20 Ways to SECURE your Apache Configuration

Written by LAi on 5:13 AM

Here are 20 things you can do to make your apache configuration more secure.

  1. First, make sure you've installed latest security patches

  2. Hide the Apache Version number, and other sensitive information.

  3. Make sure apache is running under its own user account and group

  4. Ensure that files outside the web root are not served

  5. Turn off directory browsing

  6. Turn off server side includes

  7. Turn off CGI execution

  8. Don't allow apache to follow symbolic links

  9. Turning off multiple Options

  10. Turn off support for .htaccess files

  11. Run mod_security

  12. Disable any unnecessary modules

  13. Make sure only root has read access to apache's config and binaries

  14. Lower the Timeout value

  15. Limiting large requests

  16. Limiting the size of an XML Body

  17. Limiting Concurrency

  18. Restricting Access by IP

  19. Adjusting KeepAlive settings

  20. Run Apache in a Chroot environment

For more details, visit petefreitag.com

Technorati Tags: , , , ,

No Comment comment  

Related Posts by Categories



Widget by Hoctro | Jack Book

  1. 0 comments: Responses to “ 20 Ways to SECURE your Apache Configuration ”

Post a Comment

Subscribe to: Post Comments (Atom)