Force HTTPS SSL Access for a URL with Apache

Category Archives: Security

Security

Published:: August 6, 2007 – 11:23 am
Author:: By Dave

Force HTTPS SSL Access for a URL with Apache 8

The situation is: you have an web application or URL that you would like to force your users (or yourself) to use the secure https protocol rather than the unencrypted http protocol. This is easy to do with Apache and .htaccess. Create or add to the .htaccess file in the root of the web directory you would like to force redirect for. Add the following lines: 123RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} This says that if https is off, reload the page at the same location using HTTPS instead.

Categories: Configurations,Security,System Administration

Tagged: apache, http, http protocol, SSL, web application, web directory

Published:: August 3, 2007 – 11:45 am
Author:: By Dave

Your Personal Secured Network using Hamachi Comments Off

I’ve been using the VPN Software Hamachi for several years now and thought I would share my experiences with it. Previous to being purchased by LogMeIn, Hamachi was a smaller company which designed this great software. It is now offered in 2 versions, the free “Basic” version and the paid “Premium” version. The premium version is currently around 3.25-4.95 a month, depending on how many licenses you need and how much you pre-pay. The free version gives you basic VPN connectivity and allows you to control smaller networks which is great for your own personal secured network. There are some pretty cool features in the “Premium” version – to see all of them click here. The idea is that you install Hamachi on each of your PCs which you would like to connect to your VPN. In my case, I have my Home PC, my home File Server, my Work….

Categories: Security,Windows

Tagged: file server, LAN, Linux, local area network, LogMeIn, media server, personal secured network, VPN

Published:: July 17, 2007 – 1:14 pm
Author:: By Dave

Converting Public SecureCRT to OpenSSH one line Key Comments Off

When you generate a key pair in SecureCRT, it generates it in this format: —- BEGIN SSH2 PUBLIC KEY —- Subject: dave Comment: “something” ModBitSize: 1024 AAAAB3NzaC1yc2EAAAADAQABAAAAgQDQNXZosE8eAu6t9dsznpimQAXdaqkSmgKAgZ4+ gP9tW/j+wKtsEOBGasp4/AQu89Avscku+zp6lEuy9PCtBt03IdaQwls9GBl67EUzrKM 3NLNscuCt/LAsdjHfjvBL4q0Oh+MsHu0c6G6ltICqYmvAHYNAYBoPJv+0RMvxPdoNQ== —- END SSH2 PUBLIC KEY —- This key if fine, but if you run a linux server such as CentOS, RedHat, Fedora, or many others which use OpenSSH for it’s sshd; then this key does not work in ~/.ssh/authorized_keys. In order to convert this key to the one liner necessary for openssh, first upload it to the server. Either cutting and pasting into your text editor of choice, or uploading the file directly will work. Then run the following command to add this key file to your authorized keys: 1ssh-keygen -i -f /tmp/identity2.pub >> ~/.ssh/authorized_keys You can then log in using your private key. Here is the switch we are using: 1-i Convert IETF SECSH to OpenSSH key file.

Categories: Configurations,Programs,Security,System Administration

Tagged: Linux, linux server, private key, PUBLIC KEY

Published:: June 23, 2007 – 11:06 pm
Author:: By Dave

Google Gmail, Docs, Apps and Reader Secured Comments Off

For Firefox and Opera only: Use the Google Secure Pro Greasemonkey script to force these Google programs to use SSL in your browser. It changes any accesses via http to https which is supported by Google, this secures your connection between your browser and Google’s servers. If you do any type of work using Google’s services where private data is exchanged, I would highly recommend this greasemonkey script to secure your communications!

Categories: Security,Windows

Tagged: Google, http, SSL

Published:: April 23, 2007 – 3:18 pm
Author:: By Dave

Anti spam for forums and security 5

If you have ever run a blog, forum, or any other interactive site on the internet, then you probably already know about the great spam problem that there is. Not only do spammers bug us over e-mail, but also on interactive forms – where they post false topics, comments or replies, where the sole intent is to spread a website, or get google to rank a website higher in it’s search engine. Stopping automatic registrations is easy enough. You can use CAPTCHA to make sure a remote user is a human. Also, confirming that an e-mail address is valid will pretty much ensure that you only have humans registering on your site. But what about that person who is sitting at their computer, registering on your site, and submitted spam in an input area? Not only is it hard to detect when a person is spamming or not even if….

Categories: Security,System Administration

Tagged: interactive site, search engine

Published:: January 31, 2007 – 4:04 pm
Author:: By Dave

Map a drive letter to a SFTP / SSH Server 7

My preferred server platform is linux. I have not yet been able to move to a linux-based system for my daily work, and trust me I’ve tried a number of times to move to a Fedora or Ubuntu desktop. Windows is still best for productivity and day-to-day tasks, as well as compatibility with other office workers. However that brings up the question of how to access resources on a linux system, securely, and easily enough to not take too much time out of your workflow. I have previously used the free WinSCP to do this. However, much like the FTP clients of yore, you need to transfer the file to your local PC, do the actual editing on your workstation (I prefer PSPad by the way), and then transfer the file back to the server. Windows fixed this particular issue by adding in Mapped drives, which can connect to an….

Categories: Security,System Administration,Windows

Tagged: automated backup solution, backup software, caching, Comcast, download software, ISP, Linux, linux system, Philadelphia, software package, USD, Verizon

Published:: January 26, 2007 – 4:24 pm
Author:: By Dave

Cacti remote exploit Comments Off

There appears to be an exploit in the wild which is automating the Cacti Command execution and SQL Injection Vulnerability [see Secunia alert 23528]. Via this exploit, any server running an older version of Cacti from before December 28th. Of course it’s always best to keep your software up to date. Other tricks to keep your system secure: Do not use default directories. Instead of /cacti/, use /somethingcacti/. This will foil any scripts which find based on server IP and default location (scripts can still find via a search engine search). Run apache using mod_security – this will try to catch SQL injection and remote command execution Mount your temporary directory (usually /tmp) with NOEXEC flag. This will prevent any script kiddies who are able to exploit a vulnerability from running other programs from the /tmp directory that PHP usually dumps things to. Let me know if you have any….