Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 1110 measures of Apache security
first . Constantly updated
Apache's running on Linux does not mean you do not need to update. New vulnerabilities and security risks are always available. You should regularly update the patch to fix the vulnerabilities and fix those security bugs. If you have Apache installed with your distribution's package manager, you can make updates very easy. And if installing from the source, make sure that the update process will not alter the module or its components. In addition, if you use PHP, you must update both and at the same time update Apache.
2 Operating Apache according to each object
Apache is usually installed for multiple groups or users. One of the most error-prone people is root user (which has the same rights as admin), resulting in some very serious errors. In other words, both Apache and MySQL are run by the same user object or user group. If a person causes a vulnerability, then another person may suffer the consequences. The best way to avoid this situation is to ensure Apache is run as an Apache for a specific user or group. To do this, simply open the httpd.conf file and check the lines of the form:
3. Turn off unnecessary services
There are several services or features you will want to disable or block. All of these services can be canceled in the httpd.conf file. These services / features may cause the following errors:
Apache includes a lot of modules. To see how many modules are running, use the command g rep –n LoadModule httpd.conf from within the Apache configuration directory. This command will show you all the modules that Apache is loading along with the line positions of these modules. To cancel unnecessary modules, simply add the '#' character to the beginning of the line of the module to be disabled.
5. Limit access
Suppose you have an intranet that contains a lot of important company information and you don't want to give people outside your private network access to this information group. To do that, you only need to limit access to your local network by adding the following code to the httpd.conf file in your Directory tab:
6. Restriction requirements
A denial of service attack (DoS) can always be output when you allow a large volume of requests on Apache. Apache has a navigation command, LimitRequestBody, which is placed in the directory tag. The limited number depends on the needs of the website. By default, LimitRequestBody is set to infinite values.
7. Use mod_security module
One of Apache's most important modules is mod_security . This module handles many tasks, including filtering, regular expression filtering, URL encoding and server address hiding. Mod_security installation is also quite complicated. You must first add two unique_id and security2 navigation commands to the Apache module area. Then run the command:
8. Do not allow browsing outside the original document
Allowing browsing outside of the original document can cause problems. If you do not need to enable this service, it is best to turn it off. First, you will have to edit the Directory directory of the root directory as follows:
9. Hide the Apache version number
One of the best precautions is to hide information about your service to the extent possible. One of the information to hide is the Apache version number. Doing so will prevent unwanted users from entering your web server quickly. You only need to add the following code in the Directory tab of the original document:
ServerSignature Off ServerTokens Prod
10. Hide the httpd.conf configuration file
One of the best security measures is to hide the httpd.conf file. Because this file contains many configuration information as well as settings. If people don't see it, that means they can't change the content inside, and of course your settings will remain the same. To hide the httpd.conf file, simply use the following command:
Apache's running on Linux does not mean you do not need to update. New vulnerabilities and security risks are always available. You should regularly update the patch to fix the vulnerabilities and fix those security bugs. If you have Apache installed with your distribution's package manager, you can make updates very easy. And if installing from the source, make sure that the update process will not alter the module or its components. In addition, if you use PHP, you must update both and at the same time update Apache.
2 Operating Apache according to each object
Apache is usually installed for multiple groups or users. One of the most error-prone people is root user (which has the same rights as admin), resulting in some very serious errors. In other words, both Apache and MySQL are run by the same user object or user group. If a person causes a vulnerability, then another person may suffer the consequences. The best way to avoid this situation is to ensure Apache is run as an Apache for a specific user or group. To do this, simply open the httpd.conf file and check the lines of the form:
User GroupThen change these items to:
User apache Group apacheIf an error occurs while changing, the group or user declared does not exist and you need to create a new one.
3. Turn off unnecessary services
There are several services or features you will want to disable or block. All of these services can be canceled in the httpd.conf file. These services / features may cause the following errors:
- Directory browsing : This service is aborted in a Directory tag (usually launched in the document root) using Options Directive and installing it with '-Indexing'.
- Server side Includes : This is another tool that can be removed in the Directory tab by using Options Directive and installing it with '-Includes'.
- CGI execution : If the website does not use CGI, you should disable this service by using Options Directive and installing it with '-ExecCGI' in the directory tag.
- Symbolic links : Install this tool in a Directory tag with '-FollowSymLinks'.
- None : You can turn off all options (in the above ways) using 'None' with the Option Directive.
Apache includes a lot of modules. To see how many modules are running, use the command g rep –n LoadModule httpd.conf from within the Apache configuration directory. This command will show you all the modules that Apache is loading along with the line positions of these modules. To cancel unnecessary modules, simply add the '#' character to the beginning of the line of the module to be disabled.
