yum install mod_authz_ldap

<Directory /var/www/html/test>
  AuthzLDAPMethod ldap
  AuthzLDAPAuthoritative on
  AuthzLDAPServer 10.10.10.123:389            # AD 的IP
  AuthzLDAPUserBase "DC=cross,DC=local"   # AD的網域名稱，我的是 cross.local
  AuthzLDAPUserKey sAMAccountName
  AuthzLDAPUserScope subtree
  AuthzLDAPBindDN "cross"                             # AD 管理者的帳號
  AuthzLDAPBindPassword "crosspassword"   # AD 管理者的密碼
  AuthName "Need Password with using AD"
  AuthType Basic
  require valid-user
</Directory>

這個攻擊是八月底的消息，它是一個apache的弱點，對 header 作攻擊，好像是它本就是一個正常的規則，

只是如果分好幾個片斷去 request 的話，就會讓apache 資源慢慢的被耗光，最後 crashed。

一般對 80 的請求為

telnet 10.10.10.135 80

GET / HTTP/1.1

Host: 10.10.10.135

<enter> 

結果

HTTP/1.1 200 OK
Date: Thu, 15 Sep 2011 10:12:02 GMT
Server: Apache

[閱讀全文]

比方說我的http://ssorc.tw/admin 後台，要登入帳密的地方我需要讓它使用SSL加密連線

就在httpd.conf 設定加入如下設定

<Directory /path/admin>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase   /path/admin
RewriteCond   %{SERVER_PORT}  !^443$
RewriteRule   ^(.*)?$   https ://%{SERVER_NAME}/admin/$1 [L,R]
#                                  https跟://之間我故意空白，因為會讓我文章無法存檔
</IfModule>
</Directory>

http://code.google.com/intl/zh-TW/speed/page-speed/docs/module.html

mod_pagespeed is an open-source Apache module that automatically optimizes web pages and resources on them. It does this by rewriting the resources using filters that implement web performance best practices. Webmasters and web developers can use mod_pagespeed to improve the performance of their web pages when serving content with the Apache HTTP Server.

下載頁面 http://code.google.com/intl/zh-TW/speed/page-speed/download.html
我要用的是 : mod_pagespeed 32-bit .rpm (CentOS/Fedora)

wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-beta_current_i386.rpm

安裝

rpm -ivh mod-pagespeed-beta_current_i386.rpm

套件內容

[閱讀全文]

目的:不想讓網頁頁面出現這樣子的錯誤訊息

Not Found

The requested URL /123 was not found on this server.
Apache/2.0.52 (CentOS) Server at 10.10.10.135 Port 80

關閉apache版本，vi /etc/httpd/conf/httpd.conf

ServerTokens OS # 找到這一行，將“OS”改為“Prod”
# 改為
ServerTokens Prod #  在出現錯誤頁的時候不顯示服務器操作繫統的名稱

ServerSignature On # 找到這一行，將“On”改為“Off”
# 改為
ServerSignature Off # 在錯誤頁中不顯示Apache的版本

關閉php版本，vi /etc/php.ini

expose_php = On

# 改為

expose_php = Off

重啟apache

[閱讀全文]

quote: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/html-multipage/introduction.html

ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

安裝--

下載套件: http://www.modsecurity.org/download/

編譯

[閱讀全文]

現在手機上網應用滿普及的了

有個網站(http://detectmobilebrowser.com/)針對是不是透過手機來瀏覽你的網站作了一規則編寫

像 apache 的話就點選藍色 apache 的部份下載它的規則內容套用在自已網站底下即可

這樣子假如你的網站有專門為手機而來的就可以重導它至其頁面了

當然這個網站還有對其它程式也有個別的規則內容，就看怎麼應用它了