Manualshelf

HP Open Source Middleware Stacks Blueprint: LAMP Architecture on HP ProLiant BladeSystem Servers on RHEL

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
16171819202122232425
Secure the Web Server Stack
This section covers web server security.
Data Transportation—Secure Sockets Layer (SSL) is a widely used technology to protect
data transfer. It provides secure communications by encrypting the data on public or private
networks.
Application Authentication Apache Web server provides a built-in authorization module
to enable access protection. Alternatively, Symas CDS provides a directory service solution
based on OpenLDAP, Berkeley DB, Cyrus SASL, and OpenSSL for more fine-grained
authentication purposes. CDS is an integrated authentication and authorization-based
security mechanism for enterprise applications managed and deployed in Apache httpd
Web servers. The directory server can store credential information and application privileges
about the users who are granted or forbidden access to specific resources. In addition to
controlling access based on user identities, OpenLDAP can control access based on other
attributes such as network address, transport, encryption strength, dynamic relationships,
and so on (for example, sets). Some applications or web pages in specific applications in
Apache Web server require access only by authenticated users. Symas CDS provides this
authentication mechanism by storing user credentials in the directory server.
Enabling HTTPS Support in the Apache HTTP Server
The mod_ssl module provides an SSL implementation that allows web applications running
within the Apache Web server to communicate securely with their respective clients.
Communication can still occur over standard HTTP.
HTTP over SSL (HTTPS) is enabled by default in the Apache Web server included with the Linux
distribution. You can verify HTTPS functionality by navigating to the website at:
https://<YOUR_HOSTNAME>
If this does not work, use the following procedure to configure mod_ssl:
1. Install the mod_ssl package from the OS distribution, if necessary.
2. Stop Apache if it is running, then restart it by entering the following commands:
# /etc/init.d/httpd stop
# /etc/init.d/httpd start
Secure the Web Server Stack 21