Apache Secure Web Server

Threats to a web server

Main hazards/threats to a web server are:
  • Profiling
  • Denial of service
  • Unauthorized access
  • Arbitrary code execution
  • Elevation of privileges
  • Viruses
  • Worms
  • Trojan horses
1. Profiling
  • Profiling is an exploratory process used by the attacker to collect information about web site.
  • An attacker uses this information to know the weak points of the web site.
Common attacks used for profiling include:
1. Port scans
2. Ping sweeps
3. NetBIOS and server message block (SMB) enumeration

2. Denial of Service
  • This attacks occurs when your server is overloaded by service requests.
  • The hazard is that your web server becomes too busy to respond the legitimate client requests.
Common Denial of Service attacks include:
1. Network-level SYN floods
2. Buffer overflows
3. Flooding the Web server with requests from distributed locations

3. Unauthorized access
  • It occurs when a user without right permission gains access to restricted information.
4. Arbitrary code execution
  • This attack occurs when an attacker runs malicious code on the server.
  • In code execution, there are attacks which hack the server resources or make additional attacks against the sub systems.
Common code execution attacks include:
1. Path traversal
2. Buffer overflow leading to code injection

5. Viruses
  • These programs are designed to perform malicious acts.
  • It cause disruption to the operating system and applications.
6. Worms
  • These programs are self-replicating and self-sustaining.
7. Trojan horses
  • These programs appear to be useful but damage the applications.

Editing ssl.conf configuration file

The ssl.conf file or ssl-httpd.conf file holds security related directives.

Steps to edit and configure ssl.conf file
  • Open ssl.conf file using a text editor.
  • Default location of this file in

    a) Linux - /usr/local/apache/etc
    b) Windows – C:\Program Files\ Apache Software Foundation\Apache2.2\conf.extra

  • Create a backup of ssl.conf file by simply copying the this file into another text editor file and save this file as ssl.confold.
  • Open file and remove '#' sign from start point of the lines.
  • Listen 565
    ServerName <your_server_name>:565
    SSLEngine on
    SSLCertificate /<path to><your_SSL_Certificate>.crt
    SSLCertificateKeyFile /<path to><*.key file created with CSR>.key
    SSLCertificateChainFile /<path to>qvsslica.crt
    SSLCACertificateFile /<path to>qvrca2.crt

  • Save ssl.conf file after making the changes.
  • Locate httpd.conf file and open it using a text editor like notepad or “vi editor”.
  • Create backup of httpd.conf file by simply copying this file into another text editor file and save this file as httpd.confold.
  • In httpd.conf file, insert the following line anywhere
  • conf/extra/ssl.conf
  • Save httpd.conf file.
  • Restart Apache Service.