Home > Article > Operation and Maintenance > Network security reinforcement techniques for building web servers under CentOS 7
Network security reinforcement techniques for building web servers under CentOS 7
The web server is an important part of the modern Internet, so it is very important to protect the security of the web server. By hardening network security, you can reduce risks and avoid potential attacks. This article will introduce network security hardening techniques commonly used when building web servers on CentOS 7, and provide corresponding code examples.
sudo yum update
sudo systemctl list-unit-files --type=service | grep enabled
As needed, you can use the following command to stop and disable the corresponding service. For example, if you do not need to use the FTP server, you can stop and disable vsftpd:
sudo systemctl stop vsftpd sudo systemctl disable vsftpd
Allow HTTP and HTTPS traffic into the server:
sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
Allow SSH connections into the server:
sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload
Limit the number of inbound connections :
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" limit value="5/m" accept' sudo firewall-cmd --reload
First, install Certbot and the Certbot Nginx plugin:
sudo yum install certbot python2-certbot-nginx
Then, enable SSL for your website:
sudo certbot --nginx
First, install the ModSecurity and Nginx modules:
sudo yum install mod_security mod_security_crs nginx-mod-http-modsecurity
Then, enable ModSecurity:
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/httpd/conf.d/mod_security.conf
Finally, restart Nginx:
sudo systemctl restart nginx
Edit the Nginx configuration file:
sudo nano /etc/nginx/nginx.conf
Add the following code in the "http" block:
map $remote_addr $limited_access { 192.168.1.1 ''; 10.0.0.0/24 ''; default 1; } server { ... location /login { deny all; allow $limited_access; auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.htpasswd; } }
Save and exit the profile. Then create a username and password for authenticating login:
sudo htpasswd -c /etc/nginx/.htpasswd username
Finally, restart Nginx:
sudo systemctl restart nginx
This article introduces network security reinforcement techniques commonly used when building web servers under CentOS 7. You can improve your web server's network security by updating your system and software, turning off unnecessary services, configuring firewalls, encrypting communications using HTTPS, installing and configuring web application firewalls, and configuring login protection. Hope the above tips are helpful to you.
The above is the detailed content of Network security reinforcement techniques for building web servers under CentOS 7. For more information, please follow other related articles on the PHP Chinese website!