LAMP (Linux, Apache, MySQL, PHP) server from the scratch in an virtualized environment. There are many articles, but neither of them cover all the required steps. So far after each I had to troubleshoot many issues that weren’t even mentioned in the articles and that involves lot of searching and playing around. One of many […]
|
||||||
|
PCI Audits often reveal TRACE & TRACK as issues that must be handled before the website can be considered PCI compliant. If you are running apache 2.x, the following directives will disable TRACE & TRACK functionality. This change needs to be made in /etc/httpd/conf/httpd.conf: ServerTokens OS TraceEnable OFF The Mod_rewrite directives below need to be […] Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. All the system level security in the world is rendered useless by insecure web-applications. The converse is also true—programming best practices, such as always verifying user […] As in the past to apache 1 mod_throttle gasanghoseuteubyeol the measure and limit traffic was possible. Limiting the traffic to the hosting is required. Used in any domain that Knowing very important job. But, apache2 could only give this guy writes. Is search. cband found. mod_throttle and function and the structure and almost identical, mod_bandwidth […] Source: Here all of the website is an example kernel tuning for improved performance. Try one of those boring study. (Actually, I do not know) I’m just the only data is transferred. References http://www.apache.org/docs/misc/perf-tuning.html web performance tunning – O’Reilly Keep in mind, however, have some points. In order to improve website performance, rather than the […] mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and more. mod_evasive presently reports abuse via email […] Center for Internet Security Benchmark for Apache Web Server Pre-configuration Checklist It is important to realize that “Web Security” extends beyond the Web Server itself. There are many different web security vulnerabilities, which do not directly involve the web server itself. In order to truly secure a web infrastructure, many different information technology divisions must […] Turn Mod_Rewrite On Mod_rewrite is used through your .htaccess file. Place the following code at the beginning of your .htaccess file to turn mod_rewrite on: RewriteEngine on (Don’t forget that .htaccess commands are case-sensitive.) This code needs to be entered at the beginning of any .htaccess file using mod_rewrite. The Basic Mod_Rewrite Layout The basic […] .htaccess – Authentication from File and LDAP or other sources at the same time Sometimes you may need to authenticate a user against different credentials stores, like standard files (.htpasswd), databases, ldap, … With Apache, you can use these more authentication sources by defining them in the AuthBasicProvider property. The configuration bellow will authenticate a […] .htaccess – Redirect to SSL (HTTPS) before Basic Authentication
I prefer running a site in HTTP only mode when there are no confidential information transferred (username, password, credit card number, etc.). It saves some of the CPU time because there is no need to do data encryption. But I strongly recommend to use HTTPS […] |
||||||
|
Copyright © 2024 - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
Recent Comments