Login or e-mail Password   

Securing Apache Checklist

This is a small checklist of how to secure the Apache webserver. I wrote this mostly for my own personal use, but I hope it proves useful for others, too. For any suggestions or...
Views: 1.444 Created 12/16/2006

This is a small checklist of how to secure the Apache webserver. I wrote this mostly for my own personal use, but I hope it proves useful for others, too. For any suggestions or comments, please feel free to contact me.

Note: This is work in progress. More content will be added as time permits.

The checklist:

  • First step: Secure the operating system. On an insecure operating system, you can't have a secure webserver.
  • Run Apache under a distinct user and group (e.g. www-data:www-data). Do not run it as root:root or nobody:nogroup!
    User www-data
    Group www-data
  • Only enable those Apache modules (using the AddModule directive) which are absolutely necessary. Disable all others.
    These are the minimum requirements for a basic Apache install:
    • httpd_core - Core Module
    • mod_access - For Allow, Deny and Order directives
    • mod_auth - For HTTP Basic Authentication
    • mod_dir - For using index files like index.html
    • mod_log_config - For logging
    • mod_mime - For character set, content-encoding, content-language, and MIME types of documents

    Especially dangerous modules which should be disabled: mod_autoindex and mod_info.

  • Don't display more information about the webserver, its version and configuration than absolutely necessary:
    ServerSignature Off
    ServerTokens Prod
  • First, deny access to everything. Then, explicitly allow access for only those directories you need to.
    <Directory />
    Order deny,allow
    Deny from all
    </Directory>
    <Directory "/var/www/www.example.com">
    Order allow,deny
    Allow from all
    </Directory>
  • If you're paranoid, don't run Apache on port 80, but choose another port. Problem: Your users must know the port.
  • If possible, run Apache in a chroot.

Further Readings

Similar articles


8
comments: 2 | views: 4923
7
comments: 3 | views: 8638
7
comments: 1 | views: 4617
7
comments: 0 | views: 4283
7
comments: 0 | views: 5253
7
comments: 0 | views: 2449
7
comments: 0 | views: 2186
7
comments: 1 | views: 3444
 
Author
Article

Related topics






No messages


Add your opinion
You must be logged in to write a comment. If you're not a registered member, please register. It takes only few seconds, and you get an access to additional functions .
 


About EIOBA
Articles
Explore
Publish
Community
Statistics
Users online: 236
Registered: 107.587
Comments: 1.493
Articles: 7.191
© 2005-2018 EIOBA group.