No Image

apache 2.4 mod_remoteip for get real ip on AWS ELB

2017-06-08 KENNETH 0

1. Load Module <IfModule mod_remoteip.c> RemoteIPHeader X-Forwarded-For </IfModule>   2. Change Log Format If using ”common” ORG : LogFormat ”%h %l %u %t \”%r\” %>s %b” common CHANGE : LogFormat ”%a %l %u %t \”%r\” %>s %b” common changet ”%h” to ”%a”

No Image

Mozilla SSL Configuration Generator

2016-10-14 KENNETH 0

URL : https://mozilla.github.io/server-side-tls/ssl-config-generator/   웹서버,openssl 버전 별로 SSL 설정을 자동화 해서 안내 해줌… 세상에 이걸 첨 알다니.. ㅋㅋㅋㅋㅋㅋ   샘플로 한번 해보자면 1. httpd-2.4 & openssl-1.0.1e <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security "max-age=15768000" … </VirtualHost> # modern configuration, tweak to your needs SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000)   2. httpd-2.2 & openssl-1.0.1e <VirtualHost *:443> … SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication #SSLCACertificateFile /path/to/ca_certs_for_client_authentication # HSTS (mod_headers is required) (15768000 seconds = 6 months) Header always set Strict-Transport-Security [ more… ]

No Image

$_SERVER[‘SERVER_SOFTWARE’]=’Apache’ in wp-config.php

2016-06-23 KENNETH 0

어떤 이유에서건 <? echo $_SERVER&#91;’SERVER_SOFTWARE’&#93;; ?> 의 결과가 ”Apache” 가 출력되지 않는다면 워드프레스의 일부 기능에 문제가 발생.. permalink 설정을 하더라도 index.php 가 항상 포함된다던가.. 그 외의 다른 오류도 발생할 수 있다던가… 보안을 위해 mod_security 같은 설정에서 서버정보를 다른 것으로 출력되게 하는 경우에도.. 마찬가지 결과를 가져옴   wp-config.php 파일에 아래와 같은 내용을 추가해라… $_SERVER[‘SERVER_SOFTWARE’]=’Apache’;

No Image

Apache Tomcat Versions – Which Do I Want?

2016-06-23 KENNETH 0

출처 : http://tomcat.apache.org/whichversion.html   Apache Tomcat Versions Apache Tomcat® is an open source software implementation of the Java Servlet and JavaServer Pages technologies. Different versions of Apache Tomcat are available for different versions of the Servlet and JSP specifications. The mapping between the specifications and the respective Apache Tomcat versions is: Servlet Spec JSP Spec EL Spec WebSocket Spec JASPIC Spec Apache Tomcat version Actual release revision Supported Java Versions 4.0 TBD (2.4?) TBD (3.1?) TBD (1.2?) 1.1 9.0.x 9.0.0.M8 (alpha) 8 and later 3.1 2.3 3.0 1.1 1.1 8.5.x 8.5.3 7 and later 3.1 2.3 3.0 1.1 N/A 8.0.x (superseded) 8.0.35 (superseded) 7 and later 3.0 2.2 2.2 1.1 N/A 7.0.x 7.0.70 6 and later (7 and later for WebSocket) 2.5 2.1 2.1 N/A N/A 6.0.x 6.0.45 5 and later 2.4 2.0 N/A N/A N/A 5.5.x (archived) 5.5.36 (archived) 1.4 [ more… ]

No Image

mod_rpaf on aws elb

2016-06-17 KENNETH 0

AWS ELB 사용시… 리얼서버의 아파치에는 ELB 장비의 아이피(10.0.X.X 등의 내부 아이피로 구성된)가 찍히게 됨.. X-Forwarded-For 를 이용해야 하는데.. 아이피가 상당히 많기 때문에.. 대역으로 처리를 해줘야함… 당연히 10.0.0.0/255.255.255.0 10.0.0.0/24 처럼 사용할 줄 알았는데…   <IfModule mod_rpaf-2.0.c> RPAFenable On RPAFsethostname On RPAFproxy_ips 10. RPAFheader X-Forwarded-For </IfModule>   이렇다고함… ;;;