Home  >  Article  >  Operation and Maintenance  >  Network security reinforcement techniques for building web servers under CentOS 7

Network security reinforcement techniques for building web servers under CentOS 7

WBOY
WBOYOriginal
2023-08-05 13:12:26854browse

Network security reinforcement techniques for building web servers under CentOS 7

The web server is an important part of the modern Internet, so it is very important to protect the security of the web server. By hardening network security, you can reduce risks and avoid potential attacks. This article will introduce network security hardening techniques commonly used when building web servers on CentOS 7, and provide corresponding code examples.

  1. Update system and software
    First, make sure your system and software are up to date. You can use the following command to update software packages on CentOS 7:
sudo yum update
  1. Turn off unnecessary services
    In order to improve the security of the system, some unnecessary services should be turned off. You can use the following command to view the currently installed services:
sudo systemctl list-unit-files --type=service | grep enabled

As needed, you can use the following command to stop and disable the corresponding service. For example, if you do not need to use the FTP server, you can stop and disable vsftpd:

sudo systemctl stop vsftpd
sudo systemctl disable vsftpd
  1. Configuring the firewall
    Configuring the firewall is one of the important measures to protect the web server. On CentOS 7, firewalld can be used to manage firewalls. Here are some commonly used firewall rules:

Allow HTTP and HTTPS traffic into the server:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Allow SSH connections into the server:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Limit the number of inbound connections :

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" limit value="5/m" accept'
sudo firewall-cmd --reload
  1. Use HTTPS to encrypt communication
    HTTPS is a security protocol that protects communications between web servers and clients by using SSL or TLS encryption mechanisms. You can use the Certbot tool to automatically generate and configure an SSL certificate for your website. The following are sample commands to install and configure Certbot on CentOS 7:

First, install Certbot and the Certbot Nginx plugin:

sudo yum install certbot python2-certbot-nginx

Then, enable SSL for your website:

sudo certbot --nginx
  1. Installing and Configuring Web Application Firewall
    Web Application Firewall (WAF) can detect and block attacks against web applications. On CentOS 7, ModSecurity is a commonly used WAF tool. The following are sample commands to install and configure ModSecurity on CentOS 7:

First, install the ModSecurity and Nginx modules:

sudo yum install mod_security mod_security_crs nginx-mod-http-modsecurity

Then, enable ModSecurity:

sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/httpd/conf.d/mod_security.conf

Finally, restart Nginx:

sudo systemctl restart nginx
  1. Configure login protection
    In order to protect the login page of the web server, you can restrict the IP addresses that access the login page. The following is sample code to configure login protection using Nginx:

Edit the Nginx configuration file:

sudo nano /etc/nginx/nginx.conf

Add the following code in the "http" block:

map $remote_addr $limited_access {
    192.168.1.1     '';
    10.0.0.0/24     '';
    default         1;
}

server {
    ...
    location /login {
        deny all;
        allow $limited_access;
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Save and exit the profile. Then create a username and password for authenticating login:

sudo htpasswd -c /etc/nginx/.htpasswd username

Finally, restart Nginx:

sudo systemctl restart nginx

This article introduces network security reinforcement techniques commonly used when building web servers under CentOS 7. You can improve your web server's network security by updating your system and software, turning off unnecessary services, configuring firewalls, encrypting communications using HTTPS, installing and configuring web application firewalls, and configuring login protection. Hope the above tips are helpful to you.

The above is the detailed content of Network security reinforcement techniques for building web servers under CentOS 7. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn