Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
ApacheNotes
Edit
PageHistory
Diff
Info
LikePages
You are viewing an old revision of this page.
View the current version
.
!!! Installation If you're going to compile and install [Apache] from source, use the [Apache Toolbox | http://www.apachetoolbox.com/]. !!! Rotating your logs Want to rotate all of your separate ~VirtualHost log files without restarting [Apache]? Use a little-known tool that comes with [Apache] called rotatelogs(8). Change your ~TransferLog lines to: <verbatim> TransferLog "|/path/to/rotatelogs /your/log/file.log 64800" </verbatim> Read the ManPage for more information, or replace with ~CronoLog which has more features. !!! Securing [Apache] [Apache] recently featured in a [list of security problems | http://isc.sans.org/top20.html]. They generally boil down to configuration mistakes. Points to note when installing, configuring and mantaining [Apache] include: <br> <br> : __[CGI] scripts__: Probably the biggest problem. Upload and [CGI] directories need to be distinct (so people can't upload "improved" [CGI] scripts) and as small as possible. Apache2 makes it easier to run different scripts or even different Virtual Hosts as different users, rather than as the user that [Apache] is running as. __Chroot prisons__: Running in a chroot prison limits the damage than can be done should an application be compromised. See [chroot(2)] for details. Apache2 has better support for this. See also: * [HowToSecureProgramsHOWTO] * [HowToSecurityQuickstartHOWTO] * [HowToSecurityHOWTO] * [http://httpd.apache.org/docs/misc/security_tips.html] <br> __FireWall~ing [Apache]__: You probably should FireWall the [Apache] user from connecting out to the InterNet unless you know that they actually have to. Doing this prevents a lot of exploits that people will attempt against your WebSite. The same idea can be applied to other services. <verbatim> iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump REJECT iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump LOG </verbatim> !!! Extra information in directory listings You can have additional information displayed at the top and bottom of a <tt>mod_autoindex</tt> directory listing by putting the text in a file called <tt>HEADER</tt> and <tt>README</tt>, respectively. Either file can any have FileExtension (or none). To enable this feature, you will need <tt>~MultiViews on</tt> to be in effect for that request. !!! See also * NameVirtualHosting * ModBackhand
2 pages link to
ApacheNotes
:
UserSubmittedNotes
Apache
