Home Web Server: Security: Difference between revisions

From The Uniform Server Wiki
Jump to navigation Jump to search
(New page: <span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000"> {| | MPG UniCenter || Home Web Server: [[Home Web Server: Home | Ho...)
 
No edit summary
Line 1: Line 1:
<span id="top"></span>
=[http://ekipebu.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]=
<div style="padding:0;margin:0; border-bottom:3px inset #000000">
&lt;span id=&quot;top&quot;&gt;&lt;/span&gt;
&lt;div style=&quot;padding:0;margin:0; border-bottom:3px inset #000000&quot;&gt;
{|  
{|  
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
| [[Image:uc_small_logo.gif | MPG UniCenter]] ||
Line 14: Line 15:
[[Home Web Server: Known Problems | Problems]]
[[Home Web Server: Known Problems | Problems]]
|}
|}
</div>
&lt;/div&gt;
{| cellpadding="2"
{| cellpadding=&quot;2&quot;
|
|
__TOC__
__TOC__
||
||
'''Set MySQL password'''<br>'''Home Web Server Uniform Server 3.5-Apollo.'''
'''Set MySQL password'''&lt;br&gt;'''Home Web Server Uniform Server 3.5-Apollo.'''
|}
|}
Uniform server has a number of security features accessible and set from '''apanel'''. The server default installation is a total lock down for local access only, denying any external access. To put the servers on-line you need to disable this feature.
Uniform server has a number of security features accessible and set from '''apanel'''. The server default installation is a total lock down for local access only, denying any external access. To put the servers on-line you need to disable this feature.
Line 34: Line 35:
{|
{|
|-
|-
|valign="top" style="background:#f3f3f3"|
|valign=&quot;top&quot; style=&quot;background:#f3f3f3&quot;|
{|cellpadding="2" style="background:#f3f3f3"
{|cellpadding=&quot;2&quot; style=&quot;background:#f3f3f3&quot;
|-
|-
|valign="top"|1&nbsp;||Start the servers by double-clicking on '''Server_Start.bat''' (in folder Uniform Server)
|valign=&quot;top&quot;|1&amp;nbsp;||Start the servers by double-clicking on '''Server_Start.bat''' (in folder Uniform Server)
|-
|-
|valign="top"|2||Your browser will start and display '''apanel'''.<br>'''''Note'':''' You can run apanel at anytime by typing the following into your browser <nowiki>http://localhost/apanel/</nowiki>
|valign=&quot;top&quot;|2||Your browser will start and display '''apanel'''.&lt;br&gt;'''''Note'':''' You can run apanel at anytime by typing the following into your browser &lt;nowiki&gt;http://localhost/apanel/&lt;/nowiki&gt;
|-
|-
|valign="top"|3||'''A)''' With apanel displayed scroll down to the '''Configurations''' section of the left menu. Click '''MySQL Server Configuration''' at the bottom of this section.
|valign=&quot;top&quot;|3||'''A)''' With apanel displayed scroll down to the '''Configurations''' section of the left menu. Click '''MySQL Server Configuration''' at the bottom of this section.
|-
|-
|valign="top"|4||'''B)''' The MySQL Server Configuration page is displayed.
|valign=&quot;top&quot;|4||'''B)''' The MySQL Server Configuration page is displayed.
|-
|-
|valign="top"|5||'''C)''' Type in the '''''new''''' MySQL Password.
|valign=&quot;top&quot;|5||'''C)''' Type in the '''''new''''' MySQL Password.
|-
|-
|valign="top"|6||'''D)''' Click '''Change'''
|valign=&quot;top&quot;|6||'''D)''' Click '''Change'''
|-
|-
|valign="top"|7||Stop the servers by double-clicking on '''Stop.bat''' (in folder Uniform Server)
|valign=&quot;top&quot;|7||Stop the servers by double-clicking on '''Stop.bat''' (in folder Uniform Server)
|-
|-
|valign="top"|8||'''Note:''' The password will updated when the servers are re-started.
|valign=&quot;top&quot;|8||'''Note:''' The password will updated when the servers are re-started.
|}
|}
|width="10"|
|width=&quot;10&quot;|
&nbsp;
&amp;nbsp;
|
|
[[Image:Uc_home_web_server_mysql_password.gif]]
[[Image:Uc_home_web_server_mysql_password.gif]]
Line 76: Line 77:
The next command it looks for is '''Allow''', this modifies the deny command, however it is very specific and allows access only from port 127.0.01 (Localhost the PC that Apache is running on)
The next command it looks for is '''Allow''', this modifies the deny command, however it is very specific and allows access only from port 127.0.01 (Localhost the PC that Apache is running on)


