Penguin
Note: You are viewing an old revision of this page. View the current version.

Installation

If you're going to compile and install Apache from source, use the Apache Toolbox.

Rotating your logs

Want to rotate all of your separate VirtualHost log files without restarting Apache? Use a little-known tool that comes with Apache called rotatelogs(8).

Change your TransferLog lines to:

TransferLog "|/path/to/rotatelogs /your/log/file.log 64800"

Read the ManPage for more information, or replace with CronoLog which has more features.

Securing Apache

Apache recently featured in a list of security problems. They generally boil down to configuration mistakes. Points to note when installing, configuring and mantaining Apache include:

CGI scripts

Probably the biggest problem. Upload and CGI directories need to be distinct (so people can't upload "improved" CGI scripts) and as small as possible.

Apache2 makes it easier to run different scripts or even different Virtual Hosts as different users, rather than as the user that Apache is running as.

Chroot prisons

Running in a chroot prison limits the damage than can be done should an application be compromised. See chroot(2) for details. Apache2 has better support for this.

See also:


FireWalling Apache

You probably should FireWall the Apache user from connecting out to the InterNet unless you know that they actually have to. Doing this prevents a lot of exploits that people will attempt against your WebSite. The same idea can be applied to other services.

iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump REJECT
iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump LOG

Extra information in directory listings

You can have additional information displayed at the top and bottom of a mod_autoindex directory listing by putting the text in a file called HEADER and README, respectively. Either file can any have FileExtension (or none). To enable this feature, you will need MultiViews on to be in effect for that request.


See also