Sometimes we manage PHP applications to our surprise have been hacked, have replaced the home page, added code in the header of the page, malicious code inserted between the application files (for example sending email spam), etc. ..
Leave some pictures:
This type of attack is most likely suffer if our application is relatively popular, WordPress, Joomla, Drupal, etc …
The safety improvement plan includes the processes:
We go step by step:
Recently a client has requested a securized installation around the information circuit, that is:
Apache is usually configured with SSL and internal communication between Apache and JBoss is done with the AJP protocol, as follows:
The AJP protocol has the advantage over http, which is a binary instead of text communication, this reduces the bandwidth needed to transmit the same information (it is estimated that the bandwidth required is reduced by 25%).
Let’s configure Apache (on an Ubuntu 12) to allow access to clients with an installed SSL certificate personnel, first we have to create some structures to later work with revocation lists.
The first is to have openssl installed:
ubuntu@ip-10-112-31-82:~$ sudo aptitude install openssl
We will create a directory structure that conforms to the expected paths for the configuration file openssl.cnf:
ubuntu@ip-10-112-31-82:~$ mkdir -p /vol/apache2_certs
ubuntu@ip-10-112-31-82:~$ cd /vol/apache2_certs/
ubuntu@ip-10-112-31-82:/vol/apache2_certs$ sudo cp /etc/ssl/openssl.cnf .
The openssl.cnf file defines a directory structure to work among other things with lists of denial of certificates, will edit and modify the line:
The most basic authentication can be configured on a Apache is access by file, but in this post we will see how to configure Apache to authenticate users against an LDAP.
The advantages are obvious, we can use a centralized authentication LDAP directory, either to validate us in applications or to access the web services of the company.
For the examples we have used a Ubuntu 12.04 and Apache 2.2, the first thing we have to do is install the necessary Apache modules and activate them:
sudo aptitude install libapache2-mod-ldap-userdir
sudo a2enmod authnz_ldap