Encryption with RSA

Most of the time when data is transmitted across a network in encrypted form, this is done with RSA keys. This method is used, for example, by the encryption software PGP (Pretty Good Privacy to encrypt e-mails, by ssh (Secure Shell) for encrypted data transfer between two computers, or by Apache-SSL or mod_ssl for secure data transmission between web server and web browser. This encryption is based on two different keys a private key and a public key. While the private key is known only to the...

Cache Hierarchy Configuration

A cache hierarchy is configured in the second group of the etc squid squid.conf configuration file. The most important options are cache_peer Defines other cache servers in a hierarchy. The parameters after the keyword are the name and type (parent or sibling) of the cache and the port numbers for HTTP and ICP. If the defined cache server does not support ICP, the value 7 should be set for the ICP_port. In addition, further options can be set. Syntax cache_peer < host> < type> <...

Access Control Lists

An ACL definition has the following syntax The keyword acl must always be present, followed by a unique name for this definition. The name of a file (in quotes and including the absolute path), containing one definition per line, can be used instead of the parameter list. acl name type path filename This is particularly useful for large lists (see Chapter 2.5 on page 49). The ACL type may be defined with one of the following expressions src Describes the client IP addresses from which a...

The Role of a Proxy Server

The connection of a local area network (LAN) to the Internet incurs certain risks. Not only can users access computers in the Internet from the LAN, but Internet computers can access computers in the local network. The system administrator must ensure security by limiting connections from outside to a minimum and by regulating access from the LAN to the Internet. The latter is important for two reasons on the one hand, intensive use of the Internet can cost the company a lot of money and, on...

Links and Documentation

Here is a list of useful reference documents and sources that cover the subject of the web server in greater depth. http www.w3.org The World Wide Web Consortium web site. http www.apache.org The home page of the Apache web server, containing the current version, documentation, and configuration advice. http www.apache-ssl.org The home page for a secure Apache-based server. http www.modssl.org The home page of the mod_ssl project. http www.apacheweek.com This home page covers many questions on...

Creating a Self Signed Certificate

Create your own certificate with the command earth openssl req -new -x509 -key server.key -out server.crt The dialog for generating the certificate could look like this Using configuration from usr ssl openssl.cnf Enter PEM pass phrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there...

Access Control Through Authentication

For authentication, the client sends a user ID and a password to the server. The server compares the data with the entries in a file then permits or denies access. Each user ID and password combination is valid only for a specific area, defined when the password is set. The server requests a user ID and a password for this area. If the client (web browser) already has this information (from a previous login to this area), it sends it to the server. If not, it requests the user to enter the...

Analyzing the Log Files with calamaris

A Perl script called calamaris can be used to analyze the Squid ( var log squid access.log) log file. You can find further information at the calamaris web site at http calamaris.cord.de. This script produces a statistical analysis of the requests and accesses. The analysis can be produced in ASCII or in HTML format. calamaris has a wide range of options affecting the contents of the analysis. The most important options are -a Perform all available analyses corresponds to a combination of the...

FTP Clients

There are many types of FTP clients command-line clients (such as ftp) and clients with convenient graphical interfaces (e.g., xftp). The advantage of command-line FTP clients is their flexibility, allowing the transfer of entire directory trees to be automated, for example. The standard FTP client is the ftp program, package lukemftp. The program accepts the name of the FTP server as an argument. The most important command is, as always, the help command, which is simply called help. In...

Configuring FTP with Authorized Users

This use of the FTP server is important for those who are hosting web sites. Individual customers maintain their own pages in directories to which they alone may have access. The configuration in which no anonymous FTP access is allowed and where all users are trapped in their home directory could look like this The corresponding command on the command line is If the above configuration is to be modified so that certain users are not held in a chroot environment (for example, members of a group...

Configuring the PureFTPd Server

Strictly speaking, the actual configuration of the PureFTPd server is made purely via command line parameters passed when the server is started. The configuration file etc pure-ftpd.conf cannot overwrite any values here. It is evaluated by a Perl script, which creates the corresponding command line parameters from it. These are passed to the program when it starts. The FTP server can either run as an independent service or be started via the inetd . If PureFTPd should be started directly, this...