Wednesday, March 14, 2012

Apache 2.2.x security tricks (CentOS) - Bảo vệ an toàn cho apache 2.2.x

Install httpd-devel and gcc:
yum install httpd-devel gcc

        Download this modules (you'll need the .c files)
        mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238
        mod_antiloris: http://sourceforge.net/projects/mod-antiloris/
        mod_reqtimeout: https://github.com/apache/httpd/blob/2.2.x/modules/filters/mod_reqtimeout.c

Upload those files to your server (secure ftp via ssh port should be a good way to do so).


        Build and install the modules

        apxs -cia mod_allowmethods.c
        apxs -cia mod_antiloris.c
        apxs -cia mod_reqtimeout.c


        Go to /etc/httpd/conf.d and add a file named 3rdparty.conf with:


TraceEnable Off
TraceEnable Off
<Directory />
    LimitRequestBody 8388608
    <IfModule allowmethods_module>
        AllowMethods GET HEAD OPTIONS POST
    </IfModule>
</Directory>

<IfModule antiloris_module>
    IPReadLimit 20

</IfModule>

<IfModule reqtimeout_module>
    RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>


Please note that LimitRequestBody will disallow uploading/posting more than 8MB (8388608 bytes) but for most websites it should be ok.

$ service httpd fullstatus | grep antiloris mod_antiloris/0.4

No comments: