asg16.htm

apache技术手册

<HTML>

<HEAD>

<TITLE>Apache Server Survival Guide asg16.htm </TITLE>

<LINK REL="ToC" HREF="index.htm" tppabs="http://docs.rinet.ru:8080/Apachu/index.htm">

<LINK REL="Index" HREF="htindex.htm" tppabs="http://docs.rinet.ru:8080/Apachu/htindex.htm">

<LINK REL="Next" HREF="asgpt6.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asgpt6.htm">

<LINK REL="Previous" HREF="asg15.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asg15.htm"></HEAD>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#800080">
<!--#exec cmd="/www/docs/ssi-bin/restricted_search.ssi"-->





<!--#exec cmd="/www/docs/ssi-bin/inc.ssi"-->






<A NAME="I0"></A>

<H2>Apache Server Survival Guide asg16.htm</H2>

<P ALIGN=LEFT>

<A HREF="asg15.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asg15.htm" TARGET="_self"><IMG SRC="purprev.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purprev.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Previous Page"></A>

<A HREF="index.htm" tppabs="http://docs.rinet.ru:8080/Apachu/index.htm" TARGET="_self"><IMG SRC="purtoc.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purtoc.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="TOC"></A>

<A HREF="asgpt6.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asgpt6.htm" TARGET="_self"><IMG SRC="purnext.gif" tppabs="http://docs.rinet.ru:8080/Apachu/purnext.gif" WIDTH = 32 HEIGHT = 32 BORDER = 0 ALT="Next Page"></A>


<HR ALIGN=CENTER>

<P>

<UL>

<UL>

<UL>

<LI>

<A HREF="#E68E169" >Why Security?</A>

<UL>

<LI>

<A HREF="#E69E188" >Unauthorized Use of Computing Resources</A>

<LI>

<A HREF="#E69E189" >Denial of Service Attacks</A>

<LI>

<A HREF="#E69E190" >Information Theft</A>

<LI>

<A HREF="#E69E191" >Vandals</A></UL>

<LI>

<A HREF="#E68E170" >How Do They Get In?</A>

<LI>

<A HREF="#E68E171" >Avoiding Bad Input</A>

<UL>

<LI>

<A HREF="#E69E192" >Securing Your CGI</A>

<LI>

<A HREF="#E69E193" >Server Parsed HTML (SSI) Security Issues</A></UL>

<LI>

<A HREF="#E68E172" >Security and Permissions</A>

<UL>

<LI>

<A HREF="#E69E194" >The Options Directive</A>

<UL>

<LI>

<A HREF="#E70E149" >ExecCGI</A>

<LI>

<A HREF="#E70E150" >FollowSymLinks</A>

<LI>

<A HREF="#E70E151" >Includes</A>

<LI>

<A HREF="#E70E152" >Indexes</A></UL>

<LI>

<A HREF="#E69E195" >Access Control</A>

<UL>

<LI>

<A HREF="#E70E153" >Filtering By Address</A>

<LI>

<A HREF="#E70E154" >Login and Passwords</A>

<LI>

<A HREF="#E70E155" > Basic Authentication</A></UL>

<LI>

<A HREF="#E69E196" >Protecting UNIX</A></UL>

<LI>

<A HREF="#E68E173" >Additional Sources of Security Information</A>

<LI>

<A HREF="#E68E174" >Summary</A></UL></UL></UL>

<HR ALIGN=CENTER>

<A NAME="E66E16"></A>

<H1 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>16</B></FONT></CENTER></H1>

<BR>

<A NAME="E67E22"></A>

<H2 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>Web Server Security Issues</B></FONT></CENTER></H2>

<BR>

<P>Throughout this book I have not discussed the security implications of running a Web server mainly because I wanted to focus all this vital information into a single chapter. My thinking is that by putting all security information together, it would be much easier for you to read and reference. While other chapters may have made a reference to security, they didn't address it. This chapter does.

<BR>

<P>More than likely after you read this information, you'll be worrying about a few things. That's good. You <I>should</I> worry. While at times I may sound paranoid, take it with a grain of salt. The level of security you implement should reflect the level of security that you need. Creating a secure network is a very extensive topic, and one that changes constantly. This chapter will focus closely on the issues that affect a Web server; general network security is touched on but not really addressed.

<BR>

<BR>

<A NAME="E68E169"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Why Security?</B></FONT></CENTER></H3>

<BR>

<P>Connecting a computer to the Internet is a very exciting event. It opens up a world of information and communication. By setting up a Web server, you have plugged into that world and transformed yourself into an information provider. The only trouble is that by doing so you have just exposed your network to a series of potential security problems. These dangers are packaged in many forms, including the following:

<BR>

<UL>

<LI>Unauthorized use of your computing resources

<BR>

<BR>

<LI>Denial of service attacks

<BR>

<BR>

<LI>Information theft

<BR>

<BR>

<LI>Vandalism

<BR>

<BR>

</UL>

<P>While any of these issues should warrant terror from you, knowing what they do will help you prepare to face these possibly adverse situations.

<BR>

<BLOCKQUOTE>

<BLOCKQUOTE>

<HR ALIGN=CENTER>

<BR>

<NOTE>Before you go any further, you should think of dedicating a system to serving Web pages. This system should be a bare bones machine: Have no user accounts and contain minimal software. It also should not be directly on your local area network (LAN). If you haven't set up a firewall yet, do it. A firewall will isolate your network from the Internet&#151;a smart thing to do.</NOTE>

<BR>

<HR ALIGN=CENTER>

</BLOCKQUOTE></BLOCKQUOTE>

<BR>

<A NAME="E69E188"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Unauthorized Use of Computing Resources</B></FONT></CENTER></H4>

<BR>

<P>Many of the attacks on a network have obtaining illicit use of your systems as their goal. These attackers will try to seize control of your system using its resources for whatever they see fit. While on the surface this seems like the least harmful of problems, these attackers can create serious problems that could even affect your reputation. For one, your systems could become the home base from which to launch attacks onto other networks. They could turn your computers into illegal software distribution depots by distributing copies of copyrighted or pornographic material right from your systems!

