×
Community Blog How to Safeguard Apache Web Server on Ubuntu

How to Safeguard Apache Web Server on Ubuntu

In this article, you will get some information on the safeguard of your Apache web server hosted on Alibaba Cloud against DDoS and brute-force attacks.

Apache is the cornerstone of modern web servers and is a powerful software solution for a large percentage of today's internet economy.

According to a July 2018 research published by w3techs, Apache has a market share of around 45.9%. That being said, Apache web server is targeted by most attackers. The software is secure out-of-the-box but you can still harden it with some additional modules.

One of the most common methods of securing your Apache web server hosted on Alibaba Cloud is installing ModEvasive. This is a highly intelligent Apache module that provides evasive actions against Distributed Denial of Service and Brute Force attacks.

In this guide, we will show you how to safeguard your Apache web server hosted on Alibaba Cloud Elastic Compute Service (ECS) against DDoS and brute-force attacks.

Setup Apache Web Server

The next step is installing Apache web server. You can skip this command if you have already installed the software on your system.

$ sudo apt-get install apache2

Press Y and hit Enter when prompted to confirm the installation.

You can always check if Apache is working by entering your server's public IP address on a web browser.

http://ip_address

Creating ModEvasive Log Directory

By default, the log directory specified on the configuration file is not created when ModEvasive is installed. We need to create this folder using Linux mkdir command:

$ sudo mkdir /var/log/mod_evasive 

Then, since Apache runs under the www-data user, we should give full ownership of the directory to the web server using the chown command:

$ sudo chown -R www-data:www-data /var/log/mod_evasive

You can now restart Apache for the changes to take effect.

$ sudo systemctl restart apache2

Testing ModEvasive

ModEvasive makes things easy because it comes with a built-in Perl script that you can run on your Alibaba Ubuntu 16.04 ECS instance to see if the module is working.

The script is located on the path /usr/share/doc/libapache2-mod-evasive/examples/test.pl.

For some reason, if you run the script without making any changes to it, you will get a bad request error. To rectify the problem, we need to edit the Perl script file using a nano editor;

$ sudo nano /usr/share/doc/libapache2-mod-evasive/examples/test.pl

Locate the line:

print $SOCKET "GET /?$_ HTTP/1.0\n\n"; 

And change it to:

print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";

Press CTRL + X, Y and Enter to save the file.

We can now run the Perl script by typing the command below:

$ sudo perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

If ModEvasive is working, you should see the below output:

...
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
..

This means that ModEvasive allowed us to access the server 10 times before blocking our IP address (127.0.0.1)

You may run the below command to see if ModEvasive was able to record the intrusion on the log directory:

$ sudo ls -a /var/log/mod_evasive

You should see the output below:

 .  ..  dos-127.0.0.1

Also you can check the content of Apache error log file to confirm the same:

$ sudo tail /var/log/apache2/error.log

You will get the output as shown below:

...
[evasive20:error] [pid 31967] [client 127.0.0.1:43954] client denied by server configuration: /var/www/html/.
...

This means ModEvasive is working as expected. And if you would like to know how to install and configure ModEvasive, you can go to see this tutorial.

Related Blog Posts

How to Setup Hadoop Cluster Ubuntu 16.04

In this tutorial, we will learn how to setup an Apache Hadoop on a single node cluster in an Alibaba Cloud Elastic Compute Service (ECS) instance with Ubuntu 16.04.

How to Install and Configure Seafile on Ubuntu 16.04

Seafile is a free, open source and cross-platform file storage system similar to Dropbox. It is used for sharing and syncing files between users and groups. It can be easily integrated with LDAP and WebDAV. It supports file versioning, snapshots and two-factor authentication. You can deploy it with MySQL, MariaDB, PostgreSQL, Apache and Nginx web server. Files are stored on Seafile server and can be synchronized with personal computers and mobile devices through apps. You can also access and manage Seafile through a web browser.

Related Market Product

LAMP Stack(Apache PHP5.6 MySQL5.6) on Ubuntu16

This image is built with Ubuntu16.04 64bit and bundled with following popular software for web service solution. It includes ready-to-run versions of Apache, MySQL, PHP and phpMyAdmin and all of the other software required to run each of those components. Optimized to add your security concern.

Related Documentation

Harden Apache service security

In this article, you can get some information on how to harden Apache service security for web applications.

[Vulnerability notice] Multiple Apache httpd vulnerabilities

On June 19, 2017, it was revealed that Apache httpd has multiple vulnerabilities, CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, and CVE-2017-7679. These vulnerabilities are highly risky.

Related Products

Anti-DDoS Pro

Alibaba Cloud Anti-DDoS Pro is a paid service that features a set of high-defensive IPs, and acts as a protective barrier for the origin. It safeguards network servers under high volume DDoS attacks. After configuring the high defensive IPs for the network servers, all traffic passes through the Anti-DDoS Pro instance before rerouting to the origin.

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.

Related Course

Use Anti-DDoS Basic and Pro to Defend DoS Attack

The network is the only entry point for all cloud services. Network attacks, especially denial of service attacks, are the most diverse and harmful, and one of the most difficult to protect against network risks. This course is designed to help students understand the principles of DoS attacks in a minimum amount of time and learn common protection methods and Alibaba Cloud Anti-DDoS protection solutions to minimize or reduce the risk of network layer attacks, protect your cloud network security.

0 0 0
Share on

Alibaba Clouder

2,599 posts | 764 followers

You may also like

Comments