Enable HTTP Strict Transport Security on Debian / Ubuntu | HSTS or just STS can be enabled with Apache fairly easily. I’ll show you how! Enabling HSTS enforces a policy that all content from your server to the end user’s web browser will be over HTTPS. This can protect against interceptions, https stripping, and other possible man-in-the-middle attacks. First, enable mod_headers: $ sudo a2enmod headers
Apache Server Status with mod_status
Apache Server Status with mod_status | Apache has a built-in web-based server status module called mod_status. Here’s how it works! In Ubuntu / Debian, first enable the apache status module: $ sudo a2enmod status An existing config file is already in place for Debian and Ubuntu. Edit as follows: $ sudo nano /etc/apache2/mods-available/status.conf It looks like this:
Apache List Loaded Modules
Apache List Loaded Modules | Use apache2ctl -M or httpd -M to list loaded apache modules. The output will look similar to: $ sudo apache2ctl -M Loaded Modules: core_module (static) log_config_module (static) logio_module (static) mpm_worker_module (static) http_module (static) so_module (static) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_default_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgid_module (shared) deflate_module (shared)
Make Your Web Server Snappy With php-apc
Make Your Web Server Snappy With php-apc | In Debian / Ubuntu, simply installing one package will instantly make your web server faster. (That is, if you are serving up php!) Here ya go: sudo apt-get install php-apc Next, edit the following file: $ sudo nano /etc/php5/conf.d/apc.ini And put in the following values. Increase the apc.shm_size as high as is available: extension=apc.so apc.shm_size=64M
Apache Block By User Agent
Apache Block By User Agent | Though this is trivial to circumvent, an easy way to block by User Agent with Apache is to use mod_rewrite. This is rather more useful to deny spam bots, scammers, and other automated tools from poking at your website! The following rewrite rule gives a 403 Forbidden for example: RewriteEngine On RewriteCond %{HTTP_USER_AGENT} HTTrack RewriteRule
Test Your Server for MySQL Injection
Test Your Server for MySQL Injection | Q: What tools are used for testing for MySQL and other database injection vulnerabilities? The following are often used to automate testing for SQL injections by network and security admins: sqlmap – automatic SQL injection and database takeover tool Havij – automated SQL injection tool metasploit – security framework (Metasploit as you may be aware
Prevent Hotlinking with htaccess
Prevent Hotlinking with htaccess | Hotlinking is the use of another person’s hosted image embedded on a different site without permission. I’ll show you how to prevent hotlinking with htaccess! Place the following in an .htaccess file on your web server to prevent hotlinking of images but however allow google, bing, and yahoo image searches access. Change the first entry
Securing phpMyAdmin
Securing phpMyAdmin | phpMyAdmin is a great tool but it is also a large target by hackers. Take these initial steps to secure your phpMyAdmin install in Ubuntu Linux. 1. First we will setup an Apache login and password in order to load the phpmyadmin page. This command creates an apache authenticated user (Example here creates a username
Check Apache Permissions
Check Apache Permissions | How can I check Apache permissions for world writeable files or directories? You can use the find command to check for 777 (world writeable) directories and files. This command searches for directories that are 777 in /var/www/: sudo find /var/www/ -type d -perm -002 And this command searches for files that are 777 in /var/www/:
Could not reliably determine the server’s fully qualified domain name
Could not reliably determine the server’s fully qualified domain name | After the initial install of Apache in Ubuntu, you’ll first see this message below: stmiller@brahms:~$ sudo /etc/init.d/apache2 restart * Restarting web server apache2 apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName … waiting apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
