首页 > > 操作系统 > FreeBSD >

Secure Apache 1.3

2009-05-13 13:15:45来源:未知 阅读 ()

新老客户大回馈,云服务器低至5折

General Information
Apache is the most popular web server in use today.  But, not everybody that sets up their Apache server takes the necessary steps to secure it properly from intruders.  This guide will show you some good security changes to make to your Apache installation.
Requirements
  • Local root access on the box or be able to su to root.
  • A SSH client that supports ANSI colors such as puTTy or SecureCRT (if you aren't on the box).
  • Your favorite text editor (I prefer nano).
  • Apache already installed.
    Configuration
    These are a few changes to make to your Apache configuration file.  Open httpd.conf in your favorite editor.
    #
    nano -w /usr/local/etc/apache/httpd.confIt's a good idea to hide what version of Apache you are running.  If you change ServerTokens to Prod then only "Apache" will be returned when polled by netcraft.  This limits fingerprinting.
    ServerTokens Prod
    Another tip to limit fingerprinting is to turn off the server signature on server-generated error pages.
    ServerSignature Off
    By default, users may have access to the root directory of the server.  We should restrict this access in case of any potential attacks.  Change your to the following:
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
    It is a good idea to disable TRACE and TRACK methods.  These are HTTP methods used to debug web server connections.  An attacker can trick legitimate web users to give him their credentials through cross-site-scripting attacks.
            RewriteEngine on
            RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
            RewriteRule .* - [F]
    mod_userdir can be convienent by accessing a user's homepage through http://my.domain.com/~user.  But using mod_userdir can pose a security risk because attackers can find out valid system users.  It is recommended that you disable the userdir module.  There are two methods of disabling mod_userdir.
    The first method is to comment out the following lines:
    LoadModule userdir_module     libexec/apache/mod_userdir.so
    AddModule mod_userdir.c
        UserDir disabled
        UserDir public_html
    *Note:  If you must allow some users to have UserDir directories, use the following:
        UserDir disabled
        UserDir enabled user1 user2
        UserDir public_html
    Make sure /server-status is disable so people cannot see your current Apache status.  It is disabled by default.
    #
    #    SetHandler server-status

    标签:

    版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
    特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

    • 上一篇:Install Apache2

    下一篇:Chrooting Apache and PHP

    相关文章

    IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设

    网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源

    网站联盟: 联盟新闻 联盟介绍 联盟点评 网赚技巧

    行业资讯: 搜索引擎 网络游戏 电子商务 广告传媒

    网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它

    服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护

    软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷

    网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash

    程序设计: Java技术 C/C++ VB delphi

    网络知识: 网络协议 网络安全 网络管理 组网方案 Cisco技术

    操作系统: Win2000 WinXP Win2003 Mac OS Linux FreeBSD

    热门词条
    最新资讯
    热门关注
    热门标签