apache security

Today I found a blog about how to secure apache. Hope you consider this useful. :)

20 ways to Secure your Apache Configuration

prevent image hot-linking

 RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?your-domain.com/.*$ [NC]
RewriteRule .(gif|jpg)$ – [F]

Preventing hot linking of images in pages.

src:  http://www.bloghash.com/2006/11/beginners-guide-to-htaccess-file-with-examples/

accessing virtual host from another machine on a local network

So you have configured so many virtual host in your server machine and it’s readily available on the network. How then you’d access it?

In windows XP edit your hosts file. There is this tutorial to edit hosts file in windows xp.

In CentOS it’s located at directory

/etc/

Edit it using your favorite text editor.

At the last part of it enter the following

xxx.xxx.xxx.xxx space nameofvirtualhost

where xxx.xxx.xxx.xxx is the ip of the server configured to host the virtual host.

Enjoy.

apache 2 virtual directory the xampp approach

This tutorial is based on a solution to a problem encountered.

Operating environment: Windows XP

I always want to place my project on a separate directory under my documents for easy access. When I think of a solution I have come to this approach

• allow directory navigation since my sandbox(the folder/directory) I will use does not contain any php/html only folders
• create another pseudo domain for the sandbox for easy access

First I need to think of a directory to place my files/folders/directories d:\sandbox\ will be ideal since my documents are all in that directory.

All of my projects are placed on their particular folder under sandbox. I need to edit the following files:

httpd.conf
I have just copied this part to allow directory navigation. You don’t want this enabled in your enterprise application though.

<Directory “C:/x2/xampp/htdocs”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks Includes ExecCGI
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

Eliminated all of comments to simplify it and added the sandbox folder/directory. Note and a warning: also that use a forward slash rather than windows backslash to do this. Normal directory path in windows will be d:\sandbox.

<Directory “D:/sandbox”>

Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All

Order allow,deny
Allow from all

</Directory>

httpd-vhosts.conf
My http daemon or the apache program I’m using is listening on port 8080. Apache 2 has included this part in extras folder in the installation path. How to set up port in apache tutorial is in here.

<VirtualHost *:8080>
DocumentRoot D:/sandbox
ServerName sandbox
</VirtualHost>

hosts
The full path is C:\WINDOWS\system32\drivers\etc>hosts. You can see a tutorial on this one in here.

# have stripped off the comments

127.0.0.1 localhost
127.0.0.1 testground.com
127.0.0.1 sandbox.testground.com
127.0.0.1 sandbox

making your http daemon or apache listen on a particular port

In your Apache installation folder(it is called this way in windows. can’t do anything on it :D ), find the particular line. That is the default port http daemon is using.

When I have installed xampp 1.5.3a I have installed it in c:\x2\xampp directory. Apache configuration should be on <xampp install directory>\apache\conf in my case c:\x2\xampp\apache\conf

Listen 80

Just change the number 80 to whatever port you want.

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 8080

Why would you want to do that.

• First I am using skype which in default is using port 80 for the call feature that it have.
• Second to get more acquainted with the Apache software ;D
• Third some security. Remember that any process that you can do to further deter an attacker can be helpful. It is somewhat security through obscurity.
• Etc.