Wednesday, March 14, 2012

Apache 2.2.x security tricks (CentOS) - Bảo vệ an toàn cho apache 2.2.x

Install httpd-devel and gcc:
yum install httpd-devel gcc

        Download this modules (you'll need the .c files)

Upload those files to your server (secure ftp via ssh port should be a good way to do so).

        Build and install the modules

        apxs -cia mod_allowmethods.c
        apxs -cia mod_antiloris.c
        apxs -cia mod_reqtimeout.c

        Go to /etc/httpd/conf.d and add a file named 3rdparty.conf with:

TraceEnable Off
TraceEnable Off
<Directory />
    LimitRequestBody 8388608
    <IfModule allowmethods_module>
        AllowMethods GET HEAD OPTIONS POST

<IfModule antiloris_module>
    IPReadLimit 20


<IfModule reqtimeout_module>
    RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

Please note that LimitRequestBody will disallow uploading/posting more than 8MB (8388608 bytes) but for most websites it should be ok.

$ service httpd fullstatus | grep antiloris mod_antiloris/0.4

No comments: