Howto Secure Apache

July 28, 2007 at 17:32 · Tags: , , , , , , , , , ,

  1. Use the latest and most current version. Right now the latest is the Apache 2.2 series
  2. Make sure you’ve installed all the latest security patches
  3. Hide the Apache Version number, and other sensitive information
  4. Make sure apache is running under its own user account and group
  5. Ensure that files outside the web root are not served
  6. Turn off directory browsing (mod_autoindex)
  7. Turn off server side includes (SSI)
  8. Turn off CGI execution
  9. Don’t allow apache to use symbolic links
  10. Turning off multiple Options
  11. Turn off support for .htaccess files
  12. Use the Apache mod_security
  13. Disable all unnecessary modules
  14. Make sure only root has read access to apache’s config and binaries
  15. Lower the Timeout value
  16. Limiting large requests
  17. Limiting Concurrency
  18. Restricting Access by IP
  19. Adjusting KeepAlive settings
  20. Run Apache in a Chroot environment

Feel free to post suggestions or corrections :)

Related posts:

  1. .htaccess Generator
  2. Howto PHP / Java bridge on Debian
  3. Howto Recover a Linux Root Password
  4. Howto Upgrade Joomla
  5. Xen Howto: Install Windows
  6. Apache gained 1.09% market share in October
  7. Xorg 7.3 and 3D Acceleration with Nvidia Cards
  8. Howto Create Generate a Certificate Signing Request
  9. Howto Create a libstdc++ Compat on Debian (e.g. libstdc++-libc6.2-2.so.3)
  10. Varnish : Simple and Fast HTTP Acceleration

Comments