Category Archives: Apache,Http,ssl

Heartbleed & KRL

TweetOn 7th April, Heartbleed(CVE-2014-0160) shook both the tech-savvy world and the end-users alike. Majority of us use OpenSSL for one or the other reason. If it’s any version of OpenSSL from 1.0.1 through 1.0.1f, released between December 2011 & April 2014, then consider that you have already got compromised with security keys, private keys, passwords… Read More »

>HTTP Pipelining vs SPDY multiplexing

Tweet> I enabled http pipelining in my Firefox browser by typing about:config in address bar and then setting “network.http.pipelining” to “true”.  HTTP pipelining allow multiple http request from single TCP connection without waiting for corresponding response. There is one limitation of http pipelining that the server still has to return the responses one at a time… Read More »

>HTTP Basic Authentication

Tweet> We can discover authentication mechanism used by a web application.  Until a sophisticated authentication mechanism decided to apply, the two most commonly web authentication methods are HTTP Authentication  andForm based authentication  HTTP Authentication could be Basic Access Authentication and Digest Access Authentication . Let us understand Basic Access Authentication , Suppose there is a resource… Read More »

>Ensure High Security over https

Tweet> May be you heard about  cipher strength of https connection . As we all aware in first stage https makes asymmetric connection and then in further stages https use symmetric encryption by negotiating an symmetric key and algorithm . Information passed over https use symmetric encryption not  asymmetric encryption. I mean to say after asymmetric public-key handshake data… Read More »

>Redirect http to https

Tweet> Suppose you have a requirement to divert your http traffic to https. There are many ways to achieve this , but as a Apache web administrator i prefer to apply following Rewrite rule for my site RewriteEngine OnRewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://abc.com/$1 [R,L] Here in above example example site is abc.com

>Caching Configuration in Apache

Tweet>The goad of caching in Apache could be -Reduce Number of request in man cases -Eliminate need to send full response in many cases For former we use Expiration mechanism and for later we use validation mechanism. For Apache mod_expires and mod_headers handles cache control through http headers. mod_expires module control setting of expires and cache-control… Read More »

>Prevent DDOS attack on web site

Tweet> There can a number of idea to prevent Distributed Denial of Service attack on website . Here i am sharing a basic idea that i use now a days to mitigate DDOS from malicious web crawler .As I noticed when a malicious crawler access web site we found  log entry  by a  particular User… Read More »

>http traffic load

Tweet> On some occasion , we need to calculate http traffic of our system. Although there are a number of tools and utilities but i avoid to install and use them in small size set-up.  I decided to use tcpdump command ,  tcpdump command is very useful command that help to decode network traffic. For example… Read More »

>Hack Attempt

Tweet> Today i noticed ../../../../../../../../. entries in my access log file of one of my web site. I wonder is it a hack attempt ? If some hacker trying to doing scanning to find vulnerability of my system?   Yes my doubt was genuine , It was a hack attempt. It was Local File Intrusion vulnerability. The attempt… Read More »

>VirtualHosts and SSL

Tweet> Due to limitation of SSL protocol, It is impossible to host more than one SSL Virtualhosts on the same ip address and port. The limitation of SSL protocol is that. Apache needs to know the name of host in order to select correct certificate.  The name of host part encapsulated inside HTTP Request Header… Read More »