CyberKeeda In Social Media
Showing posts with label Webserver. Show all posts
Showing posts with label Webserver. Show all posts

Apache Hardening : Limit Request Size


By default Apache has no limit on the total size of the HTTP request i.e. unlimited and when you allow large requests on a web server its possible that one could be a victim of Denial of service attacks. We can Limit the requests size of an Apache directive “LimitRequestBody” with the directory tag.

This is generally preffered for websites/blogs that gives an upload option through http protocol
Unlimited upload size can really effect and site can be compromised by attackers  using DDos.

One can set the value in bytes from 0 (unlimited) to 2147483647 (2GB) that are allowed in a request body. You can set this limit according to your site needs.


Here in this example, my_uploads is a directory which contains files uploaded by users. We are We We will put a limit of  500K  for this by making the changes in Apache configuration file ( httpd.conf ).

<Directory "/var/www/mywebsite/my_uploads">
LimitRequestBody 512000
</Directory>


Read more ...
Posted by No comments:
Labels: , , , ,

Installation of Apache Tomcat on Ubuntu





Steps.
  • Download and install OpenJDK package for java ( Mandatory )
  • Download Tomcat tarball from Official Tomcat Webpage
  • Untar / Unzip the tarball.
  • Make a directory specific for tomcat and it's relevant files
  • Move tomcat files to specific tomcat directory
  • Locate the startup.sh and shutdown.sh file in order to start/stop

Here we are about to download and install Tomcat 8 on CentOS 6.8

Install OpenJDK to fulfill java requirement.
## sudo apt-get instal openjdk*
Make a directory specific for Tomcat.
## sudo mkdir /opt/tomcat
Download Apache Tomcat from here official website 

Move the downloaded tarball apache-tomcat-x.xx.x.tar.gz into /opt/tomcat

## sudo mv  apache-tomcat-8.5.13.tar.gz /opt/tomcat/
Unzip the tarball
## tar -xvf apache-tomcat-8.5.13.tar.gz
After unzipping the tarball there would be something folder named as apache-tomcat-8.xx.xx

Toggle into unzipped directory

## cd /opt/tomcat/apache-tomcat-8.xx.xx/bin/
Look for file startup.sh and shutdown.sh

# Start tomcat using the startup script

## ./startup.sh
Stop the same from.

## ./shutdown.sh

 Once you toggle into unzipped tomcat parent directory below are the sub directories that has a significance value and it's is responsibility.
 Lets go through the Apache Tomcat Directory and know why they exists,


bin  ==> It contains all binary and script files for running tomcat
lib  ==> Contains shared library files used by tomcat
conf ==> Contains configuration files such as port, directories etc
logs ==> Contains various log files related to tomcat, ex -- catalina.out
temp ==> Conatins temp files associated with tomcat 
webapps ==> Important folder,application war files are dumped over here only
work ==> If application contain any jsp then jsp is translated and converted into servlet its stores here.

Tomcat looks for multiple environment variables to be defined in order to run, these are enlisted below.
    

  • CATALINA_HOME
    • 

  • CATALINA_BASE
    • 

  • CATALINA_TMPDIR
    • 

  • JRE_HOME/JAVA_HOME
    • 

  • CLASSPATH
    •
The mandatory environment variable that are supposed to defined in order to run Tomcat.


CATALINA_HOME
  1. This one is the most important Environment variable that needs to be defined in order to run multiple instances of tomcat within same host.
  2. This directory defined must point to the main tomcat instance which contains all extracted binary data including the bin and lib directory
  3. So based on CATALINA_HOME we will get lib and bin directory
CATALINA_BASE
Based on above variable, server uses conf, logs, webapps, work folder





Read more ...
Posted by No comments:
Labels: , , , ,

How to enable PHP LDAP module / extension in XAMP



Before proceeding,do check whether LDAP module is enabled by default or not, you can verify the same using phpinfo.php page.

To check create the a php file within htdocs folder as phpinfo.php

create a notepad file and rename it as phpinfo.php

paste the below mentioned code into it and save it into  htdocs folder

<?php
        phpinfo();
?>


Open the browser and hit, https://localhost/phpinfo.php

If you find the below mentioned screenshot, Well !!! you don't need to do anything PHP_LDAP module is already enabled within your XAMP server.



Now, if you can't find anything like that just follow the steps.


  • Change directory to C :  -- xampp -- php

  • Find and Copy the listed files 
  1.      libeay32.dll
  2.      libsasl.dll
  3.      ssleay32.dll
  • Copy into C:\Windows\System32

  • Now again toggle / change directory into C :  -->  xampp -->  php
  • Find and open file named   php.ini 
  • Again find and UnComment the below mentioned line to enable it.
       ;extension=php_ldap.dll


and make it look like the below screenshot by removing the  ;
to look it as extension=php_ldap.dll


Now restart Apache from XAMP control pannel



Read more ...
Posted by No comments:
Labels: , , , , , , ,

PHP Installed but browser is not loading php script, showing as a raw html text



So I encountered the problem , while loading php file with Apache.

I was expecting a page with php information as i have uploaded the phpinfo.php into /var/www/html
restarted apache,

Aww.. i got just text when i hit down the browser as

<?php
        phpinfo();
?>

 Now, if your are running in the same problem, below mentioned is the fix.

 open your http.conf file and append the below lines within it.

 AddHandler php5-script .php

AddType text/html .php


Restart Apache and reload webpage again, the problem will be solved.


Read more ...
Posted by No comments:
Labels: , , ,

Protect your website from DDOS attacks using apache modules ( mod_evasive )



Below mentioned apache module is quiet famous in terms of security


mod_evasive


mod_evasive works very efficiently, it takes one request to process and processes it very well. It prevents DDOS attacks from doing as much damage. This feature of mod_evasive enables it to handle the HTTP brute forceand Dos or DDos attack. This module detects attacks with three methods.
  1. If so many requests come to a same page in a few times per second.
  2. If any child process trying to make more than 50 concurrent requests.
  3. If any IP still trying to make new requests when its temporarily blacklisted.
Find and un comment the line within your http.conf file to make it as
LoadModule evasive20_module modules/mod_evasive24.so

Read more ...
Posted by No comments:
Labels: , , , , ,

Vulnerability Fix : Browsable Web Directories



                               How to Disable Directory Listings in Apache


Make sure that browsable directories do not leak confidentialinformative or give access to sensitive resources. Additionally, useaccess restrictions or disable directory indexing for any that do.


  • Look for apache/httpd configuration file and edit the following lines
  • Open the config file using a text editor like vi (vi httpd.conf)
  • Search for the directory section of the file where your website resides, and the Options keyword beneath that. It should look something like:
  • <Directory /home/mywebuser/public_html>
 Options Indexes 
</Directory>
  • Update the option 'Indexes' from the above, so the line would read instead:
    Options -Indexes
    • Keep the Indexes Option as it is , the only change is to add a "-" sighn before it.
    • After making the above changes, save the file and restart httpd/apache.





Read more ...
Posted by 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)
Designed By Jackuna