skip to main | skip to sidebar

Linux Tutorial for Beginners

Pages

  • Home
 
  • RSS
  • Twitter
Tuesday, March 6, 2012

Apache Configuration File Security Option

Posted by Raj gupta at 10:59 PM – 19 comments
 
you’ll examine the security options available in the main Apache configuration file, httpd.conf. That file can be modified to secure the entire server or to configure security on a directory-by-directory basis. Directory controls secure access by the server, as well as users who connect to the web sites on the server. To explore the basics of Apache security, start with the first default active line in httpd.conf:

ServerTokens OS

This line looks deceptively simple; it limits the information displayed about a web server you navigate to a nonexistent page to the following message:

Apache/2.2.15 (Red Hat) Server at localhost Port 80

Contrast that output with what happens with a ServerTokens Full line:

Apache/2.2.15 (Red Hat) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.2
Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80

In other words, with one option, outsiders can see whether modules such as Perl, Python, and PHP have been loaded, along with their version numbers. As not everyone updates their software in a perfectly timely manner, what happens when a cracker sees a version that has been compromised, your servers will face additional risks. Next, you can restrict access to the directory defined by the ServerRoot directive as shown here:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

This configures a very restrictive set of permissions. The Options FollowSymLinks line supports the use of symbolic links for web pages. The AllowOverride None line disables any .htaccess files. The ServerRoot directive points to /etc/httpd, which contains Apache configuration files. Without the AllowOverride None line, a cracker who inserts a malicious .htaccess file can configure permissions that allows any user to change such configuration files. However, there’s an appropriate use for .htaccess files. For example, when placed in a subdirectory such as /www/html/project, then it can be used to permit access to a group, and such changes would apply only to that directory. You can improve this by limiting access to all but explicitly allowed users, by adding the following commands to the desired <Directory> container:

Order deny,allow
Deny from all

The next <Directory> container example limits access to /var/www/html, which corresponds to the default DocumentRoot directive (while these directives are divided by numerous comments, they are all in the same stanza):

<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

The Options directive is different; the Indexes setting allows readers to see a list of files on the web server if no index.html file is present in the specified directory. The Order and Allow lines allow all users to access the web pages on this server. Finally, the Listen directive defines the IP address and TCP/IP port for this server. For example, the default shown next means that this server will work with every computer that requests a web page from any of the IP addresses for your computer on the standard TCP/IP port, 80:

Listen 80

If more than one IP address is available on the local system, the Listen directive can be uses to limit access to one specific IP address. For example, if a system has two network cards with IP addresses 192.168.0.200 and 192.168.122.1, the following directive can help limit access to systems on the 192.168.122.0 network:

Listen 192.168.122.1:80

Labels: Apache Email This BlogThis! Share to Twitter Share to Facebook

19 Responses so far.

  1. Top beauty parlours in Bangalore says:
    November 15, 2017 at 9:40 PM

    It's Really A Great Post
    Best Elegant IT Services

  2. Renith Harsan says:
    January 19, 2018 at 11:03 PM

    nice post forever thank u

    devops training in bangalore

    devops training in chennai

  3. Renith Harsan says:
    January 19, 2018 at 11:04 PM

    very useful post ,,thank u


    devops training in bangalore

    devops training in chennai

  4. deepti says:
    January 30, 2018 at 1:39 AM

    The blog was absolutely fantastic! Lot of great information which was helpful
    Best MatLab Training Institute in Chennai | MatLab Training Center in Velachery

  5. Mounika Karoshi says:
    January 30, 2018 at 10:40 PM

    Excellent blog

    python interview questions
    git interview questions
    django interview questions
    sap grc interview questions and answers
    advanced excel training in bangalore
    zend framework interview questions
    apache kafka interview questions

  6. Mounika Karoshi says:
    January 30, 2018 at 10:41 PM

    Nice blog

    uipath training in bangalore

    angular4 interview questions
    python interview questions
    artificial intelligence interview questions


    python online training
    artificial intelligence online training
    talend training
    docker training

  7. Mounika Karoshi says:
    January 30, 2018 at 10:41 PM

    I got nice blog

    sap partner companies in bangalore
    sap implementation companies in bangalore
    sap partners in india
    aws staffing

    jquery interview questions
    sql interview questions

  8. Mounika Karoshi says:
    January 30, 2018 at 10:42 PM

    Nice blog
    myTectra Profile | Trainingindustry.com
    myTectra | Instagram
    myTectra | Youtube

  9. Nisha Premrahul says:
    January 31, 2018 at 2:32 AM

    Great blog on apache configuration file. Thanks for the useful information and keep updating.
    Final Year Project Center in Chennai | IEEE Project Center in Chennai | Diploma Project Center in Chennai

  10. jash vitha says:
    January 31, 2018 at 3:39 AM

    Nice to read your article..Thanks for sharing your wonderful Blog..
    PCB Training Institute in Chennai | PCB Training Institute in Velachery

  11. Suresh R says:
    February 1, 2018 at 9:45 PM

    Thank you for sharing this type of interview questions
    Iot Online Training
    Itil Interview Questions
    Salesforce Interview Questions
    Msbi Interview questions
    Salesforce Interview Questions
    C Interview Questions

  12. ram chinna says:
    March 5, 2018 at 2:34 AM

    This message nice information its very useful to read your blog. We provide best Digital Transformation Services

  13. sam says:
    March 5, 2018 at 9:29 PM

    Very good informative article. Thanks for sharing such nice article, keep on up dating such good articles.

