Linux Format

Security features

Can we host a site safely?

-

When we start our web server and test local pages, we are the only ones accessing our website with port 80. However, as soon as deploy a site online, we need to take security more seriously since our router will forward port 80, so outside users can access the site. Let’s do a quick run-through of our web servers and see what changes we need to make.

With a default Apache installati­on, we should make several changes; like installing the mod_security module and making several changes to the /etc/apache2/conf-enabled/security. conf and /etc/apache2/apache2.conf files. With the /etc/ apache2/conf-enabled/security.conf file, we should uncomment ServerSign­ature Off and ServerToke­ns Prod. We can also edit the apache2.conf file to turn off directory browsing and limit large requests to protect from denial-of-service attacks.

With Nginx, we can open the file /etc/nginx/nginx.conf and set server_tokens off to hide the server version. In addition, we have the ability to restrict pages by IP so our admin accounts are bullet-proof. We can also chip away at the default config file.

Openlitesp­eed is very good at controllin­g files by default. We had to edit the config file to be able to use subfolders and so on. To add more layers of protection, we can install mod_security module and use bandwidth and connection throttling.

With Lighttpd, we can edit the lighttpd.conf file to our liking. Thus, we can set numbers for max connection­s, max keep alive, SSL, max connection­s per IP and prevent image hijacking.

Tomcat needs quite a few configurat­ion adjustment­s to deploy a live website. We can hide the server header, enable SSL/TLS and enforce HTTPS. We can also not run Tomcat as root, disable the SHUTDOWN port, disable sending of the X-Powered-By HTTP header, disable Tomcat from displaying directory listings and limit the availabili­ty of connector.

In addition, we should change our php.ini file with expose_php = Off. For further testing, we can always install wapiti and other monitoring tools like Monit to test and monitor our local websites. Going a step further, we can use Kali Linux and perform penetratio­n testing. VERDICT Apache 8/ 10 Tomcat 7/ 10 Nginx 9/10 Openlitesp­eed 7/ 10

Lighttpd 9/ 10

Config files for Nginx, Lighttpd and Apache make it easy to add more security.

?? ?? Simple editing and uncommenti­ng lines for a main server config file will help to tighten up security for your website deployment.
Simple editing and uncommenti­ng lines for a main server config file will help to tighten up security for your website deployment.

Newspapers in English

Newspapers from Australia