Secure Apache 1.3

General Information

Apache is the most popular web server in use today. But, not everybody that sets up their Apache server takes the necessary steps to secure it properly from intruders. This guide will show you some good security changes to make to your Apache installation.


Requirements

  1. Local root access on the box or be able to su to root.
  2. A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren’t on the box).
  3. Your favorite text editor (I prefer nano).
  4. Apache already installed.

Configuration

These are a few changes to make to your Apache configuration file. new balance Open httpd.conf in your favorite editor.

 # nano -w /usr/local/etc/apache/httpd.conf 

It’s a good idea to hide what version of Apache you are running. nike air max classic bw soldes adidas zx flux belgique If you change ServerTokens to Prod then only “Apache” will be returned when polled by netcraft. nike kwazi soldes This limits fingerprinting.

 ServerTokens Prod 

Another tip to limit fingerprinting is to turn off the server signature on server-generated error pages.

 ServerSignature Off 

By default, users may have access to the root directory of the server. We should restrict this access in case of any potential attacks. Change your to the following:

  Options None AllowOverride None Order deny,allow Deny from all  

It is a good idea to disable TRACE and TRACK methods. These are HTTP methods used to debug web server connections. An attacker can trick legitimate web users to give him their credentials through cross-site-scripting attacks.

  RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F]  

mod_userdir can be convienent by accessing a user’s homepage through http://my.domain.com/~user. bottes ugg But using mod_userdir can pose a security risk because attackers can find out valid system users. nike air max pas cher nike air max 90 homme It is recommended that you disable the userdir module. nike air max 2013 There are two methods of disabling mod_userdir.

The first method is to comment out the following lines:

 LoadModule userdir_module libexec/apache/mod_userdir.so AddModule mod_userdir.c 

The second method is to disable it through IfModule.

  UserDir disabled UserDir public_html  

Note: If you must allow some users to have UserDir directories, use the following:
  UserDir disabled UserDir enabled user1 user2 UserDir public_html  

Make sure /server-status is disable so people cannot see your current Apache status. timberland pas cher chaussure nike pas cher It is disabled by default.

 # # SetHandler server-status # Order deny,allow # Deny from all # Allow from .example.com # 

Make sure /server-info is disabled so people cannot see your current Apache configuration. It is disabled by default.

 # # SetHandler server-info # Order deny,allow # Deny from all # Allow from .example.com # 

Now your Apache installation is all the more secure.

Speak Your Mind

*