Apache’s sole task is to server pages unless instructed otherwise. Delete the above lines and your servers are placed on-line. However it is normal practice not to delete these lines but to convert them into comments that are ignored by Apache. A command is converted into a comment by placing a crosshatch symbol '''<nowiki>#</nowiki>''' at the beginning of the line.
Apache’s sole task is to server pages unless instructed otherwise. Delete the above lines and your servers are placed on-line. However it is normal practice not to delete these lines but to convert them into comments that are ignored by Apache. A command is converted into a comment by placing a crosshatch symbol '''&lt;nowiki&gt;#&lt;/nowiki&gt;''' at the beginning of the line.


=== .htaccess ===
=== .htaccess ===
To put your servers on-line open the file '''.htaccess''' in folder '''C:\uniserver\Uniform Server\udrive\www''' in a text editor such as NotePad and comment the lines as shown:
To put your servers on-line open the file '''.htaccess''' in folder '''C:\uniserver\Uniform Server\udrive\www''' in a text editor such as NotePad and comment the lines as shown:


{| cellpadding="8" cellspacing="1" style="background:#000000;"
{| cellpadding=&quot;8&quot; cellspacing=&quot;1&quot; style=&quot;background:#000000;&quot;
|style="background:#f5f5f5;"|
|style=&quot;background:#f5f5f5;&quot;|
<nowiki>#</nowiki> This file provides security to the server limiting access to the localhost only.<br>
&lt;nowiki&gt;#&lt;/nowiki&gt; This file provides security to the server limiting access to the localhost only.&lt;br&gt;
<nowiki>#</nowiki> Comment to deactivate.
&lt;nowiki&gt;#&lt;/nowiki&gt; Comment to deactivate.


'''<nowiki>#</nowiki>Order Deny,Allow'''<br>
'''&lt;nowiki&gt;#&lt;/nowiki&gt;Order Deny,Allow'''&lt;br&gt;
'''<nowiki>#</nowiki>Deny from all'''<br>
'''&lt;nowiki&gt;#&lt;/nowiki&gt;Deny from all'''&lt;br&gt;
'''<nowiki>#</nowiki>Allow from 127.0.0.1'''
'''&lt;nowiki&gt;#&lt;/nowiki&gt;Allow from 127.0.0.1'''


<nowiki>#</nowiki> To disallow execution of cgi scripts in this directory comment next two lines.
&lt;nowiki&gt;#&lt;/nowiki&gt; To disallow execution of cgi scripts in this directory comment next two lines.


AddHandler cgi-script .bat .exe .pl .cgi<br>
AddHandler cgi-script .bat .exe .pl .cgi&lt;br&gt;
Options +ExecCGI
Options +ExecCGI


<nowiki>#--</nowiki><br>
&lt;nowiki&gt;#--&lt;/nowiki&gt;&lt;br&gt;
<nowiki>#</nowiki> Activate this to use the Admin Panel Feature!<br>
&lt;nowiki&gt;#&lt;/nowiki&gt; Activate this to use the Admin Panel Feature!&lt;br&gt;
<nowiki>#--</nowiki><br>
&lt;nowiki&gt;#--&lt;/nowiki&gt;&lt;br&gt;
<nowiki>#</nowiki> To lock Admin Panel, uncomment the next 4 lines.<br>
&lt;nowiki&gt;#&lt;/nowiki&gt; To lock Admin Panel, uncomment the next 4 lines.&lt;br&gt;
<nowiki>#</nowiki> Defaults: Username - root; Password - root
&lt;nowiki&gt;#&lt;/nowiki&gt; Defaults: Username - root; Password - root


<nowiki>#</nowiki>AuthName "Uniform Server - Admin Panel 2.0"<br>
&lt;nowiki&gt;#&lt;/nowiki&gt;AuthName &quot;Uniform Server - Admin Panel 2.0&quot;&lt;br&gt;
<nowiki>#</nowiki>AuthType Basic<br>
&lt;nowiki&gt;#&lt;/nowiki&gt;AuthType Basic&lt;br&gt;
<nowiki>#</nowiki>AuthUserFile /htpasswd/home/admin/www/.htpasswd<br>
&lt;nowiki&gt;#&lt;/nowiki&gt;AuthUserFile /htpasswd/home/admin/www/.htpasswd&lt;br&gt;
<nowiki>#</nowiki>Require valid-user
&lt;nowiki&gt;#&lt;/nowiki&gt;Require valid-user
|}
|}



Revision as of 01:16, 24 November 2010

Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page

<span id="top"></span> <div style="padding:0;margin:0; border-bottom:3px inset #000000">

MPG UniCenter

Home Web Server: Home | Overview | Single Page Guide | Install | Security | DynDNS Account | DynDNS Updater | Updater portability | Problems

</div>

Set MySQL password<br>Home Web Server Uniform Server 3.5-Apollo.