<BR>

<BR>

<A NAME="E69E189"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Denial of Service</B><B> Attacks</B></FONT></CENTER></H4>

<BR>

<P>Denial of service attacks are designed to keep you from using your own computing resources. Some of the attacks can capitalize on known vulnerabilities of your operating system, such as flooding your system with so much e-mail that it cannot keep up with other legitimate requests. Intruders can also shut down your equipment, affecting services that are available to other users of your network. Sometimes this sort of attack is part of a well-orchestrated attack towards another system. By making a trusted system unavailable, an attacker could make another computer masquerade as your trusted host and gain access to a different machine.

<BR>

<BR>

<A NAME="E69E190"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Information Theft</B></FONT></CENTER></H4>

<BR>

<P>Information theft may be a serious problem if you store sensitive information on your systems. Even if you don't, the information gathered could be used to gain further access to your system or personal information that should be kept private. Confidential information, be it your secret formula for lemonade or your banking records, should not be anyone's business but your own.

<BR>

<BR>

<A NAME="E69E191"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>Vandals</B></FONT></CENTER></H4>

<BR>

<P>This is probably the most annoying of all attacks. A vandal will attempt to destroy information that you keep on your computer. Your best survival technique is simple. Have a backup of your data! Why would someone do this? Usually its a personal attack by a disgruntled employee or someone else that somehow thinks they have a score to settle.

<BR>

<BR>

<A NAME="E68E170"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>How Do They Get In?</B></FONT></CENTER></H3>

<BR>

<P>People who break into computers do it by exploiting some sort of software weakness. Usually, this is a bug in some program or a library. Many years back, sendmail, the mailer agent that delivers mail on most UNIX machines, was the target for one of these types of attacks. The sendmail worm exploited known bugs, and while it created no damage to data, the worm managed to consume all the resources of the effected computer. The sendmail worm managed to invade thousands of computers in just a few hours.

<BR>

<P>If you see what I am getting at, most security problems are rooted in software bugs. This is why it is extremely important that your software is kept up-to-date. Systems that are running old software are more likely to be broken into because they contain bugs and problems that are known.

<BR>

<P>Unlike PCs and Macintoshes, UNIX systems offer a wide range of services. For example, if you tried to FTP into a Mac or a PC, you would not be able to do it unless the user installed a program that supported this protocol. Under UNIX, this and many other client/server programs are already installed and waiting for a connection. For a list of what is running on your system, check your /etc/inetd.conf file.

<BR>

<P>Even if you don't know anything about plumbing, you can easily understand that the more complicated the plumbing, the easier it is to clog a drain. Software is not any different. The more complicated a program is, the more likely that it has bugs. Web servers are complicated programs, and your UNIX box is full of many complex programs, including shells and interpreters.

<BR>

<P>Thankfully, Apache doesn't have any known security problems. A basic configuration setting is fairly secure because it doesn't permit the execution of CGI programs or Server Side Includes. If you forget for a minute about all the other potential problems outside of your Web server, you will find that the source of security problems on a Web server is usually caused by you, the administrator. Here's a list of the possible holes you can open:

<BR>

<UL>

<LI>Insecure CGI programs <I>you</I> write or insecure programs others write that get placed into your server.

<BR>

<BR>

<LI>Permissive and promiscuous security policies <I>you</I> set; this allows other users or uninvited guests to override your security policies. This refers to permitting the use of per-directory access files (.htaccess).

<BR>

<BR>

<LI>Additional server features that <I>you</I> enable. Unless you know what those third-party modules do and how they have been coded, it is difficult to see if any of them will cause you grief. The best defense is to run a minimal server: one that supplies the absolute minimum level of facilities that do what you need. This approach has the added benefit of making your server lighter in weight, which translates into a faster and more responsive server.

<BR>

<BR>

</UL>

<P>You should be able to tell I am emphasizing (and maybe putting my foot on my mouth) that Apache, from a software standpoint, is fairly secure. No known bugs have severe security implications in the current version, and if one was discovered, the Apache team would be quick to rectify the situation. Always run the latest and greatest software to avoid problems.

<BR>

<P>From a Web server standpoint, the main focus of your worries should focus on CGI and SSI because these two powerful features usually process user data. If you trust that the input data is good, you are in for something.

<BR>

<P>My first recommendation is that you should carefully evaluate any CGIs you have written. Your CGIs should be coded defensively because unexpected input will cause problems. This simply means that the information your CGI takes in should not be trusted and must be qualified before it is passed to another program for execution.

<BR>

<P>Data sent by a visitor via a form should be digested carefully. Just because input is generated by a form that you coded doesn't mean that the visitor didn't alter your form in an attempt to crash your program. Perhaps they returned different values or more data than what you expected. Their intent is to capitalize on a weakness, such as overflowing your CGI. Perhaps a path specification is different from what you would normally expect.

<BR>

<P>What your CGI can receive could be anything. Maybe through their e-mail address there's an attempt at getting your computer to do something else. Unless you are ready to cope with that possibility, you are creating a huge security risk.

<BR>

<BR>

<A NAME="E68E171"></A>

<H3 ALIGN=CENTER>

<CENTER>