檔案為 'apache' 類別
8月 30th, 2008 由 傻仔仔 發表 於 12:08 pm
1. 安裝Apahce, PHP, Mysql, 以及php連接mysql庫組件。
yum -y install httpd php mysql mysql-server php-mysql
2. 配置開機啓動服務
/sbin/chkconfig httpd on [設置apache服務器httpd服務開機啓動]
/sbin/chkconfig –add mysqld [在服務清單中添加mysql服務]
/sbin/chkconfig mysqld on [設置mysql服務開機啓動]
/sbin/service httpd start [啓動httpd服務,與開機啓動無關]
/sbin/service mysqld start [啓動mysql服務,與開機無關]
3.設置mysql數據庫root帳號密碼。
mysqladmin -u root password ‘newpassword’ [引號內填密碼]
4. 讓mysql數據庫更安全
mysql -u root -p
mysql> DROP DATABASE test; [刪除test數據庫]
mysql> DELETE FROM mysql.user WHERE user = ”; [刪除匿名帳戶]
mysql> FLUSH PRIVILEGES; [重載權限]
5. 按照以上的安裝方式, 配置齣來的默認站點目錄為/var/www/html/
新建一個php腳本:
<?php
phpinfo();
?>
6. 新建一個數據庫﹐添加一個數據庫用戶﹐設置用戶權限。寫個php腳本測試一下數據庫連接吧。
mysql> CREATE DATABASE my_db;
mysql> GRANT ALL PRIVILEGES ON my_db.* TO ‘user’@'localhost’ IDENTIFIED BY ‘password’;
//安裝apache擴展
yum -y install httpd-manual mod_ssl mod_perl mod_auth_mysql
//安裝php的擴展
yum install php-gd
yum -y install php-gd php-xml php-mbstring php-ldap php-pear php-xmlrpc
//安裝mysql擴展
yum -y install mysql-connector-odbc mysql-devel libdbi-dbd-mysql
6月 17th, 2008 由 傻仔仔 發表 於 11:06 am
引擎.它主要是用于Web應用程序所以也可以叫做Web應用程序防火牆.它可以作為Apache Web服務器的一個模塊或單獨的應用程序來運行.ModSecurity的目的是為增強Web應用程序的安全性和保護Web應用程序避免遭受來自已知與未知的攻擊.
該項目主頁:http://www.modsecurity.org/
轉自:http://www.open-open.com/open109925.htm
4月 30th, 2008 由 傻仔仔 發表 於 03:04 pm
在httpd.conf加入
#LoadModule speling_module modules/mod_speling.so 請先把最頭的# 移除
加入 CheckSpelling on
重新啟動apache 就可以了
1月 10th, 2008 由 傻仔仔 發表 於 12:01 pm
世界上還真多無聊人士,吃飽就想如何攻擊別人的網站, 一種常見的攻擊是貼廣告或是莫名其妙的留言,這些都是要廣告特定的 URL,這都是小問題,但另有一種刻意要癱瘓網站的攻擊,常見的作法就是發動很多很多的用戶端要求,持續讓網站窮於應付,用掉資源(CPU的資源, socket的資源,頻寬的資源…),而使得網站無法服務正常的使用者,這就是所謂的 DoS — Denial of Service 攻擊,稱為阻絕服務攻擊。
針對 DoS 攻擊,官方的 Apache 本身並沒有提供解決之道,現在找到的是一個 3rd party 的模組,mod_evasive, 用以下原理防治: Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
- Requesting the same page more than a few times per second
- Making more than n concurrent requests on the same child per second
- Making any requests while temporarily blacklisted (on a blocking list)
它的 README 寫對付 DDoS — Distributed DoS 也有效
以下說明一下安裝及設定過程:
下載地址:http://www.zdziarski.com/projects/mod_evasive/
$ wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
$ tar zxvf mod_evasive_1.10.1.tar.gz
$ cd mod_evasive
$ /usr/sbin/apxs -cia mod_evasive20.c
編譯完成後,/usr/lib/httpd/modules/ 下會生成一個 mod_evasive20.so 模組檔
安裝時會自動在 /etc/httpd/conf/httpd.conf 內加入以下內容:
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
