Add free search for your website. Sign up now! https://webveta.alightservices.com/
Categories
Apache Security

ASP.Net MVC Core on Apache and more

Apache webserver is very popular web server, NGinx is also popular. I have used NGinx in the past as a proxy for ASP.Net MVC Core web applications that were developed by me – SimplePass, PodDB, WebVeta.

I have used Apache in some situations such as self-hosted Grafana and planning to use for self-hosted Jenkins. Apache is very customizable with plugins.

In the self-hosted Grafana use-case, I wanted MFA authentication, I have used auth_openidc module of Apache for adding a security layer. Now, my Google login is protected by YubiKey Bio – Biometric Authentication MFA and by using this technique, my Grafana instance has been protected with the same level of biometric authentication.

auth_openidc

A quickstart on how to use auth_openidc is available at: https://auth0.com/docs/quickstart/webapp/apache/01-login

When running ASP.Net core applications, NGinx / Apache or any other web server that can act as a proxy can forward requests to Kestrel server (usually port 5000, but configurable).

<VirtualHost *:*>
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}s
</VirtualHost>

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
    ServerName www.domain.com
    ServerAlias *.domain.com
    ErrorLog ${APACHE_LOG_DIR}/app-error.log
    CustomLog ${APACHE_LOG_DIR}/app-access.log common
</VirtualHost>

Here are a list of interesting Apache modules, I personally have not used these yet, but thought are very interesting.

ModSecurity: WAF (Web Application Firewall)

mod_alias – Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
mod_allowmethods – Easily restrict what HTTP methods can be used on the server
mod_cache – RFC 2616 compliant HTTP caching filter.
mod_evasive – Evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. Also designed to be a detection and network management tool.
mod_file_cache – Caches a static list of files in memory
mod_headers – Customization of HTTP request and response headers
mod_honeypot – Blocks requests from IP addresses blacklisted by Project Honey Pot.
mod_http2 – Support for the HTTP/2 transport layer
mod_ipblock – CIDR-based IPv4 address blocking.
mod_log_config – Logging of the requests made to the server.
mod_log_debug – Additional configurable debug logging
mod_log_forensic – Forensic Logging of the requests made to the server
mod_logio – Logging of input and output bytes per request

mod_ratelimit – Bandwidth Rate Limiting for Clients

The above list is NOT exhaustive, but definitely helpful for web server defense, forensic logging etc… I plan to use some of these in the future.

References:

https://en.wikipedia.org/wiki/List_of_Apache_modules

https://httpd.apache.org/docs/2.4/mod/

https://auth0.com/docs/quickstart/webapp/apache/01-login

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-7.0

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.