Jump to content
Reboot

[How to] FreeBSD Web Server Secure

Recommended Posts

Thank you Ayaka :D  mod_security added :D

 

mod_evasive coming soon, and other protection :D

  • Love 3

Share this post


Link to post

I have this problem when create user in mysql.

 

y5F4c.png

 

Do you know how solve? XD

 

If somebody have this problem the solution is easy.

 

pwd_mkdb -p /etc/master.passwd
chown -R mysql /var/db/mysql && chgrp -R mysql /var/db/mysql
 
After this 2 steps you can add the user.

Share this post


Link to post

@topic: We need to install packages, not programs. 

 

First of all: Tutorial work!

 

But:

- First install apache then other packages because Apache is the web server, then MySQL, then PHP (because PHP requires some libraries be available)

 

I would do this with PORTS. But already said ().

 

Configurate:

What about php.ini settings? I am tired of hearing "I have a Too many connections error"

Security:  

If you list mods like mod_antiloris, you can add: mod_limitipconn, mod qos, mod_evasive, mod_security, mod_noloris.

 

- The most important thing to block Attacks on Ubuntu/Debian is (as far as I can see ) definitly Fail2Ban with IPTABLES but i dont know whats the best for BSD

 

 

Why install mysql?

And why using apache instead of nginx?

 

Apache is the most used webserver. With Apache as your Web server, you'll be assured long and reliable service as it's a solid, configurable and capable Web server so why not?? 

nginx is faster than Apache in transfer rate but has less of a wait time between receiving the request and passing a response back. Benchmarks proved that.  The only question is what you need. i dont think you use apache very often if you ask about why installing mysql.

 

I dont get the the point here:

 

You can install the php mysql extension without installing mysql

And that makes nginx better? Cmon

 

Today you need a good ddos protection and in the case of a layer 7 attack nginx is much much much better than apache

nginx runs as an event (apache as a process) so it can handle that better

I hope you know that the cake hasn't quite turned out as I'd hoped... The disadvantage of process-based servers like apache under heavier loads is that they usually consume far more RAM which significantly degrades performance and has nothing to do with a "good ddos protection". When your server fucked up because of RAM while a DDos attack (CPU trying to process the amount of data that coming in) then i have to say: Leave it all. Without a good hoster (mitigation solution and that is the point against DDoS) your going down with apache and with nginx sooner or later.

 

It's a fact that nginx is better than apache

 

Fact is: The BEST webserver does not  exist. The best webserver is the one which is better configurated and better protected. That can be apache or nginx

edit://

I do not understand why to use apache wich is shitty for me , instead of nginx ( way better and "smart" ).

 

why is it shit? Because its not smart to you? Because its not as simple as nginx? too much to install or configurate? Then use LAMP:  http://en.wikipedia.org/wiki/LAMP_(software_bundle)

 

Why you guys cant give me a compelling evidence WHY the fuck apache is shit? Its a powerfull web server (over 35% of all websites based on it) if you can configurate and protect it. Cant handel apache doesnt mean its shit.

 

Debian and Windows Server are the most used operating systems for servers but that doesn't mean that they are the best

FreeBSD has a much better performance

 

My homepages were the only homepages which were never down because of ddos

Because i never used apache

Do you think we've never tested the performace during a layer7 attack?

Apache is instant down instead of nginx

All benchmarks never tested an attack and if they did it wasnt a good attack

Today you need a good protection especially for the homepage but apache isnt able to offer any protection

If you don't believe me feel free to use apache but don't cry if your homepage is under attack

 

And i never said that nginx is better because you dont need to install mysql for the php extension

 

Btw your server doesn't handle an attack - the hoster does

Your server has 0 connection to the attack...

And a ddos attack doesn't fuck up the ram ;)

Share this post


Link to post

 

@topic: We need to install packages, not programs. 

 

First of all: Tutorial work!

 

But:

- First install apache then other packages because Apache is the web server, then MySQL, then PHP (because PHP requires some libraries be available)

 

I would do this with PORTS. But already said ().

