Description

In this course, you will learn how to secure exchanges with HTTPS and control access to an Apache server. You will implement URL rewriting, filters and high availability features. You will finally see how to make PHP 5 and PHP 7 applications coexist on the same server.

Who is this training for ?

For whom ?

Web server administrators, operators, integrators or technical architects.

Prerequisites

Good knowledge of Apache Web server administration or equivalent to that provided by the "Apache, administering a Web server" course (ref. LIA). Experience desirable.

Training objectives

Hosting PHP applications

Control access and authentication to an Apache server

Implement redirections, URL rewriting and filters

Implement a high availability reverse proxy

Secure exchanges with HTTPS

Training program

• Apache HTTPD 2.4: reminders and new features
  • Compilation, installation and initial testing.
  • General server configuration.
  • Choosing the right MPM, managing load and limits.
  • Loading modules, which modules to activate? The new types of contexts.
  • Panorama of Apache 2 modules.
  • 4.
  • Support of the HTTP/2 protocol.
  • Practical work Compilation and installation of Apache HTTPD 2.
  • 4.
• Host PHP applications
  • Bringing PHP 5 and PHP 7 together.
  • CGI, CGID, Fast CGI and PHP-FPM.
  • Rights and dedicated identity, sessions.
  • Practical work Manage several versions of PHP5 and PHP7 via Fast CGI / PHP-FPM.
• Access control and authentication
  • Access control: mod_authz* modules.
  • LDAP authentication with mod_authnz_ldap.
  • External authentication and DBMS (dbm, mysql, .
  • ).
  • Practical work Setting up authentication based on an LDAP directory and a MySQL database.
• Redirection, address rewriting, filters
  • DocumentRoot and the mod_alias module.
  • Notion of virtual directory and alias.
  • URL rewriting rules and mod_rewrite.
  • Examples of filters with mod_filter, mod_header.
  • Practical work Implementation of redirects and filters.
• Reverse Proxy and Cache
  • Proxy and Reverse Proxy features.
  • The mod_proxy* modules in Apache HTTPD 2.
  • 4.
  • Load balancing and session affinity.
  • Server state management, fail-over, heartbeat.
  • KeepAlived and Reverse-Proxy High Availability.
  • Management of memory and disk cache.
  • Practical work Implementation of high availability reverse-proxy.
• Secure exchanges with HTTPS
  • Implementation of HTTPS.
  • CA and management of server certificates.
  • Authenticate users.
  • Creation of certificates and HTTPS virtual hosts.
  • Practical work Generation of server certificates and setting up an HTTPS virtual site.
  • Authentication of visitors to an HTTPS site by presentation of certificate customer.
• Security and attack detection
  • What is mod_security? The principle of mod_security rules.
  • Detect and block attack attempts.
  • An alternative to an IDS like Snort.