Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 1110 measures of Apache security
Apache's running on Linux does not mean you do not need to update. New vulnerabilities and security risks are always available.
first . Constantly updated
Apache's running on Linux does not mean you do not need to update. New vulnerabilities and security risks are always available. You should regularly update the patch to fix the vulnerabilities and fix those security bugs. If you have Apache installed with your distribution's package manager, you can make updates very easy. And if installing from the source, make sure that the update process will not alter the module or its components. In addition, if you use PHP, you must update both and at the same time update Apache.
2 Operating Apache according to each object
Apache is usually installed for multiple groups or users. One of the most error-prone people is root user (which has the same rights as admin), resulting in some very serious errors. In other words, both Apache and MySQL are run by the same user object or user group. If a person causes a vulnerability, then another person may suffer the consequences. The best way to avoid this situation is to ensure Apache is run as an Apache for a specific user or group. To do this, simply open the httpd.conf file and check the lines of the form:
3. Turn off unnecessary services
There are several services or features you will want to disable or block. All of these services can be canceled in the httpd.conf file. These services / features may cause the following errors:
Apache includes a lot of modules. To see how many modules are running, use the command g rep –n LoadModule httpd.conf from within the Apache configuration directory. This command will show you all the modules that Apache is loading along with the line positions of these modules. To cancel unnecessary modules, simply add the '#' character to the beginning of the line of the module to be disabled.
5. Limit access
Suppose you have an intranet that contains a lot of important company information and you don't want to give people outside your private network access to this information group. To do that, you only need to limit access to your local network by adding the following code to the httpd.conf file in your Directory tab:
6. Restriction requirements
A denial of service attack (DoS) can always be output when you allow a large volume of requests on Apache. Apache has a navigation command, LimitRequestBody, which is placed in the directory tag. The limited number depends on the needs of the website. By default, LimitRequestBody is set to infinite values.
7. Use mod_security module
One of Apache's most important modules is mod_security . This module handles many tasks, including filtering, regular expression filtering, URL encoding and server address hiding. Mod_security installation is also quite complicated. You must first add two unique_id and security2 navigation commands to the Apache module area. Then run the command:
8. Do not allow browsing outside the original document
Allowing browsing outside of the original document can cause problems. If you do not need to enable this service, it is best to turn it off. First, you will have to edit the Directory directory of the root directory as follows:
9. Hide the Apache version number
One of the best precautions is to hide information about your service to the extent possible. One of the information to hide is the Apache version number. Doing so will prevent unwanted users from entering your web server quickly. You only need to add the following code in the Directory tab of the original document:
ServerSignature Off ServerTokens Prod
10. Hide the httpd.conf configuration file
One of the best security measures is to hide the httpd.conf file. Because this file contains many configuration information as well as settings. If people don't see it, that means they can't change the content inside, and of course your settings will remain the same. To hide the httpd.conf file, simply use the following command:
Apache's running on Linux does not mean you do not need to update. New vulnerabilities and security risks are always available. You should regularly update the patch to fix the vulnerabilities and fix those security bugs. If you have Apache installed with your distribution's package manager, you can make updates very easy. And if installing from the source, make sure that the update process will not alter the module or its components. In addition, if you use PHP, you must update both and at the same time update Apache.
2 Operating Apache according to each object
Apache is usually installed for multiple groups or users. One of the most error-prone people is root user (which has the same rights as admin), resulting in some very serious errors. In other words, both Apache and MySQL are run by the same user object or user group. If a person causes a vulnerability, then another person may suffer the consequences. The best way to avoid this situation is to ensure Apache is run as an Apache for a specific user or group. To do this, simply open the httpd.conf file and check the lines of the form:
User GroupThen change these items to:
User apache Group apacheIf an error occurs while changing, the group or user declared does not exist and you need to create a new one.
3. Turn off unnecessary services
There are several services or features you will want to disable or block. All of these services can be canceled in the httpd.conf file. These services / features may cause the following errors:
- Directory browsing : This service is aborted in a Directory tag (usually launched in the document root) using Options Directive and installing it with '-Indexing'.