 

Configurate:

What about php.ini settings? I am tired of hearing "I have a Too many connections error"

Security:  

If you list mods like mod_antiloris, you can add: mod_limitipconn, mod qos, mod_evasive, mod_security, mod_noloris.

 

- The most important thing to block Attacks on Ubuntu/Debian is (as far as I can see ) definitly Fail2Ban with IPTABLES but i dont know whats the best for BSD

 

 

Why install mysql?

And why using apache instead of nginx?

 

Apache is the most used webserver. With Apache as your Web server, you'll be assured long and reliable service as it's a solid, configurable and capable Web server so why not?? 

nginx is faster than Apache in transfer rate but has less of a wait time between receiving the request and passing a response back. Benchmarks proved that.  The only question is what you need. i dont think you use apache very often if you ask about why installing mysql.

 

I dont get the the point here:

 

You can install the php mysql extension without installing mysql

And that makes nginx better? Cmon

 

Today you need a good ddos protection and in the case of a layer 7 attack nginx is much much much better than apache

nginx runs as an event (apache as a process) so it can handle that better

I hope you know that the cake hasn't quite turned out as I'd hoped... The disadvantage of process-based servers like apache under heavier loads is that they usually consume far more RAM which significantly degrades performance and has nothing to do with a "good ddos protection". When your server fucked up because of RAM while a DDos attack (CPU trying to process the amount of data that coming in) then i have to say: Leave it all. Without a good hoster (mitigation solution and that is the point against DDoS) your going down with apache and with nginx sooner or later.

 

It's a fact that nginx is better than apache

 

Fact is: The BEST webserver does not  exist. The best webserver is the one which is better configurated and better protected. That can be apache or nginx

edit://

I do not understand why to use apache wich is shitty for me , instead of nginx ( way better and "smart" ).

 

why is it shit? Because its not smart to you? Because its not as simple as nginx? too much to install or configurate? Then use LAMP:  http://en.wikipedia.org/wiki/LAMP_(software_bundle)

 

Why you guys cant give me a compelling evidence WHY the fuck apache is shit? Its a powerfull web server (over 35% of all websites based on it) if you can configurate and protect it. Cant handel apache doesnt mean its shit.

 

Debian and Windows Server are the most used operating systems for servers but that doesn't mean that they are the best

FreeBSD has a much better performance

 

My homepages were the only homepages which were never down because of ddos

Because i never used apache

Do you think we've never tested the performace during a layer7 attack?

Apache is instant down instead of nginx

All benchmarks never tested an attack and if they did it wasnt a good attack

Today you need a good protection especially for the homepage but apache isnt able to offer any protection

If you don't believe me feel free to use apache but don't cry if your homepage is under attack

 

And i never said that nginx is better because you dont need to install mysql for the php extension

 

Btw your server doesn't handle an attack - the hoster does

Your server has 0 connection to the attack...

And a ddos attack doesn't fuck up the ram ;)

 

I think not see well.
As you can see I put tutorials about protection.
 
In total there are 20 protection Apache will post all.
  • Love 3

Share this post


Link to post

Debian and Windows Server are the most used operating systems for servers but that doesn't mean that they are the best

FreeBSD has a much better performance

 

My homepages were the only homepages which were never down because of ddos

Because i never used apache

Do you think we've never tested the performace during a layer7 attack?

Apache is instant down instead of nginx

All benchmarks never tested an attack and if they did it wasnt a good attack

Today you need a good protection especially for the homepage but apache isnt able to offer any protection

If you don't believe me feel free to use apache but don't cry if your homepage is under attack

 

And i never said that nginx is better because you dont need to install mysql for the php extension

 

Btw your server doesn't handle an attack - the hoster does

Your server has 0 connection to the attack...