5. Limit access
Suppose you have an intranet that contains a lot of important company information and you don't want to give people outside your private network access to this information group. To do that, you only need to limit access to your local network by adding the following code to the httpd.conf file in your Directory tab:
Order Deny, Allow Deny from all Allow from 192.168.1.0/16Where 192.168.1.0/16 is your intranet address. After making changes in the httpd.conf file, you need to restart Apache to apply these changes.
6. Restriction requirements
A denial of service attack (DoS) can always be output when you allow a large volume of requests on Apache. Apache has a navigation command, LimitRequestBody, which is placed in the directory tag. The limited number depends on the needs of the website. By default, LimitRequestBody is set to infinite values.
7. Use mod_security module
One of Apache's most important modules is mod_security . This module handles many tasks, including filtering, regular expression filtering, URL encoding and server address hiding. Mod_security installation is also quite complicated. You must first add two unique_id and security2 navigation commands to the Apache module area. Then run the command:
apache2 service configtestWhen you receive the Syntax message OK , you have successfully installed it.
8. Do not allow browsing outside the original document
Allowing browsing outside of the original document can cause problems. If you do not need to enable this service, it is best to turn it off. First, you will have to edit the Directory directory of the root directory as follows:
Then, if you need to add options for any directory in the original document, you'll have to add a new Directory tag for each directory.
Order Deny, Allow Deny from all None Options AllowOverride None
9. Hide the Apache version number
One of the best precautions is to hide information about your service to the extent possible. One of the information to hide is the Apache version number. Doing so will prevent unwanted users from entering your web server quickly. You only need to add the following code in the Directory tab of the original document:
ServerSignature Off ServerTokens Prod
10. Hide the httpd.conf configuration file
One of the best security measures is to hide the httpd.conf file. Because this file contains many configuration information as well as settings. If people don't see it, that means they can't change the content inside, and of course your settings will remain the same. To hide the httpd.conf file, simply use the following command:
chattr + i /path/to/httpd.confIn which /path/to/httpd.conf is the path to the Apache configuration file.
5 ★ | 1 Vote
Samuel DanielYou should read it
- How to Install Apache Guacamole via Docker on Ubuntu 22.04
- Critical error on Apache Struts2 allows hackers to take over the web server
- How to install Apache Netbean on Windows 10
- Apache 2 supports SSL / TLS: Step by step instructions (Part II)
- How to install and configure Apache on Rocky Linux
- How to install Apache, MySQL and PHP in OS X
- Optimize Apache server performance
- Install and configure Apache in Ubuntu
May be interested
- Install and configure Apache in Ubuntu
in the following article, we will show you some basic steps to install and set up a web server system using apache on the ubuntu platform. in fact, this step is quite simple and easy, just use synaptic package manager, ubuntu software center to search and install apache2 module package. - Why must India implement security systems for the power sector?recently, the indian power business association has come to an agreement that it will deploy a comprehensive firewall system, combined with many other security measures.
- Apache 2.0 with SSL / TLS protocol: Step by step instructions (continued Part I)before running apache for the first time, we also need to provide the initial configuration and join some sample web content. at the very least, we need to follow these steps (as root):
- What security measures should be used when paying bills online?paying bills online is a convenient way for you to stay in compliance with your obligations to service providers. however, this option comes with some payment security risks. here's how to minimize them and stay as safe as possible when paying online.
- Measures to enhance security on the iPadipad is a revolution in mobile devices and can be used for many different purposes. however, like any other computing tool, it is sensitive to online attacks such as hacking, unauthorized intrusion or information theft. here are the methods to improve the security level on ipad, gi &
- 5 security tips for the Raspberry Piif you open ports on the internet, use it as a wifi hotspot, or if you install the pi in a larger network, you need to take security measures to protect your raspberry pi.
- Instructions for creating virtual hosts with Apache in Ubuntufor system administrators, apache is indeed one of the most effective support tools today, with high flexibility and stability, easy to set up, configure, and support multiple management. domain even though the web server system has only one ip address. besides, we can also use to store many different sites ...
- How to Set up Php on Apache 2.2.3 on CentOS 5.3this article is aimed at people who have centos 5.3 and apache 2.2.3. it may also work on rhel (but you have to pay for rhel). connect to your vps using ssh to get a command line (unless its being installed on your local machine). your...
- What is Network Security and the benefits it brings?network security is defined as a set of measures and technologies to protect the integrity, usability and availability of computer networks.
- Log in to Google services more safely than Security Keyusers will have more information security measures with security key security key has just been launched by google.
Microsoft fixes 'dangerous' errors for Windows
Enterprise security features in IE 8
Hide data into a safe location - Part 1: Windows XP
Tool to destroy the Conficker worm variant for free
Hide data into a secure location - Part 2: Vista
LinkedIn privacy settings