The most commonly used web server in the world today is Apache and with
good reason. Built with security in mind, Apache is a solid and stable
web server that has been around for years.
There is also an option to use the SSL protocol, making websites safe and secure.
Step 1. Install the two required packages:
# yum install –y httpd mod_ssl
During the installation, a directory (/var/www) is created with a set of
subdirectories. This directory tree is the place where you store your
websites. There are also a few config files to look at:
/etc/httpd/conf/httpd.conf Main config file
/var/log/httpd Log file directory for the web server
Step 2.
make sure that the service is set to start when the system boots:
# chkconfig httpd on
Step 3.
Here are some common options for the configuration file
#vim /etc/httpd/conf/httpd.conf
ServerRoot Defines where the config files are held
Timeout Specifies the time before a request times out (120 seconds
is the default)
Listen Indicates the port number to listen on (default is 80)
DocumentRoot Defines where the website files are located
ServerName Defines a server name or IP address and port number
ofter making changes save and exit
Test the config file:
# service httpd configtest
Use iptables to create the additional firewall rules:
# iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# service iptables save
# service iptables restart
change SElinux if required
#service httpd restart
To access:
----------
Install the required package:
# yum install -y elinks
# elinks 192.168.100 (welcome page should we display).
==========================================================================
Apache security
1- host-based authentication
You use the Listen option to define an IP address and a port for incoming request.listen 192.168.1.100:80 (if your server have multiple ip and you want assign single ip)
In the <Directory> section, let’s set up Allow from and Deny from options.
#Allow all hosts to connect:
Allow from all
#To allow only a specific IP or host, use the following:
Allow from 172.168.1.2
#You can also specify a domain:
Allow from .example.com
#The deny options work in the same manner. To deny from a whole subnet,
use the following:
Deny from 192.168.1
--------------------------------------------------------------------------------------------------------------
2- user-based autentication
Define the following under the main server section in the config file:
<Directory “/var/www/html”>
AuthType Basic
AuthName “Password Restricted Area”
AuthUserFile /etc/httpd/userfile
Require user kamal
</Directory
AuthType Defines the authentication type
AuthName Adds a comment for the user to see on login
AuthUserFile Specifies the file used to define username and password
Require Specifies the users or groups that can log in
Create the sole user who will need access to this site:
# htpasswd -cm /etc/httpd/userfile kamal
-c create new file
-m generate MD5 encrypted password
#service httpd restart
Try to open website it should prompt for password
No comments:
Post a Comment