Blog » 20 ways to Secure your Apache Configuration

Publication Date: Thursday, February 07, 2008

looking for some informations about Apache's settings, I got happy to find an interesting article to make Apache more secure.

Written by Pete Freitag, those informations might be so useful when you need a better configuration for Apache.

They are organized in a easy maner so that it's easy to be applied. Below is what you can learn:

1. First, make sure you've installed latest security patches
2. Hide the Apache Version number, and other sensitive information.
3. Make sure apache is running under its own user account and group
4. Ensure that files outside the web root are not served
5. Turn off directory browsing
6. Turn off directory browsing
7. Turn off CGI execution
8. Turn off CGI execution
9. Turning off multiple Options
10. Turn off support for .htaccess files
11. Run mod_security
12. Disable any unnecessary modules
13. Make sure only root has read access to apache's config and binaries
14. Lower the Timeout value
15. Limiting large requests
16. Limiting the size of an XML Body
17. Limiting Concurrency
18. Restricting Access by IP
19. Adjusting KeepAlive settings
20. Run Apache in a Chroot environment

You can see the instructions by clicking on the following URL:

20 ways to Secure your Apache Configuration

Tagged as:

• apache

Leave a comment *:

Name: Email: City/Country: Subject: Message **:

Provide the code below (spammer's protection):

Sending...please wait

(Click once)

* Your email address will not be published

** HTML code is not permitted

Comments

About