Uniform server has a number of security features accessible and set from apanel. The server default installation is a total lock down for local access only, denying any external access. To put the servers on-line you need to disable this feature.

To initially gain access to the MySQL server a memorable password (root) is set as default, after every new installation this must be set to a new value especially when you put the servers on-line.

This page covers the above two security features in detail. What I do not cover here are name/password protection of the main server and apanel. If you want a private server or to put apanel on-line you would use this name/password feature however for a public web server they are not required.

Set MySQL Password

The MySQL server requires a new password the default is known and compromises the security of your server. Uniform server makes it very easy to change, choose a password with strong security. The ideal is a minimum of eight characters in length with a mixture of upper and lower letters and digits. (Allowed characters (a to z and A to Z and 0 to 9 Do not use any other characters).

Set the password as follows:

1&nbsp; Start the servers by double-clicking on Server_Start.bat (in folder Uniform Server)
2 Your browser will start and display apanel.<br>Note: You can run apanel at anytime by typing the following into your browser <nowiki>http://localhost/apanel/</nowiki>
3 A) With apanel displayed scroll down to the Configurations section of the left menu. Click MySQL Server Configuration at the bottom of this section.
4 B) The MySQL Server Configuration page is displayed.
5 C) Type in the new MySQL Password.
6 D) Click Change
7 Stop the servers by double-clicking on Stop.bat (in folder Uniform Server)
8 Note: The password will updated when the servers are re-started.

&nbsp;

Top

Put servers on-line

Apache validates access requests by first checking its configuration settings and then the settings in all files named .htaccess. The .htaccess file in the web-root folder www protects access to this folder and all sub-folders.

There are three lines in this file as follows:

  • Order Deny,Allow
  • Deny from all
  • Allow from 127.0.0.1

The first line instructs Apache to execute the commands Deny and Allow in the order specified.

It first looks for the command Deny which states deny access from all (no one can access this folder or any of its sub-folders)

The next command it looks for is Allow, this modifies the deny command, however it is very specific and allows access only from port 127.0.01 (Localhost the PC that Apache is running on)

Apache’s sole task is to server pages unless instructed otherwise. Delete the above lines and your servers are placed on-line. However it is normal practice not to delete these lines but to convert them into comments that are ignored by Apache. A command is converted into a comment by placing a crosshatch symbol <nowiki>#</nowiki> at the beginning of the line.

.htaccess

To put your servers on-line open the file .htaccess in folder C:\uniserver\Uniform Server\udrive\www in a text editor such as NotePad and comment the lines as shown:

<nowiki>#</nowiki> This file provides security to the server limiting access to the localhost only.<br> <nowiki>#</nowiki> Comment to deactivate.

<nowiki>#</nowiki>Order Deny,Allow<br> <nowiki>#</nowiki>Deny from all<br> <nowiki>#</nowiki>Allow from 127.0.0.1

<nowiki>#</nowiki> To disallow execution of cgi scripts in this directory comment next two lines.

AddHandler cgi-script .bat .exe .pl .cgi<br> Options +ExecCGI

<nowiki>#--</nowiki><br> <nowiki>#</nowiki> Activate this to use the Admin Panel Feature!<br> <nowiki>#--</nowiki><br> <nowiki>#</nowiki> To lock Admin Panel, uncomment the next 4 lines.<br> <nowiki>#</nowiki> Defaults: Username - root; Password - root

<nowiki>#</nowiki>AuthName "Uniform Server - Admin Panel 2.0"<br> <nowiki>#</nowiki>AuthType Basic<br> <nowiki>#</nowiki>AuthUserFile /htpasswd/home/admin/www/.htpasswd<br> <nowiki>#</nowiki>Require valid-user

Save the file, when requests come in, Apache will server pages from the web-root folder www place your web site in this folder for all the world to see.

Top


Ric