Archive for Apache

How to secure/harden your apache webserver – quick guide

January 7, 2013 admin Apache, Linux No comments

In this artile I am explaining some ways to secure apache.

1 . Stay Updated

Make sure that you are installing latest updates.

2. Hide Apache version

If you do not turn this off, anyone can check which version of apache you are running by just telnet-ing to its port. So always disable this. To do this add the following to your httpd.conf

ServerSignature Off
ServerTokens Prod

 

The ServerSignature  directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default

The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:

Server: Apache

 

3. Apache user:group

It is common that in many servers both apache and (mail server or mysql) running under the user nobody. So if a hacker is through this it is harmful to all services. So make sure that apache is running under its own user. Open httpd.conf and make the following changes.

User apache

Group apache

 

 

Read more

What is AllowOverride directive and what is the use of it

June 4, 2012 admin Apache, htaccess, Linux No comments

What is the use : Types of directives that are allowed in .htaccess files

This directive decalres which directives in distributed .htaccess files can override directives from the parent levels (httpd.conf). There are three values can be provided for this directive, those are All, None and FileInfo.

All and FileInfo enables .htaccess file and all ISAPI_Rewrite directives in it.

When this directive is set to None and AllowOverrideList is set to None .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.This means if you specify AllowOverride none for some directory or virtual host .htaccess files will also be disabled for all subdirectories.

When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.

viagra

Functions of apache modules

July 3, 2011 admin Apache One comment

Apache Performance Modules

Apache is a powerful and widely-used World-Wide Web (Web) server. One of its strengths is that the modules that it is made of are customizable according to the user’s requirements. Ashish Kumar discusses the benefits and the process of customization, along with a brief introduction to some useful modules.

List of Standard Modules

This appendix (alphabetically) lists of all of the standard modules that are part of the current (version 1.3.x) Apache distribution. Table 1 the modules that are compiled-in by default and Table 2 lists the ones which are not.

MODULE FUNCTION
mod_access Host based access control
mod_actions Filetype/method-based script execution
mod_alias Aliases and redirects
mod_asis The .asis file handler
mod_auth User authentication using text files
mod_autoindex Automatic directory listings
mod_cgi Invoking CGI scripts
mod_dir Basic directory handling
mod_env Passing of environments to CGI scripts
mod_imap The imagemap file handler
mod_include Server-parsed documents
mod_isapi Windows ISAPI extension support
mod_log_config User-configurable logging
mod_mime Determining document types using file extension
mod_negotiation Content negotiation
mod_setenvif Set environment variables based on client information
mod_status Server status display
mod_userdir User home directories
mod_unique_id Generate unique request identifier for every request
mod_usertrack User tracking using Cookies

Read more

« Older Entries