    Austere Technologies is best Cloud Solution services company. Please visit for best cloud services www.austeretech.com

  14. massil says:
    March 6, 2018 at 10:33 PM

    wow...nice blog, very help full information. Thanks for sharing.

    NO.1 APP DEVELOPMENT SERVICES | MASSIL TECHNOLOGIES

  15. AUSTERO says:
    March 8, 2018 at 9:57 PM

    REALLY VERY EXCELLENT INFORMATION. I AM VERY GLAD TO SEE YOUR BLOG FOR THIS INFORMATION. THANKS FOR SHARING. KEEP UPDATING.

    NO.1 IOT Services | INTERNET OF THINGS | Best IOT Services |

  16. MASSIL says:
    March 13, 2018 at 10:12 PM

    Really very informative blog. Thanks for sharing. keep updating.

    NO.1 Mobile APPilication DEVELOPMENT SERVICES | MASSIL TECHNOLOGIES

  17. Morgan lee says:
    March 21, 2018 at 1:50 AM

    Hi There,

    This article was extremely remarkable.
    Thanks for such a nice tutorial.
    I’m looking for detailed documentation about Uipath architecture, minimal server and database requirements, installation and configuration (including HA and DR setup).
    Could You provide me this kind of information?

    Appreciate your effort for making such useful blogs and helping the community.

    Thank you,
    Morgan

  18. AUSTERO says:
    March 28, 2018 at 4:18 AM

    What an excellent informative. Thanks for sharing.

    Best Mobility Services | Austere Technologies

  19. AUSTERO says:
    April 9, 2018 at 5:27 AM

    Great informative article. Thanks for sharing.

    Best IT Security Services | Austere Technologies

Leave a Reply

Newer Post Older Post
Subscribe to: Post Comments (Atom)

Our Blogs

  • Java Programs with Output
  • C Programming Tutorial
  • Language Tutorial
  • Android Development Tutorial
  • Web Development Tutorial
  • Popular
  • Recent
  • Archives

Popular Posts

  • AWS VPC Overview
    What is VPC ? A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other vir...
  • Advantages & Disadvantages of Kerberos
    Advantages of Kerberos Most conventional network services use password-based authentication schemes. Such schemes require a user to au...
  • How to Create the Kerberos database
    Create the database with the following command.  [root@coma ~] kdb5_util create -s This will prompt you for a password. You will ...
  • Apache Installation and Configuration through source code
    In this example we extract the source code to a directory under /usr/local/src/ cp httpd-2.0.46.tar.gz /usr/local/src cd /usr/local/src...
  • History of MINIX 3
    MINIX has a long history. It goes back to 1987 when the first edition of the book Operating Systems: Design and Implementation by Andrew S...
  • How to configure Slave KDC (Backup KDC)
    At this point, you will want to setup a backup or “slave” KDC. Host Principal First, add a host principal for each slave KDC. If you ...
  • Apache Configuration File Security Option
    you’ll examine the security options available in the main Apache configuration file, httpd.conf. That file can be modified to secure the e...
  • Tcpdump command with some examples
    To print all packets arriving at or departing from sundown: tcpdump host sundown To print traffic between helios and either hot or ace: ...
  • How to automatically chroot jail selected ssh user logins
    1. Creating basic chroot environment First we need to create a simple chroot environment. Our chroot environment will consist of a bash she...
  • Track the number of systems on a network with fping
    " If you wish to know the number of systems running on a network along with the mac and IP addresses of each computer, you need to in...
Powered by Blogger.

Archives

  • ►  2014 (1)
    • ►  May (1)
  • ►  2013 (4)
    • ►  February (4)
  • ▼  2012 (89)
    • ►  November (1)
    • ▼  March (4)
      • Apache Configuration File Security Option
      • Apache and SELinux File Labels
      • Apache Port and Firewalls
      • Apache Log Files Details
    • ►  February (36)
    • ►  January (48)
 

Followers

Labels

  • Apache (8)
  • aws (1)
  • Bridge (1)
  • cloud computing (1)
  • Configuration (1)
  • dhcp server (7)
  • DNS (8)
  • File system (11)
  • Fping (1)
  • Iptable basic (3)
  • KDC slave server (1)
  • Kerberos (14)
  • kerberos configuration (5)
  • kerberos database (1)
  • LaTeX (1)
  • Ldap basic (2)
  • Linux aliases (1)
  • Linux Commands (4)
  • Linux History (2)
  • Linux Installation (3)
  • Linux kernel (3)
  • Linux shell (2)
  • Linux software (2)
  • Lvm (1)
  • Mail Server (3)
  • Network Script (1)
  • PHP (1)
  • Raid (6)
  • SELinux (1)
  • Sendmail (3)
  • ssh (2)
  • Tcpdump example (1)
  • Virtualization (5)
  • Webmin (1)
  • Yum (2)
 
 
© 2011 Linux Tutorial for Beginners | Designs by Web2feel & Fab Themes

Bloggerized by DheTemplate.com - Main Blogger