notas:apache
Diferencias
Muestra las diferencias entre dos versiones de la página.
Ambos lados, revisión anteriorRevisión previaPróxima revisión | Revisión previaPróxima revisiónAmbos lados, revisión siguiente | ||
notas:apache [2010/03/08 18:27] – cayu | notas:apache [2014/09/02 14:38] – [Seguridad] cayu | ||
---|---|---|---|
Línea 29: | Línea 29: | ||
AllowOverride All | AllowOverride All | ||
</ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Auto Autenticar Usuario ===== | ||
+ | |||
+ | A veces necesitamos que cierta aplicación web o un directorio en particular crea que esta autenticado con " | ||
+ | |||
+ | |||
+ | < | ||
+ | RewriteBase / | ||
+ | RewriteRule / | ||
+ | </ | ||
+ | ===== Redireccionar de HTTP a HTTPS ===== | ||
+ | |||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https:// | ||
+ | </ | ||
+ | |||
+ | ===== Autenticacion LDAP ===== | ||
+ | |||
+ | Fragmento de configuración para Nagios | ||
+ | |||
+ | < | ||
+ | LDAPSharedCacheSize 200000 | ||
+ | LDAPCacheEntries 1024 | ||
+ | LDAPCacheTTL 600 | ||
+ | LDAPOpCacheEntries 1024 | ||
+ | LDAPOpCacheTTL 600 | ||
+ | |||
+ | ScriptAlias / | ||
+ | |||
+ | < | ||
+ | SSLRequireSSL | ||
+ | Options ExecCGI | ||
+ | AllowOverride None | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | AuthType | ||
+ | AuthName | ||
+ | AuthBasicProvider ldap | ||
+ | AuthLDAPURL " | ||
+ | AuthLDAPURL " | ||
+ | AuthLDAPBindDN uid=ldapadmin, | ||
+ | AuthLDAPBindPassword 123456 | ||
+ | Require valid-user | ||
+ | Require group cn=linux-admin, | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Autenticacion contra dos LDAP diferentes ===== | ||
+ | |||
+ | < | ||
+ | < | ||
+ | AuthLDAPBindDN usuarioconsulta@dominio.net | ||
+ | AuthLDAPBindPassword password | ||
+ | AuthLDAPURL ldap:// | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | AuthLDAPBindDN usuarioconsulta@segundodominio.net | ||
+ | AuthLDAPBindPassword password | ||
+ | AuthLDAPURL ldap:// | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | CustomLog ${APACHE_LOG_DIR}/ | ||
+ | ErrorLog ${APACHE_LOG_DIR}/ | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | |||
+ | ServerName | ||
+ | ServerAlias | ||
+ | |||
+ | DocumentRoot / | ||
+ | |||
+ | < | ||
+ | AuthBasicProvider ldap-dominio ldap-segundodominio | ||
+ | AuthType Basic | ||
+ | AuthName LDAP_Protected_Place | ||
+ | AuthzLDAPAuthoritative off | ||
+ | AuthName "Wiki Access" | ||
+ | Options All | ||
+ | Order allow,deny | ||
+ | Allow from all | ||
+ | SSLRequireSSL | ||
+ | AllowOverride None | ||
+ | Require valid-user | ||
+ | </ | ||
+ | </ | ||
</ | </ | ||
Línea 82: | Línea 176: | ||
# Set to one of: On | Off | extended | # Set to one of: On | Off | extended | ||
# | # | ||
- | #TraceEnable Off | + | TraceEnable Off |
- | TraceEnable On | + | |
</ | </ | ||
**/ | **/ | ||
< | < | ||
- | expose_php = On | + | expose_php = Off |
+ | </ | ||
+ | |||
+ | ==== Mod Security ==== | ||
+ | |||
+ | Mod Security es un módulo de Apache, que mediante del filtrado de los distintos métodos HTTP (GET, POST, etc) adquiere un comportamiento de Firewall Web, filtrando ataques potenciales a nuestros sitios web. | ||
+ | |||
+ | < | ||
+ | apt-get install libapache-mod-security | ||
+ | a2enmod mod-security | ||
+ | </ | ||
+ | **/ | ||
+ | < | ||
+ | ServerTokens Full | ||
+ | SecServerSignature Servidor HTTP Blablabla 7.0 | ||
</ | </ |
notas/apache.txt · Última modificación: 2015/11/20 17:54 por cayu