Hardware Reference
In-Depth Information
If all has gone well, you'll be asked for your passphrase, and the site will be available only when HTTPS is used.
N
The process of setting up and configuring SSL is rife with possibilities for error, from differences between key
and certificate (often when the location and domain information is entered) to broken SSL protocols to old certificates
being used in preference to the new ones. Consequently, incorporate SSL only when you have some time and good
access to the various Internet message boards!
Note
To ensure that your users always use the SSL version of your web site, you can introduce some simple rules to the
configuration by rewriting any HTTP request as an HTTPS one. This uses the famed
mod_rewrite
module and can be
introduced with the virtual host configuration file like this:
<Directory /var/www/sites/homeprivate>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
deny from none
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$
https://myprivatesite.homelinux.org/$1
[R,L]
</Directory>
You must then enable the module and restart:
a2enmod rewrite
/etc/init.d/apache2 restart
As an extra layer of protection, it is not unusual to utilize the “security through obscurity” approach. This
means that you make it difficult for someone to accidentally stumble upon your server. For example, you could
have the real home directory inside a child directory, descended from the root, which has no links to it. This would
use a more obscure name, not
housecontrol
, and act like a first-layer password. Since you can't query a web
server to determine which files are available to download, it is possible to access this area only if you know that it
exists and its name. If you choose an arbitrary randomized name like
bswalxwibs
, you can always bookmark it on
physical secure machines.
Naturally, this should always be used
in addition
to the standard security methods, not
instead
of. If you have
registered a domain like
MyMegaCoolAutomatedHouse.com
, then it is likely that someone will find it and may be able to
use the Whois directory to get your real-world address
13
(unless you've remembered to shield it).
4HIEVESUSEASIMILARIDEABYPRESSINGTHEHOMEBUTTONON
satnav
STODRIVETOTHEIRVICTIMȀSHOUSEWHILETHEYȀREBUSYFILINGA
POLICEREPORTONTHEIRRECENTLYSTOLENCAR
Search WWH ::
Custom Search