Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation [2019/06/10 13:13] urbanl [Instalation and software configuration] |
tutorial:adm:server_preparation [2019/11/28 13:26] fiserp [Disabling mod_security rules] |
||
---|---|---|---|
Line 199: | Line 199: | ||
===== Tomcat ===== | ===== Tomcat ===== | ||
+ | |||
+ | <note warning> | ||
Installation - CentOS7: | Installation - CentOS7: | ||
<code bash> | <code bash> | ||
- | yum install -y tomcat | + | yum install -y tomcat |
</ | </ | ||
Line 307: | Line 309: | ||
* Make Tomcat listen only on localhost: | * Make Tomcat listen only on localhost: | ||
* Add the '' | * Add the '' | ||
+ | * On tomcat 7 add '' | ||
* In Debian you need to uncoment AJP conector on port '' | * In Debian you need to uncoment AJP conector on port '' | ||
* Change logging into '' | * Change logging into '' | ||
Line 545: | Line 548: | ||
Again, restart the tomcat: | Again, restart the tomcat: | ||
<code bash> | <code bash> | ||
- | systemctl | + | service tomcat8 |
</ | </ | ||
====== Apache httpd as a reverse proxy ====== | ====== Apache httpd as a reverse proxy ====== | ||
Line 636: | Line 639: | ||
To do so, add following lines to the virtualhost config file (ssl.conf): | To do so, add following lines to the virtualhost config file (ssl.conf): | ||
< | < | ||
- | | + | RewriteEngine On |
- | RewriteRule " | + | RewriteRule " |
</ | </ | ||
- | In the file ssl.conf we also have to disable SSLv3. Edit the line with SSLProtocol directive: | + | We also have to secure the communication. **Edit** corresponding lines in '' |
< | < | ||
- | SSLProtocol all -SSLv2 -SSLv3 | + | SSLProtocol all -SSLv2 -SSLv3 |
+ | SSLCipherSuite ALL: | ||
+ | SSLHonorCipherOrder on | ||
</ | </ | ||
+ | < | ||
On Debian, create symlinks to sites-enabled: | On Debian, create symlinks to sites-enabled: | ||
Line 710: | Line 716: | ||
# These break Certificate Authority module | # These break Certificate Authority module | ||
< | < | ||
+ | SecRuleRemoveById 960915 | ||
+ | SecRuleRemoveById 200003 | ||
+ | </ | ||
+ | |||
+ | # Modsec can throw false positives on some files due to multipart boundary check | ||
+ | < | ||
SecRuleRemoveById 960915 | SecRuleRemoveById 960915 | ||
SecRuleRemoveById 200003 | SecRuleRemoveById 200003 |