20 Ways to SECURE your Apache Configuration « Syncronizing post in progress…

20 Ways to SECURE your Apache Configuration

17 June, 2006 in Misc

Here are 20 things you can do to make your apache configuration more secure.

First, make sure you’ve installed latest security patches
Hide the Apache Version number, and other sensitive information.
Make sure apache is running under its own user account and group
Ensure that files outside the web root are not served
Turn off directory browsing
Turn off server side includes
Turn off CGI execution
Don’t allow apache to follow symbolic links
Turning off multiple Options
Turn off support for .htaccess files
Run mod_security
Disable any unnecessary modules
Make sure only root has read access to apache’s config and binaries
Lower the Timeout value
Limiting large requests
Limiting the size of an XML Body
Limiting Concurrency
Restricting Access by IP
Adjusting KeepAlive settings
Run Apache in a Chroot environment

For more details, visit petefreitag.com

Technorati Tags: Apache, Security, Server, Web,

No Comments Yet

Leave a Comment

trackback address

: place for me :
Blogroll
- MY REAL BLOG
c
Archives
- May 2007 (8)
- April 2007 (6)
- March 2007 (14)
- February 2007 (18)
- January 2007 (36)
- December 2006 (9)
- November 2006 (4)
- October 2006 (21)
- September 2006 (26)
- August 2006 (22)
- July 2006 (31)
- June 2006 (49)
- May 2006 (9)
- April 2006 (17)
- March 2006 (16)
- February 2006 (13)
- January 2006 (10)
- December 2005 (10)
- November 2005 (18)
Spam Blocked

768 spam comments

blocked by
Akismet
Blog Stats
- 21,973 hits

June 2006

M T W T F S S

« May Jul »

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30
Recent Posts
Top Posts
Top Clicks

Flickr Photos

More Photos
nuffnang_bid = "3e75def9d3c9314ea5ee489336ce7372";