ithut (.) net

Howtos and Tutorials from behind the firewall

  • Home
  • Android
    • Root Your Phone
    • Android News
  • Urdu Tutorials
  • Top Tutorials
  • Forum
  • Policies
    • Copyright Policy
    • Comment Policy
  • Contact us
Twitter Youtube RSS
Monthly Archives: January 2013

Linux: 25 PHP Security Best Practices For Sys Admins

Posted on January 24, 2013 by Muhamamd Zeeshan
No comments

PHP is an open-source server-side scripting language and it is a widely used. The Apache web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-five php security best practices for sysadmins for configuring PHP securely.

Our Sample Setup For PHP Security Tips

  • DocumentRoot: /var/www/html
  • Default Web server: Apache ( you can use Lighttpd or Nginx instead of Apache)
  • Default PHP configuration file: /etc/php.ini
  • Default PHP extensions config directory: /etc/php.d/
  • Our sample php security config file: /etc/php.d/security.ini (you need to create this file using a text editor)
  • Operating systems: RHEL / CentOS / Fedora Linux (the instructions should work with any other Linux distributions such as Debian / Ubuntu or other Unix like operating systems such as OpenBSD/FreeBSD/HP-UX).
  • Default php server TCP/UDP ports: none
Read more …
Categories: Linux, Networking, PHP | Tags: command line, Linux, php, rhel

Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files

Posted on January 24, 2013 by Muhamamd Zeeshan
No comments

Q. For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE

How do I configure squid content filtering?

A. You can use squid ACL (access control list) to block all these files easily.

How do I block music files using squid content filtering ACL?

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Save and close the file. Read more …

Categories: Linux, Proxy | Tags: centos, Linux, rhel, squid

Install Squid Proxy Server on CentOS / Redhat enterprise Linux 5

Posted on January 24, 2013 by Muhamamd Zeeshan
No comments

Squid server is a popular open source GPLd proxy and web cache. It has a variety of uses, from speeding up a web server by caching repeated requests, to caching web, name server query , and other network lookups for a group of people sharing network resources. It is primarily designed to run on Linux / Unix-like systems. Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Install Squid on CentOS / RHEL 5

Use yum command as follows:
# yum install squid
Output:

Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package squid.i386 7:2.6.STABLE6-4.el5 set to be updated
--> Running transaction check
Dependencies Resolved
=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Installing:
 squid                   i386       7:2.6.STABLE6-4.el5  updates           1.2 M
Transaction Summary
=============================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: squid                        ######################### [1/1]
Installed: squid.i386 7:2.6.STABLE6-4.el5
Complete!

Read more …

Categories: Linux, Proxy | Tags: centos, Linux, proxy, squid

Howto: Squid proxy authentication using ncsa_auth helper

Posted on January 24, 2013 by Muhamamd Zeeshan
No comments

For fine control you may need to use Squid proxy server authentication. This will only allow authorized users to use proxy server.

You need to use proxy_auth ACLs to configure ncsa_auth module. Browsers send the user’s authentication in the Authorization request header. If Squid gets a request and the http_access rule list gets to a proxy_auth ACL, Squid looks for the Authorization header. If the header is present, Squid decodes it and extracts a username and password.

However squid is not equipped with password authentication. You need to take help of authentication helpers. Following are included by default in most squid and most Linux distros:
=> NCSA: Uses an NCSA-style username and password file.
=> LDAP: Uses the Lightweight Directory Access Protocol
=> MSNT: Uses a Windows NT authentication domain.
=> PAM: Uses the Linux Pluggable Authentication Modules scheme.
=> SMB: Uses a SMB server like Windows NT or Samba.
=> getpwam: Uses the old-fashioned Unix password file.
=> SASL: Uses SALS libraries.
=> NTLM, Negotiate and Digest authentication

Read more …

Categories: Linux, Networking | Tags: centos, Linux, squid
  • Recent Posts

    • Samsung Galaxy S7 rumor roundup: price, release date, features, specs
    • How to Root any LG Mobile
    • How To Record Ptcl Smart TV(iPtv) channels on PC
    • How to change the interface metric from GUI?
    • What’s the recommended way to enable / disable services in Ubuntu?
  • Categories

    • Android
    • Android_News
    • Android_Root
    • CCNA urdu
    • Cisco
    • internet
    • iptv
    • ipv6
    • Linux
    • Networking
    • Oracle
    • perl
    • PHP
    • Proxy
    • ptcl smarttv
    • Ubuntu
    • unblock
    • Uncategorized
    • urdu_tutorials
    • Windows
  • Tags

    bad username password ccna centos cisco command line configuration register cpan cron job cron tab dbd facebook get ipv6 free internet iptv ipv6 iso image ithut.net line attenuation Linux Linux Laptop mode mount iso networking oracle perl php proxy ptcl ptcl smart tv rhel sendmail smarttv snr margin squid Tutorials ubuntu unblock facebook unblock youtube urdu Urdu Tutorials utdu windows windows 7 windows xp youtube zee.im
zee.im ithut.net