Author Archives: Huy Tran

Do HTTP authentication over HTTPS with URL rewriting

Posted on by
Reply

I am trying to protect the ~/public_html/dev directory using http auth basic, but to make that secure I want to run it over ssl.

The middle section of the below .htaccess file switches to https if the request URI begins with /dev and works.

The last section of the file works as well but does not work properly with the https redirect.

I basically want to be able to type http://www.namhuy.org/dev/some_sub_dir/ and be redirected to https://www.namhuy.org/dev/some_sub_dir/ and prompted for the http auth username and password.

What currently happens is if I go to http://www.namhuy.org/dev/some_sub_dir/ I get prompted for a username and password over port 80, and then immediately get prompted again over port 443. So my credentials are being sent twice, once in the clear, and once encrypted. Making the whole https url rewrite a little pointless.

The reason for doing this is so that I won’t be able to accidentally submit my user/pass over http; https will always be used to access the /dev directory.

Create a file /etc/httpd/conf.d/test.conf with:

<Directory “/var/www/html/dev”>
#
# force HTTPS
#
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

…and then adding the following inside /etc/httpd/conf.d/ssl.conf just above the </VirtualHost> tag:

<Directory “/var/www/html/dev”>
#
# require authentication
#
AuthType Basic
AuthName “Please Log In”
AuthUserFile /var/www/auth/passwords
Require valid-user
</Directory>

How to Add the EPEL Repository in RHEL/CentOS 5/6

Posted on by
Reply

EPEL (Extra Packages for Enterprise Linux) is a third party RPM repository for Red Hat Enterprise Linux and CentOS. This article describes how to add the EPEL repository in Red Hat Enterprise Linux and CentOS 5 or 6.
Install EPEL1. Install the EPEL package using the command below.

rpm -Uvh http://bit.ly/q7kHBq

NoteThe full link for the RHEL 6 EPEL package and the links for the lower versions of RHEL are provided below. The rpm command prior to RHEL 6 cannot handle http redirects so no bit.ly links have been provided.

http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

http://download.fedora.redhat.com/pub/epel/4/i386/epel-release-4-10.noarch.rpm

yum repolist2. Verify the installation using the command below. You should see epel in the output.

yum repolist

install yum priorities3. Install the Yum priorities package using the command below.

yum install yum-priorities

edit epel.repo4. Edit the file /etc/yum.repos.d/epel.repo and add the line below under the [epel] section.

priority=10

yum check update5. Test your configuration using the command below. You should see a priority protections message in the output.

yum check-update

Linux defacements and Linux hacking

Posted on by
Reply

Zone-h.org has an excellent site to see defacements and what is going on across the internet.   Reviewing the archives and live defacements, Linux is defaced (hacked) more times than Windows.   What exactly does this mean?  Is Linux unsafe?  Not at all.  It truly falls on the administrator who configured Linux.   There is a false sense of security when you install Linux based on all of the sites and forums that support Linux’s ability to be safe and reliable.   Truly it can be the safest if the following holds true -

  • Proper configuration
  • Updates
  • Reading materials
  • Frequent penetration tests
  • Monitoring and logging
  • Experience with advanced configurations

Zone-h archives

All operating systems have vulnerabilities.  And yes Apple, Microsoft and Linux is only as safe as the end user.