome to MySQLWelcome to MySQL
Welcome to MySQLGrigale LTD
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureAravindan A
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 
Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server TutorialJagat Kothari
 
Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimizationGokul Muralidharan
 

More Related Content

What's hot

2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
06.m3 cms set-upwebserver
06.m3 cms set-upwebserver06.m3 cms set-upwebserver
06.m3 cms set-upwebservertarensi
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)Assay Khan
 
Audit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installationAudit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installationPinto Das
 
Introduction To Iis 7
Introduction To Iis 7Introduction To Iis 7
Introduction To Iis 7amit_monty
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemuzzal basak
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
 
Add a web server
Add a web serverAdd a web server
Add a web serverAgCharu
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Sumit Gupta
 
Welcome to MySQL
Welcome to MySQLWelcome to MySQL
Welcome to MySQLGrigale LTD
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureAravindan A
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Harin Vadodaria
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 

What's hot (20)

2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database server
 
06.m3 cms set-upwebserver
06.m3 cms set-upwebserver06.m3 cms set-upwebserver
06.m3 cms set-upwebserver
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack Surface
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)introduction and configuration of IIS (in addition with printer)
introduction and configuration of IIS (in addition with printer)
 
Audit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installationAudit Vault Database Firewall 12.2.0.1.0 installation
Audit Vault Database Firewall 12.2.0.1.0 installation
 
Introduction To Iis 7
Introduction To Iis 7Introduction To Iis 7
Introduction To Iis 7
 
IIS 7.0 +
IIS 7.0 +IIS 7.0 +
IIS 7.0 +
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris system
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
 
Introduksjon til web sikkerhet
Introduksjon til web sikkerhetIntroduksjon til web sikkerhet
Introduksjon til web sikkerhet
 
Add a web server
Add a web serverAdd a web server
Add a web server
 
Apache
ApacheApache
Apache
 
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...
 
Welcome to MySQL
Welcome to MySQLWelcome to MySQL
Welcome to MySQL
 
Barracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft AzureBarracuda WAF Deployment in Microsoft Azure
Barracuda WAF Deployment in Microsoft Azure
 
Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016Mysql user-camp-march-11th-2016
Mysql user-camp-march-11th-2016
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSEC
 

Similar to Hardening Apache Web Server by Aswin

Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server TutorialJagat Kothari
 
Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimizationGokul Muralidharan
 
Linux System Administration - Web Server and squid setup
Linux System Administration - Web Server and squid setupLinux System Administration - Web Server and squid setup
Linux System Administration - Web Server and squid setupSreenatha Reddy K R
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]Krisman Tarigan
 
Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Serverwebhostingguy
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administrationwebhostingguy
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administrationwebhostingguy
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administrationwebhostingguy
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Serverwebhostingguy
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...wensheng wei
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptwebhostingguy
 

Similar to Hardening Apache Web Server by Aswin (20)

Apache Server Tutorial
Apache Server TutorialApache Server Tutorial
Apache Server Tutorial
 
Apache server configuration & optimization
Apache server configuration & optimizationApache server configuration & optimization
Apache server configuration & optimization
 
Apache HTTP Server
Apache HTTP ServerApache HTTP Server
Apache HTTP Server
 
Http
HttpHttp
Http
 
Linux System Administration - Web Server and squid setup
Linux System Administration - Web Server and squid setupLinux System Administration - Web Server and squid setup
Linux System Administration - Web Server and squid setup
 
Apache
ApacheApache
Apache
 
17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]17937858 squid-server - [the-xp.blogspot.com]
17937858 squid-server - [the-xp.blogspot.com]
 
Running the Apache Web Server
Running the Apache Web ServerRunning the Apache Web Server
Running the Apache Web Server
 
Apache Web Server Setup 4
Apache Web Server Setup 4Apache Web Server Setup 4
Apache Web Server Setup 4
 
Apache Ppt
Apache PptApache Ppt
Apache Ppt
 
Squid
SquidSquid
Squid
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administration
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administration
 
Web Server Administration
Web Server AdministrationWeb Server Administration
Web Server Administration
 
Lesson 9. The Apache Web Server
Lesson 9. The Apache Web ServerLesson 9. The Apache Web Server
Lesson 9. The Apache Web Server
 
