Tag: apache

Racktable, Apache+LDAP authentication

Post author By Arun N.
Post date June 14, 2011
No Comments on Racktable, Apache+LDAP authentication

Login to the Rack tables as admin:

Add the following line under configuration–> permission

allow {$tab_default}

* This is for read only account, assign extra permissions if required

Configure Apache + LDAP

< Directory /var/www/racktables > Options +Indexes FollowSymLinks MultiViews DirectoryIndex index.php AuthName "Rack Tables" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldaps://ldaphost.com/dc=company,dc=com?uid?sub?(objectClass=< depends_on_ldap >)"

# Bind if required AuthLDAPBindDN "uid=userid,ou=people,dc=company,dc=com" AuthLDAPBindPassword "xxxxxx" AuthLDAPGroupAttribute uniqueMember AuthLDAPGroupAttributeIsDN on require ldap-group cn=group_name,dc=company,dc=com require ldap-attribute cn=group-name-allowed < /Directory >

* Most of LDAP configs based on your setup

Configure Rack Tables:

Edit the inc/secret.php

Set :

$user_auth_src = 'httpd'; $require_local_account = FALSE;

NOTE: to get the logout working properly make sure the Apache AuthName matches with the one configured for Rack tables authentication.

Referene : http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide

Reference

./arun

Tags apache, LDAP, Racktables

apache Linux

Hardening Apache webserver

Post author By Arun N.
Post date January 6, 2010
No Comments on Hardening Apache webserver

Tips to harden apache webserver:

Disable weak SSLV2 siphers
edit ssl.conf and add
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP

Restrict apache to giveout minimum informations
Edit httpd.conf and change
ServerTokens ProductOnly

Disable track and trace in every virtual hosts
LoadModule rewrite_module modules/mod_rewrite.so RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]

Always better to configure apache to Loan minimal/required modules and include only necessary config files.

./arun

Tags apache, disable weak cipher, hardening apache, securing apache, webserver

apache Linux

[Resolved] mixing * ports and non-* ports with a NameVirtualHost address is not supported

Post author By Arun N.
Post date January 1, 2010
No Comments on [Resolved] mixing * ports and non-* ports with a NameVirtualHost address is not supported

If you happend to see this error in apache logs,

– mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results

Check your apache configuration, to make sure that there is no VirtualHost defined without port numbers like : <VirtualHost 127.0.0.1>, if existing fix it with port number.

Tags apache, virtual host