notas:apache
Diferencias
Muestra las diferencias entre dos versiones de la página.
Ambos lados, revisión anteriorRevisión previaPróxima revisión | Revisión previaPróxima revisiónAmbos lados, revisión siguiente | ||
notas:apache [2010/02/10 14:09] – cayu | notas:apache [2011/10/19 19:24] – [Autenticacion LDAP] cayu | ||
---|---|---|---|
Línea 32: | Línea 32: | ||
+ | ===== Auto Autenticar Usuario ===== | ||
+ | |||
+ | A veces necesitamos que cierta aplicación web o un directorio en particular crea que esta autenticado con " | ||
+ | |||
+ | |||
+ | < | ||
+ | RewriteBase / | ||
+ | RewriteRule / | ||
+ | </ | ||
+ | ===== Redireccionar de HTTP a HTTPS ===== | ||
+ | |||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https:// | ||
+ | </ | ||
+ | |||
+ | ===== Autenticacion LDAP ===== | ||
+ | |||
+ | Fragmento de configuración para Nagios | ||
+ | |||
+ | < | ||
+ | LDAPSharedCacheSize 200000 | ||
+ | LDAPCacheEntries 1024 | ||
+ | LDAPCacheTTL 600 | ||
+ | LDAPOpCacheEntries 1024 | ||
+ | LDAPOpCacheTTL 600 | ||
+ | |||
+ | ScriptAlias / | ||
+ | |||
+ | < | ||
+ | SSLRequireSSL | ||
+ | Options ExecCGI | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | AuthType | ||
+ | AuthName | ||
+ | AuthBasicProvider ldap | ||
+ | AuthLDAPURL " | ||
+ | AuthLDAPURL " | ||
+ | AuthLDAPBindDN uid=ldapadmin, | ||
+ | AuthLDAPBindPassword 123456 | ||
+ | Require valid-user | ||
+ | Require group cn=linux-admin, | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Autenticacion contra dos LDAP diferentes ===== | ||
+ | |||
+ | < | ||
+ | < | ||
+ | AuthLDAPBindDN usuarioconsulta@dominio.net | ||
+ | AuthLDAPBindPassword password | ||
+ | AuthLDAPURL ldap:// | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | AuthLDAPBindDN usuarioconsulta@segundodominio.net | ||
+ | AuthLDAPBindPassword password | ||
+ | AuthLDAPURL ldap:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | |||
+ | ServerName | ||
+ | ServerAlias | ||
+ | |||
+ | DocumentRoot / | ||
+ | |||
+ | < | ||
+ | AuthBasicProvider ldap-dominio ldap-segundodominio | ||
+ | AuthType Basic | ||
+ | AuthName LDAP_Protected_Place | ||
+ | AuthzLDAPAuthoritative off | ||
+ | AuthName "Wiki Access" | ||
+ | Options All | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | SSLRequireSSL | ||
+ | AllowOverride None | ||
+ | Require valid-user | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== Seguridad ===== | ||
+ | En el blog sherekan http:// | ||
+ | |||
+ | **/ | ||
+ | < | ||
+ | # | ||
+ | # Disable access to the entire file system except for the directories that | ||
+ | # are explicitly allowed later. | ||
+ | # | ||
+ | # This currently breaks the configurations that come with some web application | ||
+ | # Debian packages. It will be made the default for the release after lenny. | ||
+ | # | ||
+ | #< | ||
+ | # | ||
+ | # Order Deny,Allow | ||
+ | # Deny from all | ||
+ | #</ | ||
+ | |||
+ | # Changing the following options will not really affect the security of the | ||
+ | # server, but might make attacks slightly more difficult in some cases. | ||
+ | |||
+ | # | ||
+ | # ServerTokens | ||
+ | # This directive configures what you return as the Server HTTP response | ||
+ | # Header. The default is ' | ||
+ | # and compiled in modules. | ||
+ | # Set to one of: Full | OS | Minimal | Minor | Major | Prod | ||
+ | # where Full conveys the most information, | ||
+ | # | ||
+ | # En Prod no mostramos ninguna info de version ni nada | ||
+ | ServerTokens Prod | ||
+ | |||
+ | # | ||
+ | # Optionally add a line containing the server version and virtual host | ||
+ | # name to server-generated pages (internal error documents, FTP directory | ||
+ | # listings, mod_status and mod_info output etc., but not CGI generated | ||
+ | # documents or custom error documents). | ||
+ | # Set to " | ||
+ | # Set to one of: On | Off | EMail | ||
+ | # | ||
+ | # No mostrar info de version ni nada | ||
+ | ServerSignature Off | ||
+ | |||
+ | # | ||
+ | # Allow TRACE method | ||
+ | # | ||
+ | # Set to " | ||
+ | # diagnostic purposes). | ||
+ | # | ||
+ | # Set to one of: On | Off | extended | ||
+ | # | ||
+ | TraceEnable Off | ||
+ | </ | ||
+ | |||
+ | **/ | ||
+ | < | ||
+ | expose_php = Off | ||
+ | </ |
notas/apache.txt · Última modificación: 2015/11/20 17:54 por cayu