12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...12 Rocking Apache .htaccess Tutorial ...
12 Rocking Apache .htaccess Tutorial ...
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 
Utosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.pptUtosc2007_Apache_Configuration.ppt
Utosc2007_Apache_Configuration.ppt
 

More from Agate Studio

Digital Coloring by Raksa
Digital Coloring by RaksaDigital Coloring by Raksa
Digital Coloring by RaksaAgate Studio
 
Computational Advertising by Icha
Computational Advertising by IchaComputational Advertising by Icha
Computational Advertising by IchaAgate Studio
 
Freemium conceptanalytics leemarvin
Freemium conceptanalytics leemarvinFreemium conceptanalytics leemarvin
Freemium conceptanalytics leemarvinAgate Studio
 
Game Programming Pattern by Restya
Game Programming Pattern by RestyaGame Programming Pattern by Restya
Game Programming Pattern by RestyaAgate Studio
 
Community Management by Yudhit
Community Management by YudhitCommunity Management by Yudhit
Community Management by YudhitAgate Studio
 
[Habli] tds agustus
[Habli] tds agustus[Habli] tds agustus
[Habli] tds agustusAgate Studio
 
Wp quality bar tedy
Wp quality bar tedyWp quality bar tedy
Wp quality bar tedyAgate Studio
 
Lee marvin pitching-hacks
Lee marvin pitching-hacksLee marvin pitching-hacks
Lee marvin pitching-hacksAgate Studio
 
Emotiv EPOC by Neneng
Emotiv EPOC by NenengEmotiv EPOC by Neneng
Emotiv EPOC by NenengAgate Studio
 
Aksi – Koneksi – Deviasi by Valent
Aksi – Koneksi – Deviasi by ValentAksi – Koneksi – Deviasi by Valent
Aksi – Koneksi – Deviasi by ValentAgate Studio
 
MMO Design Architecture by Andrew
MMO Design Architecture by AndrewMMO Design Architecture by Andrew
MMO Design Architecture by AndrewAgate Studio
 
How to Persuade People by Dave
How to Persuade People by DaveHow to Persuade People by Dave
How to Persuade People by DaveAgate Studio
 
Eddie supersmash goodminton
Eddie supersmash goodmintonEddie supersmash goodminton
Eddie supersmash goodmintonAgate Studio
 
Satriyo digital audio gears
Satriyo digital audio gearsSatriyo digital audio gears
Satriyo digital audio gearsAgate Studio
 
Yinan heroes of-the_strom
Yinan heroes of-the_stromYinan heroes of-the_strom
Yinan heroes of-the_stromAgate Studio
 
Advanced encryption standard (aes) epul
Advanced encryption standard (aes) epulAdvanced encryption standard (aes) epul
Advanced encryption standard (aes) epulAgate Studio
 
Real Time Framework by Tonny
Real Time Framework by TonnyReal Time Framework by Tonny
Real Time Framework by TonnyAgate Studio
 
Unity Camera & Simple Image Editing by Puthut
Unity Camera & Simple Image Editing by PuthutUnity Camera & Simple Image Editing by Puthut
Unity Camera & Simple Image Editing by PuthutAgate Studio
 
Hibernate by Jason
Hibernate by JasonHibernate by Jason
Hibernate by JasonAgate Studio
 

More from Agate Studio (20)

Digital Coloring by Raksa
Digital Coloring by RaksaDigital Coloring by Raksa
Digital Coloring by Raksa
 
Computational Advertising by Icha
Computational Advertising by IchaComputational Advertising by Icha
Computational Advertising by Icha
 
Freemium conceptanalytics leemarvin
Freemium conceptanalytics leemarvinFreemium conceptanalytics leemarvin
Freemium conceptanalytics leemarvin
 
Game Programming Pattern by Restya
Game Programming Pattern by RestyaGame Programming Pattern by Restya
Game Programming Pattern by Restya
 
Community Management by Yudhit
Community Management by YudhitCommunity Management by Yudhit
Community Management by Yudhit
 
[Habli] tds agustus
[Habli] tds agustus[Habli] tds agustus
[Habli] tds agustus
 
Wp quality bar tedy
Wp quality bar tedyWp quality bar tedy
Wp quality bar tedy
 
Toku DB by Aswin
Toku DB by AswinToku DB by Aswin
Toku DB by Aswin
 
Lee marvin pitching-hacks
Lee marvin pitching-hacksLee marvin pitching-hacks
Lee marvin pitching-hacks
 
