Securing the Apache HTTP Server
The Apache HTTP Server is one of the most stable and secure services that ships with major Linux Server Distros.
Below is a few list of configuration options administrators should be careful using.
This directive is enabled by default, but may not be desirable. To prevent visitors from browsing files on the server, remove this directive.
This directive is enabled by default, be sure to use caution when creating symbolic links to the
document root of the Web server. For instance, it is a bad idea to provide a symbolic link to /.
The UserDir Directive
The UserDir directive is disabled by default because it can confirm the presence of a user account on the system. To enable user directory browsing on the server, use the following directives:
These directives activate user directory browsing for all user directories other than /root/. To add users to the list of disabled accounts, add a space delimited list of users on the UserDir disabled line.
Do Not Remove the IncludesNoExec Directive
Restrict Permissions for Executable Directories
Be certain to only assign write permissions to the root user for any directory containing scripts or CGIs. This can be accomplished by typing the following commands:
Leave a Reply
You must be logged in to post a comment.