And a ddos attack doesn't fuck up the ram ;)

 

Ok i think we talk at cross purposes. I never said that apache or debian is better. FreeBSD has a much better performance -> Right, never said anything else. What I meant to say is that you can preventing your Apache server as long as you take the time to lock down the server. You never used apache but you're insist that it cant be configurate effective against DDoS, thats interesting. "your server doesn't handle an attack - the hoster does" ?? Read my post again. I was written the same thing but the webserver has 0 connection to the attack? What are you writing xD If it has nothing to do with it, we dont have to talk about which webserver we should use (DDOS is a family of attacks which overwhelm key systems in the datacenter including your webserver) . If apache isnt able to offer any protection then you have no clue how to configuate it.

 

nginx is great. Im using it for metin2 webserver too, but to say that apache is shit is just wrong. If your main argument is that nginx is the best against DDoS and so fast then you sould look for LSWS. :P [irony]Oh moment. nginx is shit because LSWS mitigates DDoS and its faster then nginx.[/irony]

Share this post


Link to post

 

Debian and Windows Server are the most used operating systems for servers but that doesn't mean that they are the best

FreeBSD has a much better performance

 

My homepages were the only homepages which were never down because of ddos

Because i never used apache

Do you think we've never tested the performace during a layer7 attack?

Apache is instant down instead of nginx

All benchmarks never tested an attack and if they did it wasnt a good attack

Today you need a good protection especially for the homepage but apache isnt able to offer any protection

If you don't believe me feel free to use apache but don't cry if your homepage is under attack

 

And i never said that nginx is better because you dont need to install mysql for the php extension

 

Btw your server doesn't handle an attack - the hoster does

Your server has 0 connection to the attack...

And a ddos attack doesn't fuck up the ram ;)

 

Ok i think we talk at cross purposes. I never said that apache or debian is better. FreeBSD has a much better performance -> Right, never said anything else. What I meant to say is that you can preventing your Apache server as long as you take the time to lock down the server. You never used apache but you're insist that it cant be configurate effective against DDoS, thats interesting. "your server doesn't handle an attack - the hoster does" ?? Read my post again. I was written the same thing but the webserver has 0 connection to the attack? What are you writing xD If it has nothing to do with it, we dont have to talk about which webserver we should use (DDOS is a family of attacks which overwhelm key systems in the datacenter including your webserver) . If apache isnt able to offer any protection then you have no clue how to configuate it.

 

nginx is great. Im using it for metin2 webserver too, but to say that apache is shit is just wrong. If your main argument is that nginx is the best against DDoS and so fast then you sould look for LSWS. :P [irony]Oh moment. nginx is shit because LSWS mitigates DDoS and its faster then nginx.[/irony]

 

Layer 7 attacks the server itself

Layer 4 doesn't

 

Layer 7 doesn't attack something else than your server

Layer 4 attacks the routers, not your server

Share this post


Link to post

Layer 7 is attacking the server itself

Layer 4 doesn't

 

Layer 7 doesn't attack something else than your server

Layer 4 attacks the routers, not your server

The OSI model is well known to me, still thanks.. you dont get my purposes but its ok.

Share this post


Link to post

 

Layer 7 is attacking the server itself

Layer 4 doesn't

 

Layer 7 doesn't attack something else than your server

Layer 4 attacks the routers, not your server

The OSI model is well known to me, still thanks.. you dont get my purposes but its ok.

 

You said ddosing a website attacks the datacenter (including the own server) but you must mean layer 4 but nobody attacks websites with layer 4

Share this post


Link to post

 

 

Layer 7 is attacking the server itself

Layer 4 doesn't

 

Layer 7 doesn't attack something else than your server

Layer 4 attacks the routers, not your server

The OSI model is well known to me, still thanks.. you dont get my purposes but its ok.

 

You said ddosing a website attacks the datacenter (including the own server) but you must mean layer 4 but nobody attacks websites with layer 4

 

 nobody attacks TCP, UDP? interesting. Maybe we should invent booter.

