SECURITY 

 

Things to be considered before configuring apache server.

 

 

1.Hiding Apache version and OS information:

 

 

Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command

vim /etc/httpd/conf/httpd.conf

 

>Go to the above directory

 

 

ServerSignature Off

 

>Off the default signature

 

 

service httpd restart

 

>restart the server to take effect the changes

 

 

 

2.Disable Directory Listing

 

 

If /var/www/ don’t have the index file then webserver shows the document root directory

 

This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.

 

<Directory /var/www/html>

Options -Indexes

</Directory>

 

 

 

3.Restricting Access to files outside the root directory

 

 

Configure the file like given below:

 

<Directory/>

Options None

AllowOverride None

Order deny,allow

Deny from all

</Directory>

 

This will not allow user to access outside the web root directory

 

 

 

HOW TO INSERT RESTRICTION. 

 

 

To view the current iptables configuration

iptables -L

 

 

How to block all connections from a specific IP Address.

 

iptables -A INPUT -s (ip address) -j DROP

e.g.: iptables -A INPUT -s 192.168.1.22 -j DROP

 

 

How to block all of the IP Addresses in the 192.168.1.1/24 network range.

 

Standard method: iptables -A INPUT -s 192.168.1.1/24 -j DROP

OR

Netmask method: iptables -A INPUT -s 192.168.1.1/255.255.255.0 -j DROP

 

 

 

How to block SSH connections from any IP address.

 

iptables -A INPUT -p tcp --dport ssh -j DROP

 

How to block SSH connections from a specific IP Address.

 

iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP

For tcp protocol use -p tcp

& for udp protocol use -p udp

 

 

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes

 

 

For Ubuntu:

sudo /sbin/iptables-save

 

 

Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save

 

 

To clear all the currently configured rules:

iptables -F

 

www.000webhost.com