FreeBSD – Install and Configure Webmin Web-based Interface

Webmin is a web-based interface for system administration for Unix including FreeBSD. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing, firewall and so on. Webmin consists of a simple To install webmin, update your ports, enter:

# portsnap fetch update

Install webmin from /usr/ports/sysutils/webmin, enter:

# cd /usr/ports/sysutils/webmin
# make install clean

Configure webmin

Now, webmin is installed. Start webmin on startup, enter:

# vi /etc/rc.conf

Append following line:

webmin_enable="YES"

Save and close the file. You need to run /usr/local/lib/webmin/setup.sh script in order to setup the various config files, enter:

# /usr/local/lib/webmin/setup.sh

Sample output:

***********************************************************************
*            Welcome to the Webmin setup script, version 1.420        *
***********************************************************************
Webmin is a web-based interface that allows Unix-like operating
systems and common Unix services to be easily administered.
Installing Webmin in /usr/local/lib/webmin ...
***********************************************************************
Webmin uses separate directories for configuration files and log files.
Unless you want to run multiple versions of Webmin at the same time
you can just accept the defaults.
Log file directory [/var/log/webmin]: [Press Enter]
***********************************************************************
Webmin is written entirely in Perl. Please enter the full path to the
Perl 5 interpreter on your system.
Full path to perl (default /usr/bin/perl):  [Press Enter]
Testing Perl ...
Perl seems to be installed ok
***********************************************************************
Operating system name:    FreeBSD
Operating system version: 7.0
***********************************************************************
Webmin uses its own password protected web server to provide access
to the administration programs. The setup script needs to know :
 - What port to run the web server on. There must not be another
   web server already using this port.
 - The login name required to access the web server.
 - The password required to access the web server.
 - If the webserver should use SSL (if your system supports it).
 - Whether to start webmin at boot time.
Web server port (default 10000):  [Press Enter]
Login name (default admin):  [Press Enter]
Login password: [type password]
Password again:
Use SSL (y/n): y
***********************************************************************
Creating web server config files..
..done
Creating access control file..
..done
Creating start and stop scripts..
..done
Copying config files..
..done
Changing ownership and permissions ..
..done
Running postinstall scripts ..
..done

How do I view webmin?

Fire a webbrowser and enter url: https://your-domain.com:10000/ OR https://your-server-ip:10000/

FreeBSD – Install and Configure Webmin Web-based Interface

PHP / SQL data protection – anti SQL-Injection function

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.
Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True
Look at the example above, one more time.
Let’s say that the original purpose of the code was to create an SQL statement to select a user with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

UserId:

How to protect

PHP functions

The function

//Blind SQL-INJECTION Escape sequence. Line codes anti SQL-Injection
function anti_injection($input){
$clean=strip_tags(addslashes(trim($input)));
$clean=str_replace('"','\"',$clean);
$clean=str_replace(';','\;',$clean);
$clean=str_replace('--','\--',$clean);
$clean=str_replace('+','\+',$clean);
$clean=str_replace('(','\(',$clean);
$clean=str_replace(')','\)',$clean);
$clean=str_replace('=','\=',$clean);
$clean=str_replace('>','\>',$clean);
$clean=str_replace('<','\<',$clean);
return $clean;
}

How to use

$id=$_GET['id'];
$id_clean=anti_injection($id);
PHP / SQL data protection – anti SQL-Injection function

Apache – mod_rewrite rules

Examples to configure rewrite rules in .htaccess file:
http://yourdomain.com/test

RewriteEngine On
RewriteRule ^test/?$ /testpage.php [L,NC]


Rewrite localization url with $_GET[‘lang’] variable
http://yourdomain.com/english

RewriteEngine On
RewriteRule ^(.*)/$ /$1 [R=permanent]
RewriteRule ^([a-z]{2})$ /index.php?lang=$1


Redirect 301

http://www.yourdomain.com/ to http://yourdomain.com/

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.yourdomain\.com$ [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]
Apache – mod_rewrite rules