Activity Stream
48,167 MEMBERS
6807 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1.     
    #1
    Moderator
    NewEraCracker's Avatar

    Default Apache 2.2.x security tricks (CentOS)

    1. Install httpd-devel and gcc:
      Code: 
      yum install httpd-devel gcc
    2. Download this modules (you'll need the .c files)
      mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238
      mod_antiloris: http://www.apachelounge.com/viewtopic.php?t=4222
      mod_reqtimeout: https://github.com/apache/httpd/blob...d_reqtimeout.c
    3. Upload those files to your server (secure ftp via ssh port should be a good way to do so).
    4. Build and install the modules
      Code: 
      apxs -cia mod_allowmethods.c
      apxs -cia mod_antiloris.c
      apxs -cia mod_reqtimeout.c
    5. Configure it
      Go to /etc/httpd/conf.d and add a file named 3rdparty.conf with:
      Code: 
      TraceEnable Off
      
      <Directory />
          LimitRequestBody 8388608
          <IfModule allowmethods_module>
              AllowMethods GET HEAD OPTIONS POST
          </IfModule>
      </Directory>
      
      <IfModule antiloris_module>
          IPReadLimit 20
      </IfModule>
      
      <IfModule reqtimeout_module>
          RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
      </IfModule>
      Please note that LimitRequestBody will disallow uploading/posting more than 8MB (8388608 bytes) but for most websites it should be ok.


    Enjoy

    If running cPanel you have to run after installing the module:
    Code: 
    /usr/local/cpanel/bin/apache_conf_distiller --update
    NewEraCracker Reviewed by NewEraCracker on . Apache 2.2.x security tricks (CentOS) Install httpd-devel and gcc: yum install httpd-devel gcc Download this modules (you'll need the .c files) mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238 mod_antiloris: http://www.apachelounge.com/viewtopic.php?t=4222 mod_reqtimeout: https://github.com/apache/httpd/blob/2.2.x/modules/filters/mod_reqtimeout.c Upload those files to your server (secure ftp via ssh port should be a good way to do so). Rating: 5
    Trusted: Dom, l0calh0st, 0ccul7, robert420
    Find all threads started by NewEraCracker

  2.   Sponsored Links

  3.     
    #2
    I think the uploading limit is not going to affect the forums. We can use it.

  4.     
    #3
    Member
    Ok, but what overall conclusion to install this ? which area its cover ? what are the benefits ? even we can install mod_evasive to do this all in just one module !

    Thanks

  5.     
    #4
    Moderator
    NewEraCracker's Avatar
    mod_evasive is old and un-efficient with the new attack vectors to apache.
    Trusted: Dom, l0calh0st, 0ccul7, robert420
    Find all threads started by NewEraCracker

  6.     
    #5
    Member
    mod_antiloris is making error in my apache:


    Apache restart failed. Unable to load pid from pid file and no httpd process found in process list.
    If apache restart reported success but it failed soon after, it may be caused by oddities with mod_ssl.
    You should run /usr/local/cpanel/scripts/ssl_crt_status as part of your troubleshooting process.
    Pass it --help for more details.
    Also be sure to examine apache's various log files.
    Apache Restart Output:

    [Mon Dec 19 12:10:47 2011] [notice] caught SIGTERM, shutting down

  7.     
    #6
    Moderator
    NewEraCracker's Avatar
    maxtor, It seems you are running cPanel in your server, you should contact cPanel support for help into getting your issues fixed. I only work with servers via SSH and Webmin (don't use cPanel).
    Trusted: Dom, l0calh0st, 0ccul7, robert420
    Find all threads started by NewEraCracker

  8.     
    #7
    Member
    Website's:
    newrapidleech.com blog.newrapidleech.com
    nice share, awesome contributions, as always :thumbsup:

  9.     
    #8
    Member
    Website's:
    serverno.de
    It would also be a good idea to learn how to setup good mod security rules and install that, it'll help a lot against certain attacks.

  10.     
    #9
    Retired NinJa
    Website's:
    loledhard.com
    bump, this should help loads of guys here



    You don't hate Justin bieber.You hate the fact you ain't Justin Bieber!

  11.     
    #10
    Member
    Website's:
    10gb.in uploadjet.net
    i have tried to install these on my cpanel server but modules doesnt load even though build seems successful , even restart of apache doesn't show any error any clue ?
    10Gb.in - Affordable Web Hosting Strictly No oversell |
    Kimsufi Reseller With 80 payment options



Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. CentOS Apache Help
    By feronso in forum Server Management
    Replies: 3
    Last Post: 30th May 2012, 08:47 PM
  2. How to put Varnish in front of Apache on CentOS?
    By AlternativeWeb in forum Server Management
    Replies: 4
    Last Post: 24th May 2012, 05:04 PM
  3. How To Install Apache with MySQL and PHP on Linux CentOS
    By enetcloud in forum Tutorials and Guides
    Replies: 3
    Last Post: 21st Aug 2011, 01:11 PM
  4. How do i uninstall apache on Centos 5?
    By RNBxBeatz in forum Webmaster Discussion
    Replies: 3
    Last Post: 22nd Apr 2011, 02:44 PM
  5. Linux Hardening & Security[cP/WHM + Apache]
    By Krun!x in forum Technical and Security Tutorials
    Replies: 5
    Last Post: 22nd Jul 2009, 01:05 AM

Tags for this Thread

BE SOCIAL