Howto Secure Apache

July 28, 2007 at 17:32 · Tags: , , , , , , , , , ,

  1. Use the latest and most current version. Right now the latest is the Apache 2.2 series
  2. Make sure you’ve installed all the latest security patches
  3. Hide the Apache Version number, and other sensitive information
  4. Make sure apache is running under its own user account and group
  5. Ensure that files outside the web root are not served
  6. Turn off directory browsing (mod_autoindex)
  7. Turn off server side includes (SSI)
  8. Turn off CGI execution
  9. Don’t allow apache to use symbolic links
  10. Turning off multiple Options
  11. Turn off support for .htaccess files
  12. Use the Apache mod_security
  13. Disable all unnecessary modules
  14. Make sure only root has read access to apache’s config and binaries
  15. Lower the Timeout value
  16. Limiting large requests
  17. Limiting Concurrency
  18. Restricting Access by IP
  19. Adjusting KeepAlive settings
  20. Run Apache in a Chroot environment

Feel free to post suggestions or corrections :)

VN:F [1.8.5_1061]
Rating: 0.0/10 (0 votes cast)

Related posts:

  1. Varnish : Simple and Fast HTTP Acceleration
  2. Howto Recover a Linux Root Password
  3. Howto PHP / Java bridge on Debian
  4. Howto Upgrade Joomla
  5. PHP 5.2 and APC (Alternative PHP Cache) Performance
  6. Optimize MySQL for Low Memory Use
  7. Xen Howto: Install Windows
  8. Block referer spam easily
  9. Apache gained 1.09% market share in October
  10. Xorg 7.3 and 3D Acceleration with Nvidia Cards

Popular Related Items »

Leave a Comment