Emotiv EPOC by Neneng
Emotiv EPOC by NenengEmotiv EPOC by Neneng
Emotiv EPOC by Neneng
 
Aksi – Koneksi – Deviasi by Valent
Aksi – Koneksi – Deviasi by ValentAksi – Koneksi – Deviasi by Valent
Aksi – Koneksi – Deviasi by Valent
 
MMO Design Architecture by Andrew
MMO Design Architecture by AndrewMMO Design Architecture by Andrew
MMO Design Architecture by Andrew
 
How to Persuade People by Dave
How to Persuade People by DaveHow to Persuade People by Dave
How to Persuade People by Dave
 
Eddie supersmash goodminton
Eddie supersmash goodmintonEddie supersmash goodminton
Eddie supersmash goodminton
 
Satriyo digital audio gears
Satriyo digital audio gearsSatriyo digital audio gears
Satriyo digital audio gears
 
Yinan heroes of-the_strom
Yinan heroes of-the_stromYinan heroes of-the_strom
Yinan heroes of-the_strom
 
Advanced encryption standard (aes) epul
Advanced encryption standard (aes) epulAdvanced encryption standard (aes) epul
Advanced encryption standard (aes) epul
 
Real Time Framework by Tonny
Real Time Framework by TonnyReal Time Framework by Tonny
Real Time Framework by Tonny
 
Unity Camera & Simple Image Editing by Puthut
Unity Camera & Simple Image Editing by PuthutUnity Camera & Simple Image Editing by Puthut
Unity Camera & Simple Image Editing by Puthut
 
Hibernate by Jason
Hibernate by JasonHibernate by Jason
Hibernate by Jason
 

Recently uploaded

4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 

Recently uploaded (20)

4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 

Hardening Apache Web Server by Aswin

  • 1. @agatestudio Hardening Apache Web Server Security Aswin Knight Agate Studio
  • 2. HARDENING APACHE WEB SERVER SECURITY Aswin Juari
  • 3. INTRODUCTION  Security Aspect  Application Level  XSS  SQL Injection  Etc  HTTPD Service & Machine  Exposing Apache Configuration  DOS/DDOS  Etc  Etc
  • 4. We will learn Security at the Server Machine
  • 5. SERVER SECURITY  SSH Authentication  Edit SSH Configuration:  Don’t Permit RootLogin  Recommended:  Use Private Key Authorization  Not Use Default Port  Limit Database Access  Authentication  IP WhiteList
  • 6. APACHE CONFIGURATION HARDENING  Update Apache/SSL Version if any  Hide Apache Version ServerSignature Off ServerTokens Prod  Disable Directory Listing <Directory /var/www/html> Options -Indexes </Directory>  Disable Unnecessary Module  Turn Off CGI Executions
  • 7. APACHE CONFIGURATION HARDENING  Restrict Directory Access <Directory /var/www/html/Admin> Order allow, deny Allow from xx.xx.xx.xx/24 Deny from all </Directory>  Use Non Root for Run Httpd User apache Group apache  Limit Request Size <Directory /var/www/html/user_uploads> LimitRequestBody 512000 </Directory>
  • 8. APACHE CONFIGURATION HARDENING  Mod_security  Can scan all messages received by your website  Can help prevent SQL Injection  Return 406 error if user entries URL http://www.webapp.com/login.php?username=admin'">D ROP%20TABLE%20users--  However:  There is additional load on server  The configuration must be done manually
  • 9. APACHE CONFIGURATION HARDENING  Mod_evasive  If so many requests come to a same page in a few times per second.  If any child process trying to make more than 50 concurrent requests.  If any IP still trying to make new requests when its temporarily blacklisted.  Prevent DOS Attack  Enable Apache Logging  Error Log/Access Log
  • 10. ANOTHER TOOLS  Fail2Ban  Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc.  Feature:  Running as a daemon  Can use various methods to block attack  Iptables  Tcp wrappers (/etc/hosts.deny)  Can handle more than one service: ssh, apache  Can send email notifications  Can ban IP permanent/limited time
  • 11. FURTHER READING  http://silverdire.com/2013/08/12/haproxy- fail2ban/  http://systembash.com/content/how-to-stop-an- apache-ddos-attack-with-mod_evasive/  http://www.fail2ban.org/wiki/index.php/Main_Pa ge  http://www.tecmint.com/apache-security-tips/