Apache 2.2.x security tricks (CentOS)

[NewEraCracker]

1. Install httpd-devel and gcc:
   
   Code: 

   yum install httpd-devel gcc

2. Download this modules (you'll need the .c files)
   mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238
   mod_antiloris: http://www.apachelounge.com/viewtopic.php?t=4222
   mod_reqtimeout: https://github.com/apache/httpd/blob...d_reqtimeout.c
   
3. Upload those files to your server (secure ftp via ssh port should be a good way to do so).
   
4. Build and install the modules
   
   Code: 

   apxs -cia mod_allowmethods.c
   apxs -cia mod_antiloris.c
   apxs -cia mod_reqtimeout.c

5. Configure it
   Go to /etc/httpd/conf.d and add a file named 3rdparty.conf with:
   
   Code: 

   TraceEnable Off
   
   <Directory />
       LimitRequestBody 8388608
       <IfModule allowmethods_module>
           AllowMethods GET HEAD OPTIONS POST
       </IfModule>
   </Directory>
   
   <IfModule antiloris_module>
       IPReadLimit 20
   </IfModule>
   
   <IfModule reqtimeout_module>
       RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
   </IfModule>

   Please note that LimitRequestBody will disallow uploading/posting more than 8MB (8388608 bytes) but for most websites it should be ok.

Enjoy

If running cPanel you have to run after installing the module:

Code: 

/usr/local/cpanel/bin/apache_conf_distiller --update

NewEraCracker Reviewed by NewEraCracker on 5th Nov 2011. Apache 2.2.x security tricks (CentOS) Install httpd-devel and gcc: yum install httpd-devel gcc Download this modules (you'll need the .c files) mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238 mod_antiloris: http://www.apachelounge.com/viewtopic.php?t=4222 mod_reqtimeout: https://github.com/apache/httpd/blob/2.2.x/modules/filters/mod_reqtimeout.c Upload those files to your server (secure ftp via ssh port should be a good way to do so). Rating: 5