Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
ApacheNotes
Edit
PageHistory
Diff
Info
LikePages
You are viewing an old revision of this page.
View the current version
.
!!! Installation If you're going to compile and install [Apache] from source, use the [Apache Toolbox | http://www.apachetoolbox.com/]. !!! Rotating your logs Want to rotate all of your separate ~VirtualHost log files without restarting [Apache]? Use a little-known tool that comes with [Apache] called rotatelogs(8). Change your ~TransferLog lines to: <verbatim> TransferLog "|/path/to/rotatelogs /your/log/file.log 64800" </verbatim> Read the ManPage for more information, or replace with ~CronoLog which has more features. !!! Securing [Apache] [Apache] recently featured in a [list of security problems | http://isc.sans.org/top20.html]. They generally boil down to configuration mistakes. Points to note when installing, configuring and mantaining [Apache] include: <br> <br> : __[CGI] scripts__: Probably the biggest problem. Upload and [CGI] directories need to be distinct (so people can't upload "improved" [CGI] scripts) and as small as possible. Apache2 makes it easier to run different scripts or even different Virtual Hosts as different users, rather than as the user that [Apache] is running as. __Chroot prisons__: Running in a chroot prison limits the damage than can be done should an application be compromised. See [chroot(2)] for details. Apache2 has better support for this. See also: * [http://httpd.apache.org/docs/misc/security_tips.html] <br> __FireWall~ing [Apache]__: You probably should FireWall the [Apache] user from connecting out to the InterNet unless you know that they actually have to. Doing this prevents a lot of exploits that people will attempt against your WebSite. The same idea can be applied to other services. <verbatim> iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump REJECT iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump LOG </verbatim> !!! Extra information in directory listings You can have additional information displayed at the top and bottom of a <tt>mod_autoindex</tt> directory listing by putting the text in a file called <tt>HEADER</tt> and <tt>README</tt>, respectively. Either file can any have FileExtension (or none). To enable this feature, you will need <tt>~MultiViews on</tt> to be in effect for that request. !!! Apache and [IPv6] If you want a ~VirtualHost available on both IPv4 and IPv6, then give it a name that resolves to both a v4 and v6 address. It won't work if you give use a name that doesn't have a v6 address, and then try to use ~ServerName or ~ServerAlias. Eg: <verbatim> $ host wlug.org.nz wlug.org.nz A 203.97.10.50 $ host -t aaaa wlug.org.nz wlug.org.nz AAAA record currently not present $ host -t a www.wlug.org.nz www.wlug.org.nz CNAME hoiho.wlug.org.nz hoiho.wlug.org.nz A 203.97.10.50 $ host -t aaaa www.wlug.org.nz www.wlug.org.nz CNAME hoiho.wlug.org.nz hoiho.wlug.org.nz AAAA 2002:CB61:A32:0:0:0:0:1 </verbatim> !Doesn't Work: <verbatim> <VirtualHost wlug.org.nz:80> ServerName www.wlug.org.nz ServerAlias wlug.org.nz ServerAlias www2.wlug.org.nz ... </verbatim> (Apache can't resolve wlug.org.nz to an IPv6 address, so this vhost won't be available via ipv6.) !Does work: <verbatim> <VirtualHost www.wlug.org.nz:80> ServerName www.wlug.org.nz ServerAlias wlug.org.nz ServerAlias www2.wlug.org.nz ... </verbatim> !!! See also * NameVirtualHosting * ModBackhand
2 pages link to
ApacheNotes
:
UserSubmittedNotes
Apache