Category Archives: Security

Do HTTP authentication over HTTPS with URL rewriting

Posted on by
Reply

I am trying to protect the ~/public_html/dev directory using http auth basic, but to make that secure I want to run it over ssl.

The middle section of the below .htaccess file switches to https if the request URI begins with /dev and works.

The last section of the file works as well but does not work properly with the https redirect.

I basically want to be able to type http://www.namhuy.org/dev/some_sub_dir/ and be redirected to https://www.namhuy.org/dev/some_sub_dir/ and prompted for the http auth username and password.

What currently happens is if I go to http://www.namhuy.org/dev/some_sub_dir/ I get prompted for a username and password over port 80, and then immediately get prompted again over port 443. So my credentials are being sent twice, once in the clear, and once encrypted. Making the whole https url rewrite a little pointless.

The reason for doing this is so that I won’t be able to accidentally submit my user/pass over http; https will always be used to access the /dev directory.

Create a file /etc/httpd/conf.d/test.conf with:

<Directory “/var/www/html/dev”>
#
# force HTTPS
#
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

…and then adding the following inside /etc/httpd/conf.d/ssl.conf just above the </VirtualHost> tag:

<Directory “/var/www/html/dev”>
#
# require authentication
#
AuthType Basic
AuthName “Please Log In”
AuthUserFile /var/www/auth/passwords
Require valid-user
</Directory>

Linux defacements and Linux hacking

Posted on by
Reply

Zone-h.org has an excellent site to see defacements and what is going on across the internet.   Reviewing the archives and live defacements, Linux is defaced (hacked) more times than Windows.   What exactly does this mean?  Is Linux unsafe?  Not at all.  It truly falls on the administrator who configured Linux.   There is a false sense of security when you install Linux based on all of the sites and forums that support Linux’s ability to be safe and reliable.   Truly it can be the safest if the following holds true -

  • Proper configuration
  • Updates
  • Reading materials
  • Frequent penetration tests
  • Monitoring and logging
  • Experience with advanced configurations

Zone-h archives

All operating systems have vulnerabilities.  And yes Apple, Microsoft and Linux is only as safe as the end user.

Free products for Web Content Filtering

Posted on by
Reply

I figured I’d post about a few web content filtering solutions I’ve come across over the years. Good for setting up kid computers or an entire network for content filtering. There are products a church might recommend like CovenantEyes accountability software but why pay for something that is out there for free?
Continue reading