Showing posts from December, 2013

Basic security for Apache

At production environment, it is not wise to show Apache server version. Edit /etc/httpd/conf/httpd.conf ServerSignature Off ServerTokens Prod TraceEnable off sed -i -e '/ServerSignature/ s/On/Off/' /etc/httpd/conf/httpd.conf sed -i -e '/ServerTokens/ s/OS/Prod/' /etc/httpd/conf/httpd.conf echo "TraceEnable off" >> /etc/httpd/conf/httpd.conf

How to setup squid proxy server

This note provides how to setup squid proxy service. Install squid proxy yum -y install squid Allow access sed -i -e '/http_access allow/a #Allow access for localnet\nhttp_access allow localnet' /etc/squid/squid.conf Change port to 8080 sed -i -e '/http_port/ s/3128/8080/g' /etc/squid/squid.conf Other tuning parameters cat >> /etc/squid/squid.conf <<EOF request_header_access Referer deny all request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Cache-Control deny all visible_hostname forwarded_for on EOF Open firewall sed -i -e '/#Add custom rules below/a #Squid proxy\n-A INPUT -m state --state NEW -p tcp --dport 8080 -j ALLOWED_IPS' /etc/sysconfig/iptables service iptables reload Make sure service start upon system startup chkconfig squid on service squid start Install squid report-lightsquid service yum -y install lightsquid lightsquid-apache Open