Introduction
Disabling TRACE and TRACK in Apache for PCI-related vulnerabilities like Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability is surprisingly easy with the Apache web server. The main thing to keep in mind is understanding that if you are running apache and this vulnerability pops up during a scan, you can be reasonably certain that TRACK is not the problem TRACE is.
One of the “must do’s” on setting a secure apache webserver environment is to disable directory listing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.
Many times on RHEL, haproxy is not reliable it gives an errors while connecting to apache backend, at that time it logs the following errors into /var/log/messages
kernel: ip_conntrack: table full, dropping packet
this is related to ip_conntrack kernel module.
If found this error message into /var/log/messages need to apply following steps
Different platforms and devices require SSL certificates to be converted to different formats. For example, a Windows server exports and imports .pfx files while an Apache server uses individual PEM (.crt, .cer) files.
More and more companies are using directory services for housing their user credentials and information. Example directory services are Active Directory, eDirectory and OpenLDAP.
This article contains step by step instructions for configuring an Apache web server which handles static content and delegates JSP (Java Server Pages) and Servlet requests to two Tomcat servers using AJP 13 connectors and a load balancing worker.
This is to explain and understand how to integrate Apache and Tomcat to support Java Server Pages (JSP) and Servlets using Apache on your website. Although this setup worked for this particular environment, I can make no guarantees that it will work for yours, but it should with some tweaking. I have spent a lot of time gathering several resources in order to get this to work. Many portions of these resources have been deprecated and required a few workarounds. It is my intention that this tutorial will help anyone that has attempted to install such a system without success. If you find any inconsistencies within this tutorial, please notify me using the contact form.
This guide is intended to provide you with simple instructions on how to install Nagios from source (code) on RHEL and have it monitoring your local machine within 20 minutes. No advanced installation options are discussed here – just the basics that will work for almost all users who want to get started. These instructions were written based on a standard RHEL 5 distribution.
Here I have tried to list the commands that are useful for us (sys admins) but we still tend to forget. Listed here are a bunch of unix commands.
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.
