This is great stuff, truly appreciate the time you took to divulge this information. You've got my like. I would like to ask your suggestion on the best way to study APACHE2 configuration? Maybe if you have certain books, courses, channels etc. that helped you. Thanks again.
@@marcusjackman1487 thanks for watching glad it was helpful! Haha I do not unfortunately. The Apache documentation is very extensive. The things I have learned came from doing hackthebox labs and configuring apache for different web services. I don’t know a good source out there for it so I put this together to share things I have run into
hi thanks for this great video, please i have a question about logs file apache2 when navigate with @IP/log i found the logs on real time!! how can i block this and crypt my logs if this possible can you please help us to secure logs apache2 files thanks a lot
Thanks for watching! If you are able to view the contents of the directories on your file system from the web browser, that is known as a directory traversal. If you are able to view the contents of the files in those directories that is known as a file disclosure. There have been new vulnerabilities discovered with apache lately. The recommendation is to upgrade apache to the latest version, 2.4.51 (as of 12/15/2021). It is highly recommended that you ensure “Require All Denied” is configured for your server if possible. Not only is this an effective mitigation for this vulnerability, but it could harden the system against additional path traversal attacks discovered in the future. At roughly 33:02 in the video is where I cover/show the area you would modify the "Require All Denied" I mentioned above. In your apache.conf file it would look something like the below configs. I included below an example of what the old config was and what the config should be after updating apache. APACHE 2.2 (Old Method) Order deny,allow Deny from all APACHE 2.4 (New Method) Require all denied More info on upgrading from apache 2.2 to 2.4 can be viewed here httpd.apache.org/docs/current/upgrading.html
![Securing Lighttpd (Pi-Hole) [Debian Linux]](http://i.ytimg.com/vi/U7IyKCtIKvg/mqdefault.jpg)
![Getting Started with AppArmor (Debian Based Linux) [Linux Mint]](http://i.ytimg.com/vi/m2d_cm47Hwc/mqdefault.jpg)
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
![Securing DNS (DNSSEC, DoH, LLMNR, NetBIOS, LMHOSTS) [Windows Server 2019]](/img/1.gif)
This is great stuff, truly appreciate the time you took to divulge this information. You've got my like. I would like to ask your suggestion on the best way to study APACHE2 configuration? Maybe if you have certain books, courses, channels etc. that helped you. Thanks again.
@@marcusjackman1487 thanks for watching glad it was helpful!
Haha I do not unfortunately. The Apache documentation is very extensive. The things I have learned came from doing hackthebox labs and configuring apache for different web services. I don’t know a good source out there for it so I put this together to share things I have run into
Excellent!! Thank you so much for the content… I scoured everywhere then used my leftover brain to check RUclips lol 😂
Lol right on thanks for watching!
hi thanks for this great video, please i have a question about logs file apache2 when navigate with @IP/log i found the logs on real time!! how can i block this and crypt my logs if this possible can you please help us to secure logs apache2 files thanks a lot
Thanks for watching!
If you are able to view the contents of the directories on your file system from the web browser, that is known as a directory traversal.
If you are able to view the contents of the files in those directories that is known as a file disclosure.
There have been new vulnerabilities discovered with apache lately. The recommendation is to upgrade apache to the latest version, 2.4.51 (as of 12/15/2021). It is highly recommended that you ensure “Require All Denied” is configured for your server if possible. Not only is this an effective mitigation for this vulnerability, but it could harden the system against additional path traversal attacks discovered in the future.
At roughly 33:02 in the video is where I cover/show the area you would modify the "Require All Denied" I mentioned above. In your apache.conf file it would look something like the below configs. I included below an example of what the old config was and what the config should be after updating apache.
APACHE 2.2 (Old Method)
Order deny,allow
Deny from all
APACHE 2.4 (New Method)
Require all denied
More info on upgrading from apache 2.2 to 2.4 can be viewed here
httpd.apache.org/docs/current/upgrading.html