Advance Apache Security – mod_proxy,mod_security and mod_evasive

Earlier to this post we have talked ’bout apache server installation for best performance and securing the server using tcp wrappers and iptables filrewall, let’s take the whole discussion one step further and talk ’bout application security hosted on your web server.

As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. Apache web server it self provides solution of the problem to a great extent, provided it’s loaded with some specific modules. (more…)

Apache Log Rotation

The Apache access log file typically grows 1 MB or more per 10,000 requests. It will consequently be necessary to periodically rotate the log files by moving or deleting the existing logs. This cannot be done while the server is running, because Apache will continue writing to the old log file as long as it holds the file open. Instead, the server must be restared after the log files are moved or deleted so that it will open new log files. By using a graceful restart, the server can be instructed to open new log files without losing any existing or pending connections from clients. However, in order to accomplish this, the server must continue to write to the old log files while it finishes serving old requests. It is therefore necessary to wait for some time after the restart before doing any processing on the log files. A typical scenario that simply rotates the logs and compresses the old logs to save space is: (more…)

Apache Performance Tuning

After having a word ’bout solving memory leak by apache, let’s digg more ’bout the various apache performance issues. Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU etc. But most of the time, the same result can be achieved by custom configuration of the server. (more…)

SOLVING APACHE MEMORY BOTTLENECK

Recently i have posted ’bout how to configure Apache, php and MySQL, as i have already talked, it’s quite common, we don’t bother ’bout the small details like ’cause of apache memory leak’ during configuring apache, php and MySQL in absence of which the performance of the server could really drop down to worst. The idea behind this post is to draw attention towards some of those important but commonly missed details during and after configuration of the server, obviously to avoid conflicts later on. (more…)

Configure Apache

This section describes how to configure Apache. This section is a continued part of the my previous weblog Configuring Apache php and MySQL, and could be useful for any apache configuration. In this section i’m going to talk ’bout various configuration options that we could use with apache installation according the application needs. As i have already describes default compilation of apache doesn’t include some of the modules that could be required for most of the web 2.0 rich applications. Below are the some options and their description, which are disables by default and that we need for such applications.
(more…)