Howto's and FAQ's

Failover Dynamic DNS (BIND and DHCP)


If a machine uses a dynamic ip-address retrieved from a DHCP server the ip-address will not resolve to it's domainname. Usually we setup DNS with static ip-addresses. However we can setup a dynamic DNS server with DHCP so every machine which retrieves its ip-address from the DHCP server will be registered or updated in the DNS. In this tutorial I will setup a failover. We need to install some packages if they are not already installed:


Prevent hotlinking with mod_rewrite

To prevent that someone is hotlinking to your content (images, video ect) you can use mod_rewrite.Create a .htaccess file in the root directory of your webserver (or edit your if you allready have one) and add these lines:

Account locking


Usually a system will drop the connection after 3 unsuccessful login attempts and may reconnect to try it again. If you setup account lockout you can prevent this, after a number of unsuccessful login attempts the account will be locked out automaticaly.

Edit the file /etc/pam.d/system-auth and add the lines:

Restriction to use previous passwords

pam_unix makes it possible to maintain a users password history and prevent the user will re-use the password. The parameter remember is used to set the number of passwords to keep in the history for each user. An example how to set this up: First of all we need to check if the file /etc/security/opasswd exists on your system and is only writable and readable by root. If the file doesn't exists create it:

Basic Apache security


A very basic thing you should do if you are running a webserver is hiding the operating system and software version. By default Apache shows the operating system, Apache version and the used modules. To change the full exposure you have to change the value of ServerTokens directive in /etc/httpd/conf/httpd.conf

Open /etc/httpd/conf/httpd.conf and find and change the line:


Setup user/password authentication for Apache


If you don't want everybody to access your website, you can restrict access to your website or part of it with user/password based authentication. First you should change the Directory directive in the config file of Apache. Open /etc/httpd/conf/httpd.conf and find the Directory directive for which you want to use user/password based authentication, i.e. <directory />, add or change the line starting with AllowOverride:

Page 7 of 9


You are here: Home Howtos and FAQs