In this artile I am explaining some ways to secure apache.
1 . Stay Updated
Make sure that you are installing latest updates.
2. Hide Apache version
If you do not turn this off, anyone can check which version of apache you are running by just telnet-ing to its port. So always disable this. To do this add the following to your httpd.conf
The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default
The ServerTokens directive is used to determine what Apache will put in the Server HTTP response header. By setting it to Prod it sets the HTTP response header as follows:
3. Apache user:group
It is common that in many servers both apache and (mail server or mysql) running under the user nobody. So if a hacker is through this it is harmful to all services. So make sure that apache is running under its own user. Open httpd.conf and make the following changes.
What is the use : Types of directives that are allowed in .htaccess files
This directive decalres which directives in distributed .htaccess files can override directives from the parent levels (httpd.conf). There are three values can be provided for this directive, those are All, None and FileInfo.
All and FileInfo enables .htaccess file and all ISAPI_Rewrite directives in it.
When this directive is set to None and AllowOverrideList is set to None .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.This means if you specify AllowOverride none for some directory or virtual host .htaccess files will also be disabled for all subdirectories.
When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.
Apache Performance Modules
Apache is a powerful and widely-used World-Wide Web (Web) server. One of its strengths is that the modules that it is made of are customizable according to the user’s requirements. Ashish Kumar discusses the benefits and the process of customization, along with a brief introduction to some useful modules.
List of Standard Modules
This appendix (alphabetically) lists of all of the standard modules that are part of the current (version 1.3.x) Apache distribution. Table 1 the modules that are compiled-in by default and Table 2 lists the ones which are not.
||Host based access control
||Filetype/method-based script execution
||Aliases and redirects
||The .asis file handler
||User authentication using text files
||Automatic directory listings
||Invoking CGI scripts
||Basic directory handling
||Passing of environments to CGI scripts
||The imagemap file handler
||Windows ISAPI extension support
||Determining document types using file extension
||Set environment variables based on client information
||Server status display
||User home directories
||Generate unique request identifier for every request
||User tracking using Cookies