Apache webserver is very popular web server, NGinx is also popular. I have used NGinx in the past as a proxy for ASP.Net MVC Core web applications that were developed by me – SimplePass, PodDB, WebVeta.
I have used Apache in some situations such as self-hosted Grafana and planning to use for self-hosted Jenkins. Apache is very customizable with plugins.
In the self-hosted Grafana use-case, I wanted MFA authentication, I have used auth_openidc module of Apache for adding a security layer. Now, my Google login is protected by YubiKey Bio – Biometric Authentication MFA and by using this technique, my Grafana instance has been protected with the same level of biometric authentication.
auth_openidc
A quickstart on how to use auth_openidc is available at: https://auth0.com/docs/quickstart/webapp/apache/01-login
When running ASP.Net core applications, NGinx / Apache or any other web server that can act as a proxy can forward requests to Kestrel server (usually port 5000, but configurable).
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}s
</VirtualHost>
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.domain.com
ServerAlias *.domain.com
ErrorLog ${APACHE_LOG_DIR}/app-error.log
CustomLog ${APACHE_LOG_DIR}/app-access.log common
</VirtualHost>
Here are a list of interesting Apache modules, I personally have not used these yet, but thought are very interesting.
ModSecurity: WAF (Web Application Firewall)
mod_alias – Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
mod_allowmethods – Easily restrict what HTTP methods can be used on the server
mod_cache – RFC 2616 compliant HTTP caching filter.
mod_evasive – Evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. Also designed to be a detection and network management tool.
mod_file_cache – Caches a static list of files in memory
mod_headers – Customization of HTTP request and response headers
mod_honeypot – Blocks requests from IP addresses blacklisted by Project Honey Pot.
mod_http2 – Support for the HTTP/2 transport layer
mod_ipblock – CIDR-based IPv4 address blocking.
mod_log_config – Logging of the requests made to the server.
mod_log_debug – Additional configurable debug logging
mod_log_forensic – Forensic Logging of the requests made to the server
mod_logio – Logging of input and output bytes per request
mod_ratelimit – Bandwidth Rate Limiting for Clients
The above list is NOT exhaustive, but definitely helpful for web server defense, forensic logging etc… I plan to use some of these in the future.
References:
https://en.wikipedia.org/wiki/List_of_Apache_modules
https://httpd.apache.org/docs/2.4/mod/
https://auth0.com/docs/quickstart/webapp/apache/01-login
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-7.0
–
Mr. Kanti Kalyan Arumilli
B.Tech, M.B.A
Founder & CEO, Lead Full-Stack .Net developer
ALight Technology And Services Limited
Phone / SMS / WhatsApp on the following 3 numbers:
+91-789-362-6688, +1-480-347-6849, +44-07718-273-964
+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)
kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.