Apache Web Server

Version: Apache Web Server 2.4.43 Software Release and later.

The Apache HTTP server is a software (or program) that runs in the background under an appropriate operating system, which supports multi-tasking, and provides services to other applications that connect to it, such as client web browsers.

Netsurion's Open XDR platform monitors user logon behaviour, access point configuration changes, WLAN group management and service status and generates flex reports, flex dashboards and alerts for rogue access point detected and system state changed.

Netsurion Data Source Integration for Apache Web Server allows you to monitor the following components:-

  • Operations - Apache Web Server operations such as Page Views, Auth finder and Traffic details.
  • Security - Intruder alerts such as Directory Traversal, Sql Injection, Auth Finder and Backup finder
  • Compliance - Apache Web server error and Client access errors

Once Apache Web Server is configured to deliver events to Netsurion Manager; alerts, dashboards and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below. 

Alerts

Type Name Description
Security Apache - Request Forbidden This alert is generated when resources or data stored is moved or removed from the database.
Operations Apache - Moved Permanently This alert is generated when access is not allowed to the server due to several authentication criteria.
Compliance Apache - Access Denied This alert is generated when user logon is failed (e.g. http 401, 403).

Reports

Type Name Description
Security Apache - Backup Finder This report provides the Web traffic details of the user traversal when accessing an Apache web page.
Security Apache - Directory Traversal This report provides information of ways in which an HTTP exploit takes place which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
Security Apache - Sql Injection This report provides information related to flex master user login successful from specified IP address. It consists of columns LogTime, Device Name, User Name and Source IP. This report provides information about the attackers who are trying to do sql injection on apache web server. It also provides information about the uri on which attacker is trying to execute suspicious sql queries which we can correlate with sql syntax error to confirm whether it is a possible sql injection or not.
Security Apache - URI Error This report provides information related to users using incorrect uri to access the server which is not recognized or rejected by apache.
Operations Apache - Auth Finder This report provides the information about an attacker trying to search for the Authentication pages.
Operations Apache - Page Views This report provides us the information about the browser pages accessed by the user.
Operations Apache - Traffic Details This report provides the Web traffic details of the user traversal when accessing an Apache web page.
Compliance Apache - Client Access Error This report provides information regarding the various errors on the server when any request is given by the client.
Compliance Apache - Server Error This report provides the different Server side and database errors when trying to access the Apache Server.

Documentation

The configuration details in this guide are consistent with Netsurion Enterprise version 7.x and later, Apache Web Server 2.4.43 Software Release and later.

Download Integration Guide and How-to Guide for more information and to configuration instructions.