以下為設定 mod_evasive20 模組,在 /etc/httpd/conf/httpd.conf 內加入以下內容:
#記錄和存放黑名單的哈西表大小,如果服務器訪問量很大,可以加大該值
DOSHashTableSize 3097
#同一個頁面在同一時間內可以被統一個用戶訪問的次數,超過該數字就會被列為攻擊,同一時間的數值可以在DosPageInterval參數中設置。
DOSPageCount 3
#同一個用戶在同一個網站內可以同時打開的訪問數,同一個時間的數值在DOSSiteInterval中設置。
DOSSiteCount 40
#設置DOSPageCount中時間長度標準,默認值為1。
DOSPageInterval 2
#DOSSiteInterval 2 設置DOSSiteCount中時間長度標準,默認值為1。
DOSSiteInterval 2
#被封時間間隔秒,這中間會收到 403 (Forbidden) 的返回。
DOSBlockingPeriod 10
#設置受到攻擊時接收攻擊信息提示的郵箱地址。
#DOSEmailNotify you@yourdomain.com
#受到攻擊時Apache運行用戶執行的系統命令
#DOSSystemCommand 「su - someuser -c 『/sbin/… %s …』」
#攻擊日誌存放目錄,BSD上默認是 /tmp
#DOSLogDir 「/var/lock/mod_evasive」
完成之後, restart httpd 即可
$ service httpd restart
可以利用 安裝目錄內的 test.pl 測試看看結果
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
恩,不錯有效果!
10月 10th, 2007 由 傻仔仔 發表 於 02:10 am
10月 10th, 2007 由 傻仔仔 發表 於 02:10 am
Apache will lock the log file and syslog also cannot rotate it.
so we need a program cronolog
1. download most update version from http://cronolog.org/
2. unzip the file
3. ./configure
4. make
5. make install
6. configure the apache
CustomLog “|/usr/sbin/cronolog /var/www/logs/domain.com-access_log.%Y%m%d” common
ErrorLog “|/usr/sbin/cronolog /var/www/logs/domain.com-error_log.%Y%m%d”
7. restart apache
8. Done
10月 9th, 2007 由 傻仔仔 發表 於 01:10 am
#DocumentRoot “C:/Program Files/Apache Group/Apache2/htdocs”
DocumentRoot “D:/vss” #修改root文件夾
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the “default” to be a very restrictive set of
# features.
#
繼續讀取 ‘apache限制ip和用戶認證的混合使用’
10月 9th, 2007 由 傻仔仔 發表 於 01:10 am
<Directory "/vhost dir/">
Options Indexes FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 172.16.0.0/255.255.0.0
</Directory>
10月 9th, 2007 由 傻仔仔 發表 於 01:10 am
######## Preventing Image ‘Theft’ ########
SetEnvIfNoCase Referer “^http://(.)+\.vincent\.idv\.hk/” local_ref=1
SetEnvIfNoCase Referer “-” local_ref=1
######## Allow the LOGO image Theft ##########
SetEnvIf Request_URI “/images/logo(.)+” local_ref=0
<FilesMatch “\.(png|gif|jpg)”>
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>
參考文檔:
Preventing Image ‘Theft’ By: Ken Coar
Preventing hot linking of images by JavaScript Kit
SetEnvIfNoCase 和 SetEnvIf 的說明文檔
http://httpd.apache.org/docs-2.0/mod/mod_setenvif.html#setenvif
10月 9th, 2007 由 傻仔仔 發表 於 01:10 am
限制並發數
下載模塊:
到官方網址: http://www.nowhere-land.org/programs/mod_vhost_limit/下載模塊
http://www.nowhere-land.org/programs/mod_vhost_limit/mod_vhost_limit-0.4.tar.gz
繼續讀取 ‘Apache 限制同時連線數量’
