Projects

mod_defensible

mod_defensible is an Apache 2.x module intended to block spammers using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client.

mod_evasive

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. ... [More] mod_evasive presently reports abuses via email and syslog facilities. [Less]

mod-auth-infocard

This module implements Windows CardSpace authentication support for Apache HTTPD. It acts as a relying party, accepting information cards from the user and verifying them.

mod-jail

Running Apache in jail can be tricky, this module allows to run Apache in a secure jail prison easy, without creating real jail environment containing copy of /lib, /libexec, /usr/lib, etc, also mod_jail makes it possible to change securelevel into jail prison. mod_jail is Apache module, that ... [More] supports 1.3.xx and 2.xx branches, it is similar to mod_chroot, but uses FreeBSD's specific system call - jail that is more secure than chroot, so, it is intended to run on FreeBSD only. But now there is a jail patch for Apache source code that is based on official chroot patch for Apache 2.2.10, jail and chroot code now is backported for Apache 2.0 and 1.3. Using patch is preferred over module, because original module has some drawbacks, for example, it breaks graceful restart. [Less]

mod_whois - Apache WHOIS module

An Apache2 module (filter) which receives standard WHOIS queries and rewrites them into standard HTTP requests. After the "translation", the request can be processed by the usual mechanisms (mapping to static content, running CGI & PHP scripts, ...)

modaccesstoken

mod_access_token provides access token based secure downloading. Your web application generates a download URI with signed query_string parameters. mod_access_token will check signature, and limit the request by specifying an expiration time. mod_access_token ... [More] はアクセストークンに基づいたアクセス制御を行ない、 有効期限を指定した一時的なダウンロードを許可します。 アクセス制御を行なうためには以下のような URL を Web アプリケーションで生成します。 http://example.com/protected/example.jpg?AccessKey=&Expires=&Signature=AccessKey: httpd.conf 中であらかじめ設定しておいた AccessKey Expires: 有効期限 UNIX エポックからの秒数 Signature: リクエストを認証する HMAC-SHA1 値を Base64 エンコードしたもの Signature は以下の手順で生成します。 PlainText = + + + Signature = Base64(HMAC_SHA1(PlainText, Secret)) [Less]

Mod_Evasive Installer

simple bash script allow you to installing mod_evasive installing mod_evasive in apache1 installing mod_evasive in apache2 uninstalling mod_evasive for apache1 & apache2 this is free and open source script you can modify it any time you need, keep copyri

mod-suid2

What is mod_suid2 ?mod_suid2 is Suexec module for apache-2.0. Apache2 includes mod_suexec. if you enable this module, you can run CGI or SSI programs under user's privileges. (not as apache, nobody, wwwuser) For example, if CGI's owner is "user A", programs run as ... [More] "user_a" not as "apache". This is done by /usr/local/apache2/bin/suexec wrapper program. because wrapper program is required, mod_suexec can run only CGI or SSI with program owner's privilege, and can't run Apache modules, (i.e. WebDAV or PHP). these module will run as User or Group in httpd.conf. The problem is, if you have a large number of virtual hosts, some user could read/write other's file or directory because all programs run as apache. To solve this, Apache2 has Perchild MPM, but this is "NOT" stable yet. With apache-1.3, you can install mod_become to run httpd process under user's right. But I could not find modules for Apache-2.0. mod_suid2 is similer to mod_become but for Apache2. SecurityTo run httpd process with user's priv, I choose setuid(2). Only root can use setuid(2) as you know. which means, all httpd process must run as "ROOT" at the first time, thus you have to compile and configure Apache2 with -DBIG_SECURITY_HOLE option. When httpd receive HTTP headers from clients, httpd is running as super user. if there are buffer overflow or such, attackers can or may get root shell. To make secure your servers, there are some ways. Run httpd under chroot environment. Install libsafe or compile your Apache with StackGuard. Install IDS or IPS and protect server. Notice, if you install mod_suid2, security between one virtualhost and another will be fine. But, Security against attacks from internet will be unsafe. PerformanceBy default, MaxRequestsPerChild in httpd.conf is set to 0. This means one httpd process will receive many requests from clients. But, a process which already setud(2) to general user can not setuid(2) to another user. then httpd that is already setuid(2) must be killed with one request. To kill each process and create new process takes time. As a result, performance of without mod_suid2 is much better than mod_suid. InstallInstallation is very easy. First, you have to install Apache2 with -DBIG_SECURITY_HOLE option. Install of Apache2 % tar zxfv httpd-2.0.48.tar.gz % env CFLAGS="-DBIG_SECURITY_HOLE" ./configure && make # make installInstall of mod_suid2 # /usr/local/apache2/bin/apxs -a -i -c mod_suid2.cConfigurationConfiguration format is SuidUserGroup Username Groupnamethis is like SuexecUserGroup format, you can use this in grobal section or virtualhost section. Another configuration is SuidUserGroup #uidNumber #gidNumberor SuidUidGid uidNumber gidNumberThis is useful when users don't have Username or Groupname. SuidUidGid is for numerical username(not recommended) For example, If there are example.com and example.net, configure like below. httpd.conf LoadModule suid2_module modules/mod_suid2.so User root Group root SuidUserGroup apache apache NameVirtualHost 192.168.0.1 ServerAdmin webmaster@example.com DocumentRoot /home/example.com/public_html ServerName example.com ServerAlias www.example.com SuidUserGroup example1 example1 ServerAdmin webmaster@example.net DocumentRoot /home/example.net/public_html ServerName example.net ServerAlias www.example.net SuidUserGroup example2 example2 See alsohttp://www.sannes.org/metuxmpm/ http://www.snert.com/Software/mod_become/ http://www.suphp.org/Home.html [Less]

mod_sqlalias

Apache2 module under LGPL. Mod Sql Alias will intercept specific URI requests and dispatch them to the appropriate page to be served using a MySQL alias table.