Aug 27
154
The checklist:
- First step: Secure the operating system. On an insecure operating system, you can’t have a secure webserver.
- Run Apache under a distinct user and group (e.g. www-data:www-data). Do not run it as root:root or nobody:nogroup!
User www-data
Group www-data - Only enable those Apache modules (using the AddModule directive) which are absolutely necessary. Disable all others.
These are the minimum requirements for a basic Apache install:- httpd_core – Core Module
- mod_access – For Allow, Deny and Order directives
- mod_auth – For HTTP Basic Authentication
- mod_dir – For using index files like index.html
- mod_log_config – For logging
- mod_mime – For character set, content-encoding, content-language, and MIME types of documents
Especially dangerous modules which should be disabled: mod_autoindex and mod_info.
- Don’t display more information about the webserver, its version and configuration than absolutely necessary:
ServerSignature Off
ServerTokens Prod - First, deny access to everything. Then, explicitly allow access for only those directories you need to.
<Directory />
Order deny,allow
Deny from all
</Directory>
<Directory “/var/www/www.example.com”>
Order allow,deny
Allow from all
</Directory> - If you’re paranoid, don’t run Apache on port 80, but choose another port. Problem: Your users must know the port.
- If possible, run Apache in a chroot.
Tags:accesses, apache, authenticate, choose, chroot, configuration, configure, directory, enable, file, group, install, logs, port, ports, possibilities, secure, Security, system, systems, webserver, webservers
Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email
you can also grab the RSS feed or Subscribe to Techgurulive by Email