- Server side Includes : This is another tool that can be removed in the Directory tab by using Options Directive and installing it with '-Includes'.
- CGI execution : If the website does not use CGI, you should disable this service by using Options Directive and installing it with '-ExecCGI' in the directory tag.
- Symbolic links : Install this tool in a Directory tag with '-FollowSymLinks'.
- None : You can turn off all options (in the above ways) using 'None' with the Option Directive.
Apache includes a lot of modules. To see how many modules are running, use the command g rep –n LoadModule httpd.conf from within the Apache configuration directory. This command will show you all the modules that Apache is loading along with the line positions of these modules. To cancel unnecessary modules, simply add the '#' character to the beginning of the line of the module to be disabled.
5. Limit access
Suppose you have an intranet that contains a lot of important company information and you don't want to give people outside your private network access to this information group. To do that, you only need to limit access to your local network by adding the following code to the httpd.conf file in your Directory tab:
Order Deny, Allow Deny from all Allow from 192.168.1.0/16Where 192.168.1.0/16 is your intranet address. After making changes in the httpd.conf file, you need to restart Apache to apply these changes.
6. Restriction requirements
A denial of service attack (DoS) can always be output when you allow a large volume of requests on Apache. Apache has a navigation command, LimitRequestBody, which is placed in the directory tag. The limited number depends on the needs of the website. By default, LimitRequestBody is set to infinite values.
7. Use mod_security module
One of Apache's most important modules is mod_security . This module handles many tasks, including filtering, regular expression filtering, URL encoding and server address hiding. Mod_security installation is also quite complicated. You must first add two unique_id and security2 navigation commands to the Apache module area. Then run the command:
apache2 service configtestWhen you receive the Syntax message OK , you have successfully installed it.
8. Do not allow browsing outside the original document
Allowing browsing outside of the original document can cause problems. If you do not need to enable this service, it is best to turn it off. First, you will have to edit the Directory directory of the root directory as follows:
Then, if you need to add options for any directory in the original document, you'll have to add a new Directory tag for each directory.
Order Deny, Allow Deny from all None Options AllowOverride None
9. Hide the Apache version number
One of the best precautions is to hide information about your service to the extent possible. One of the information to hide is the Apache version number. Doing so will prevent unwanted users from entering your web server quickly. You only need to add the following code in the Directory tab of the original document:
ServerSignature Off ServerTokens Prod
10. Hide the httpd.conf configuration file
One of the best security measures is to hide the httpd.conf file. Because this file contains many configuration information as well as settings. If people don't see it, that means they can't change the content inside, and of course your settings will remain the same. To hide the httpd.conf file, simply use the following command:
chattr + i /path/to/httpd.confIn which /path/to/httpd.conf is the path to the Apache configuration file.
5 ★ | 1 Vote
Samuel DanielYou should read it
- Compare Nginx and Apache
- MSI presents the laptop to play 'dinosaur' GE70 Apache Pro
- How to Install Apache Guacamole via Docker on Ubuntu 22.04
- Critical error on Apache Struts2 allows hackers to take over the web server
- How to install Apache Netbean on Windows 10
- Apache 2 supports SSL / TLS: Step by step instructions (Part II)
- How to install and configure Apache on Rocky Linux
- How to install Apache, MySQL and PHP in OS X
- Optimize Apache server performance
- Install and configure Apache in Ubuntu
- Apache 2.0 with SSL / TLS protocol: Step by step instructions (continued Part I)
- Instructions for creating virtual hosts with Apache in Ubuntu
Computer security
Compare Nginx and Apache
MSI presents the laptop to play 'dinosaur' GE70 Apache Pro
How to Install Apache Guacamole via Docker on Ubuntu 22.04
7 measures to enhance security for e-wallets you should not ignore
Critical error on Apache Struts2 allows hackers to take over the web server- How to install Apache Netbean on Windows 10
Critical error on Apache Struts2 allows hackers to take over the web server
How to install Apache Netbean on Windows 10