8/3/2019 Linux Komade
3/4
Options ExecCGIOrder Deny,AllowDeny from allAllow from
192.168.0.0/16
To:
AllowOverride .htaccess
Options ExecCGIOrder Deny,AllowDeny from allAllow from
192.168.0.0/16
Do a reload to make sure the changes take effect:#
/etc/init.d/apache2 reloadDigest authentication:Another method for
authentication is called digest authentication. With digest
authentication your password is never sent acrossthe network in the
clear because they are always transmitted as an MD5 digest of the
user's password. This way passwordscannot be determined by sniffing
network traffic:Create a password file:# mkdir /var/www/misc# chmod
a+rx /var/www/misc# cd /var/www/misc# htdigest -c private.passwords
realm usernameAdding password for username in realm realm.
New password:Create .htaccess# cd
/home/username/public_html/cgi-bin# vi .htaccessAdd the below in
.htaccessAuthName "My Private Area"AuthType DigestAuthUserFile
/var/www/misc/private.passwordsAuthGroupFile /dev/null require
valid-userNotes1.For more information on htdigest please check the
man pages.2.Some older versions of Web browsers don't support
Digest authentication.3.To fully protect your .htaccess use
SSL.
Where to go from here?The next step in a more secure Apache is
to use some of the Apache modules decided for helping Apache
security even more.Some examples are mod_security and mod_chroot.
Also, to protect our authentication we will need to configure SSL.
In aupcoming HOWTO it will show you how to use SSL to further
increase your web server's security and other advance
techniques.
What ways would you suggest to best secure a Apache web
server?
A. By default iptables firewall stores its configuration at
/etc/sysconfig/iptables file. You need to edit this file
and add rules to open port number. This file only avilable
under
Red Hat Enterprise Linux 3 / 4 / 5 and above
=> Old Red hat Linux version
=> CentOS 4 and above=> Fedora Linux
Open port 80
Open flle /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append rule as follows:
