Apache security
and SSL
1> IP based security : Deny access to particular IP or network
#vim /etc/httpd/conf/httpd.conf
go to last line shift+G and add the lines.
<Directory "/var/www/html">
order allow,deny
deny from 192.168.122.102
allow from all
</Directory>
2> user based security : allow web access by entring username and password
1> create http user
#htpasswd -cm /etc/httpd/htpasswd alex --------- c = create file, m = md5 algo , htpasswd = any file name
enter password twice
----------------
Extra :
add next user
#htpasswd -m /etc/httpd/htpasswd susun ---------------no need to create file, -c not needed.
remove httpd user
#htpasswd -D /etc/httpd/htpasswd susan -------------- D - delete
----------------------
2> #vim /etc/httpd/conf/httpd.conf
</Directory "/var/www/html">
AuthName "secure website" ----------any label
AuthType "Basic"
AuthUserFile "/etc/httpd/htpasswd"
Require Valid-User alex
</Directory>
Note : You can add "directory" block in virtualHost block also
3> # httpd -t
4> #service httpd restart
Recheck => Url : http://server.skynet.com
enter username and password to access page
Or
You can write authentication lines in .htaccess file at document root
1> #vim /etc/httpd/conf/httpd.conf
</Directory "/var/www/html">
Allow Override AuthConfig
</Directory>
2> #cd /var/www/html
#vim .htaccess
AuthName "secure page"
AuthType "Basic"
AuthUserFile "/etc/httpd/htpasswd"
Require Valid-User alex
:wq
3> #httpd -t
4> #service httpd restart
Recheck : URL http://server.skynet.com
=============================================================================================
HTTPS / SSL port :443
1> #yum install mod-ssl openssl httpd -y
2> # cd /etc/pki/tls/certs
# rm -f localhost.crt ---------------remove available certificate
# cd /etc/pki/tls/private
# rm -f localhost.key ---------------remove available key
3> create certificate and private key
# cd /etc/pki/tls/certs
# make localhost.crt ------------------certifiate file name
[ make script have entries to manage certificate ]
Enter pass phrase : eg redhat
Enter passphrase for localhost.key : redhat
country name : IN
stat or private name : Maharashtra
Locality Name : Nashik
Organisation Name : skynet LTD.
Organisation Unit name : NA
Command Name : servr.skynet.come -------domain name
Email Address : webmaster#server.skynet.com
3> put private key at proper location
# mv localhost.key /etc/pki/tls/private/
4> #vim /etc/httpd/conf/httpd.conf
Write below lines in virtualHost block
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificatekeyFile /etc/pki/tls/private/localhost.key
:wq
5> #service httpd restart
Enter passphrase redhat
Recheck
URL https://server.skynet.com
==============================================================================================
Extra :
Text based browser
1> #curl
2> #elinks -----------[ #yum install elinks -y ]
3> # links
#elinks --dump URL ----------[ to look output only ]
==============================================================================================
1> IP based security : Deny access to particular IP or network
#vim /etc/httpd/conf/httpd.conf
go to last line shift+G and add the lines.
<Directory "/var/www/html">
order allow,deny
deny from 192.168.122.102
allow from all
</Directory>
2> user based security : allow web access by entring username and password
1> create http user
#htpasswd -cm /etc/httpd/htpasswd alex --------- c = create file, m = md5 algo , htpasswd = any file name
enter password twice
----------------
Extra :
add next user
#htpasswd -m /etc/httpd/htpasswd susun ---------------no need to create file, -c not needed.
remove httpd user
#htpasswd -D /etc/httpd/htpasswd susan -------------- D - delete
----------------------
2> #vim /etc/httpd/conf/httpd.conf
</Directory "/var/www/html">
AuthName "secure website" ----------any label
AuthType "Basic"
AuthUserFile "/etc/httpd/htpasswd"
Require Valid-User alex
</Directory>
Note : You can add "directory" block in virtualHost block also
3> # httpd -t
4> #service httpd restart
Recheck => Url : http://server.skynet.com
enter username and password to access page
Or
You can write authentication lines in .htaccess file at document root
1> #vim /etc/httpd/conf/httpd.conf
</Directory "/var/www/html">
Allow Override AuthConfig
</Directory>
2> #cd /var/www/html
#vim .htaccess
AuthName "secure page"
AuthType "Basic"
AuthUserFile "/etc/httpd/htpasswd"
Require Valid-User alex
:wq
3> #httpd -t
4> #service httpd restart
Recheck : URL http://server.skynet.com
=============================================================================================
HTTPS / SSL port :443
1> #yum install mod-ssl openssl httpd -y
2> # cd /etc/pki/tls/certs
# rm -f localhost.crt ---------------remove available certificate
# cd /etc/pki/tls/private
# rm -f localhost.key ---------------remove available key
3> create certificate and private key
# cd /etc/pki/tls/certs
# make localhost.crt ------------------certifiate file name
[ make script have entries to manage certificate ]
Enter pass phrase : eg redhat
Enter passphrase for localhost.key : redhat
country name : IN
stat or private name : Maharashtra
Locality Name : Nashik
Organisation Name : skynet LTD.
Organisation Unit name : NA
Command Name : servr.skynet.come -------domain name
Email Address : webmaster#server.skynet.com
3> put private key at proper location
# mv localhost.key /etc/pki/tls/private/
4> #vim /etc/httpd/conf/httpd.conf
Write below lines in virtualHost block
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificatekeyFile /etc/pki/tls/private/localhost.key
:wq
5> #service httpd restart
Enter passphrase redhat
Recheck
URL https://server.skynet.com
==============================================================================================
Extra :
Text based browser
1> #curl
2> #elinks -----------[ #yum install elinks -y ]
3> # links
#elinks --dump URL ----------[ to look output only ]
==============================================================================================
No comments:
Post a Comment