Network security reinforcement techniques for building web servers under CentOS 7

Network security reinforcement techniques for building web servers under CentOS 7

The web server is an important part of the modern Internet, so it is very important to protect the security of the web server. By hardening network security, you can reduce risks and avoid potential attacks. This article will introduce network security hardening techniques commonly used when building web servers on CentOS 7, and provide corresponding code examples.

1. Update system and software
   First, make sure your system and software are up to date. You can use the following command to update software packages on CentOS 7:

sudo yum update

2. Turn off unnecessary services
   In order to improve the security of the system, some unnecessary services should be turned off. You can use the following command to view the currently installed services:

sudo systemctl list-unit-files --type=service | grep enabled

As needed, you can use the following command to stop and disable the corresponding service. For example, if you do not need to use the FTP server, you can stop and disable vsftpd:

sudo systemctl stop vsftpd
sudo systemctl disable vsftpd

3. Configuring the firewall
   Configuring the firewall is one of the important measures to protect the web server. On CentOS 7, firewalld can be used to manage firewalls. Here are some commonly used firewall rules:

Allow HTTP and HTTPS traffic into the server:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Allow SSH connections into the server:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Limit the number of inbound connections :

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" limit value="5/m" accept'
sudo firewall-cmd --reload

4. Use HTTPS to encrypt communication
   HTTPS is a security protocol that protects communications between web servers and clients by using SSL or TLS encryption mechanisms. You can use the Certbot tool to automatically generate and configure an SSL certificate for your website. The following are sample commands to install and configure Certbot on CentOS 7:

First, install Certbot and the Certbot Nginx plugin:

sudo yum install certbot python2-certbot-nginx

Then, enable SSL for your website:

sudo certbot --nginx

5. Installing and Configuring Web Application Firewall
   Web Application Firewall (WAF) can detect and block attacks against web applications. On CentOS 7, ModSecurity is a commonly used WAF tool. The following are sample commands to install and configure ModSecurity on CentOS 7:

First, install the ModSecurity and Nginx modules:

sudo yum install mod_security mod_security_crs nginx-mod-http-modsecurity

Then, enable ModSecurity:

sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/httpd/conf.d/mod_security.conf

Finally, restart Nginx:

sudo systemctl restart nginx

6. Configure login protection
   In order to protect the login page of the web server, you can restrict the IP addresses that access the login page. The following is sample code to configure login protection using Nginx:

Edit the Nginx configuration file:

sudo nano /etc/nginx/nginx.conf

Add the following code in the "http" block:

map $remote_addr $limited_access {
    192.168.1.1     '';
    10.0.0.0/24     '';
    default         1;
}

server {
    ...
    location /login {
        deny all;
        allow $limited_access;
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}

Save and exit the profile. Then create a username and password for authenticating login:

sudo htpasswd -c /etc/nginx/.htpasswd username

Finally, restart Nginx:

sudo systemctl restart nginx

This article introduces network security reinforcement techniques commonly used when building web servers under CentOS 7. You can improve your web server's network security by updating your system and software, turning off unnecessary services, configuring firewalls, encrypting communications using HTTPS, installing and configuring web application firewalls, and configuring login protection. Hope the above tips are helpful to you.

The above is the detailed content of Network security reinforcement techniques for building web servers under CentOS 7. For more information, please follow other related articles on the PHP Chinese website!