 

// edit: Im offtopic and out here. i had posted all what i wanted to say

Edited by Ayaka (see edit history)

Share this post


Link to post

 

 

 

Layer 7 is attacking the server itself

Layer 4 doesn't

 

Layer 7 doesn't attack something else than your server

Layer 4 attacks the routers, not your server

The OSI model is well known to me, still thanks.. you dont get my purposes but its ok.

 

You said ddosing a website attacks the datacenter (including the own server) but you must mean layer 4 but nobody attacks websites with layer 4

 

 nobody attacks TCP, UDP? interesting. Maybe we should invent booter.

 

// edit: Im out here. i had posted all what i wanted to say

 

i never said that nobody uses that i just said that nobody uses it to attack websites

why using layer 4 methods if you can down websites easily with layer 7 attacks (e.g rudy, http get, http head, etc) because everybody uses apache

Share this post


Link to post

Why o have this problem?

 

ouSCd.png

 

I looking some tutorials and they say i must install php5-mysql, but when i install them i have this problem:

 

When open my "link" they download my site.

 

Jq3kc.png

 

What i did wrong?

Share this post


Link to post

Why o have this problem?

 

ouSCd.png

 

I looking some tutorials and they say i must install php5-mysql, but when i install them i have this problem:

 

When open my "link" they download my site.

 

Jq3kc.png

 

What i did wrong?

 

Use a clean FreeBSD, and follow the tutorial and steps. To me it worked perfectly.
 
You must have software installed that conflict.
 
Its tested on freebsd 10 and 10.1
  • Love 1

Share this post


Link to post

 

Why o have this problem?

 

ouSCd.png

 

I looking some tutorials and they say i must install php5-mysql, but when i install them i have this problem:

 

When open my "link" they download my site.

 

Jq3kc.png

 

What i did wrong?

 

Use a clean FreeBSD, and follow the tutorial and steps. To me it worked perfectly.
 
You must have software installed that conflict.
 
Its tested on freebsd 10 and 10.1

 

 

Do you know why i registe in site and the site dont send any information do db?

The simple registe page dont sen any information to db...I Dont know why.

 

There the simple regist page doesnt send information do db..

 

SmRYf.png

Share this post


Link to post

 

 

Why o have this problem?

 

ouSCd.png

 

I looking some tutorials and they say i must install php5-mysql, but when i install them i have this problem:

 

When open my "link" they download my site.

 

Jq3kc.png

 

What i did wrong?

 

Use a clean FreeBSD, and follow the tutorial and steps. To me it worked perfectly.
 
You must have software installed that conflict.
 
Its tested on freebsd 10 and 10.1

 

 

Do you know why i registe in site and the site dont send any information do db?

The simple registe page dont sen any information to db...I Dont know why.

 

There the simple regist page doesnt send information do db..

 

SmRYf.png

 

 

 

Code correct? Got an error?

 

mysql_query($sql) or die(mysql_error());

  • Love 1

Share this post


Link to post

Yes, they have error.

 

They say account already exist or someting is wrong.

But i tested this site in xamp and there work fine.

 

And this impossibel exist account because ...

ggDQe.png

Share this post


Link to post

Yes, they have error.

 

They say account already exist or someting is wrong.

But i tested this site in xamp and there work fine.

 

And this impossibel exist account because ...

ggDQe.png

 

Error cant be "account already exist" if this shown databes/table is used in script ;)

  • Love 1

Share this post


Link to post

In this tutorial dont have portsnap.

There is dont needed ?

 

alin2894 you right, in freebsd 10.1 they work fine but in freebsd 9.3 there dont work.

And... For free bsd 10.1, can you post the libs?

Share this post


Link to post

 

 

Installing and configuring php 5.6 extensions and extra extensions.

pkg install php56-extensions

pkg install php56-mysqli
pkg install php56-gd

pkg install php56-openssl 

DONE

 

 

 

 

Ok, you forget this extension "pkg install php56-mysql" without them site cant connect to mysql...

Share this post


Link to post

With varnish cache you site can fly.

 

 

UPDATE 04.03.1015

Varnish cache added, chech first post.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.