One of the “must do’s” on setting a secure apache webserver environment is to disable directory listing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.
Subversion ADS Authentication with Apache
More and more companies are using directory services for housing their user credentials and information. Example directory services are Active Directory, eDirectory and OpenLDAP.
This article contains step by step instructions for configuring an Apache web server which handles static content and delegates JSP (Java Server Pages) and Servlet requests to two Tomcat servers using AJP 13 connectors and a load balancing worker.
This is to explain and understand how to integrate Apache and Tomcat to support Java Server Pages (JSP) and Servlets using Apache on your website. Although this setup worked for this particular environment, I can make no guarantees that it will work for yours, but it should with some tweaking. I have spent a lot of time gathering several resources in order to get this to work. Many portions of these resources have been deprecated and required a few workarounds. It is my intention that this tutorial will help anyone that has attempted to install such a system without success. If you find any inconsistencies within this tutorial, please notify me using the contact form.
This guide is intended to provide you with simple instructions on how to install Nagios from source (code) on RHEL and have it monitoring your local machine within 20 minutes. No advanced installation options are discussed here – just the basics that will work for almost all users who want to get started. These instructions were written based on a standard RHEL 5 distribution.
ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.
If you plan to run a web server, you’d better be prepared to see it attacked. Securing a web server is a non-trivial task that requires an understanding of the web server’s relationship with the network. By being aware of what security measures are on the web server, you can balance the security necessary within your applications. In this chapter, we will look at how to ensure the network is secure, and then go through the steps for making a secure and dynamite web server. We will also address what to do in the event of an attack.