Fix Apache SSL vulnerabilites

For Centos Servers;

Please add these lines to the end of /etc/httpd/conf.d/ssl.conf file and restart httpd service

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
</IfModule>
<IfModule mod_ssl.c>
#SSLCipherSuite HIGH:!aNULL:!MD5:!RC4-SHA:!RC4
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RS
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5::!RC4
</IfModule>

How to Install Maxmind module for Apache

We explain how to install maxmind apache module for geoip url filtering on Centos/Cloudlinux and Ubuntu/Debian Servers.

First install this module for Centos/Cloudlinux distro.You should install the maxmind library on your server first.After than you should install the apache extension tool (apxs) on your server too.If you don’t know how to install any software on your centos server,you can choose the easy way.I prepared a shell script which includes all requirement steps.These are below.This is the content of  “https://www.linux-destek.com/maxmind/maxmind.sh” file.Notice that it already has a compiled maxmind library which one is “.so” file.It work with newer version of Centos and Clodlinux.So you don’t have to compile it yourself.Choose is yours.

#!/bin/bash
yum -y install libmaxminddb.x86_64 libmaxminddb-devel.x86_64
wget https://www.linux-destek.com/maxmind/modmaxmind.tar.gz
tar zxvf modmaxmind.tar.gz
cd modmaxmind/
cp mod_maxminddb.so /usr/lib64/httpd/modules/
mkdir /usr/local/share/GeoIP/
cp GeoLite2-Country.mmdb /usr/local/share/GeoIP/
cp apache.conf /etc/httpd/conf.d/maxmind.conf
service httpd restart

For Centos / Cloudlinux Users download it by using wget into your server and run it.After it is downloaded.You should review the file’s content.It must be includes same lines above.

wget https://www.linux-destek.com/maxmind/maxmind.sh

Then run it as root.

/bin/bash maxmind.sh

That’s it.