Locking down Apache 2 on a Windows 2003 System
This is a discussion on Locking down Apache 2 on a Windows 2003 System within the Apache Web Server forums, part of the Web Server and Related Forums category; I am looking for the best way or practices to lock down Apache 2 running on a Windows 2003 server. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-06-2006
|
|||
|
|||
Locking down Apache 2 on a Windows 2003 System
I am looking for the best way or practices to lock down Apache 2
running on a Windows 2003 server. At the moment all I have installed system wise is Apache 2, PHP5, MySQL5. IIS 6 in not even installed on the system. What I would like to have happen is once a person connects to the site, it prompts them for a sign on (user name and password) if they don't get it correct, it will bounce them to another site. |
|
02-06-2006
|
|||
|
|||
|
Re: Locking down Apache 2 on a Windows 2003 System
Matthew wrote:
> I am looking for the best way or practices to lock down Apache 2 > running on a Windows 2003 server. At the moment all I have installed > system wise is Apache 2, PHP5, MySQL5. IIS 6 in not even installed on > the system. What I would like to have happen is once a person connects > to the site, it prompts them for a sign on (user name and password) if > they don't get it correct, it will bounce them to another site. Take a look on mod_auth: http://httpd.apache.org/docs/2.0/mod/mod_auth.html in combination with ErrorDocument 403 http://example.com may be use this directives inside a <Location /> or <Directory /> container. -- Robert |
|
02-06-2006
|
|||
|
|||
|
Re: Locking down Apache 2 on a Windows 2003 System
|
|
02-06-2006
|
|||
|
|||
|
Re: Locking down Apache 2 on a Windows 2003 System
Thanks, Robert, Mike
I was hoping to use something other then that, but looking into it more, it looks like that will be the best way of doing it. One question I do have, and perhaps you have experience with this, because mod_auth sends the password as plain text, I would like to use SSL to encrypt the data stream. Do you have any experience with doing this on a windows 2003 system? |
|
02-06-2006
|
|||
|
|||
|
Re: Locking down Apache 2 on a Windows 2003 System
Matthew wrote:
> I was hoping to use something other then that, but looking into it > more, it looks like that will be the best way of doing it. One > question I do have, and perhaps you have experience with this, because > mod_auth sends the password as plain text, May be mod_auth_digest is an option? http://httpd.apache.org/docs/2.0/mod...th_digest.html -- Robert |
|
02-06-2006
|
|||
|
|||
|
Re: Locking down Apache 2 on a Windows 2003 System
Perhaps, I will have to look into it. Thanks for the links.
It's a pain, I want to set up my own personal site for myself and friends but at the same time I don't want anyone else knowing that it exists, so if the manage to stumble upon it, I want to make whoever is trying to gain access to the site's life as difficult as possible. One of the reasons why I was thinking of encapsulating the mod_auth into an SSL is because I want them to only have to log in once for all the apps on the server. If the username and password are transmitted in plain text, anyone with a packet sniffer could get it. |
Linear Mode
