Introduction to the Apache Web Server - ApacheCon

More documents

Recommendations

Info

114
Section 19 Security http://httpd.apache.org/docs/misc/security-tips.html 19.1 Overview Apache has a significantly lower incidence of security problems, and significantly higher speed of resolving those problems, than that other web server. However, the last several releases have been security bug fix releases. And, although we try to ship apache ”secure by default”, there are a number of things that you can do to improve the situation, as well as a lot of things that you can do to make it worse. Here’s the simplistic list of what you should do. • Keep file permissions as restrictive as possible • Disable unused ports • Remove unnecessary user accounts • Don’t use telnet • Limit modules (Don’t have modules installed that you are not using) • Avoid FrontPage like the plague • Avoid SSI where not necessary • Don’t use the system password file for authentication • Don’t put your password file in a document directory • Develop on a staging server • Keep up with OS and Apache security patches. • Restrict CGI • Use suexec for CGI Ok, now, in more detail ... 115
Page 1:
Introduction to the Apache Web Serv
Page 4 and 5:
3.1 Apache process architecture . .
Page 6 and 7:
8.3 Alias . . . . . . . . . . . . .
Page 8 and 9:
13 SSI 75 13.1 Configuration for SS
Page 10 and 11:
16.5 Typical errors . . . . . . . .
Page 12 and 13:
19.8 Modules . . . . . . . . . . .
Page 14 and 15:
23.1 Caching . . . . . . . . . . .
Page 16 and 17:
He wrote the CERN web server, and t
Page 18 and 19:
• provide a foundation for open,
Page 20 and 21:
This is a good point to encourage d
Page 22 and 23:
• htdocs • icons Show the stude
Page 24 and 25:
./configure --help ./configure --pr
Page 26 and 27:
2.6 apxs apxs is a Perl utility for
Page 28 and 29:
The “correct” value for these d
Page 30 and 31:
• Some modules, like mod php, don
Page 32 and 33:
• help apachectl symlink You may
Page 35 and 36:
Section 4 Configuration files http:
Page 37 and 38:
directory - Can be used in a secti
Page 39 and 40:
httpd -DUSESSL Then you could add a
Page 41 and 42:
Section 5 .htaccess files 5.1 Confi
Page 43:
5.3 Exercise Create .htaccess file
Page 46 and 47:
ServerName www.foo.com DocumentRoot
Page 48 and 49:
3. Verify that they are serving con
Page 51 and 52:
Section 7 MIME http://httpd.apache.
Page 53 and 54:
AddType application/x-tar tgz Note
Page 55 and 56:
7.4.3 mod gzip More will be said ab
Page 57 and 58:
Section 8 URL Mapping http://httpd.
Page 59 and 60:
Equivalent to ... Alias /cgi-bin/ /
Page 61 and 62:
Then /cgi-bin/404.cgi will look lik
Page 63 and 64:
----------------------------- The
Page 65:
UserDir disabled UserDir enabled rb
Page 68 and 69:
9.2 Negotiation Methods 9.2.1 Multi
Page 70 and 71:
Note, however, that CacheNegotiated
Page 72 and 73:
10.3 IndexOptions The arguments to
Page 74 and 75:
10.4 Additional directives In addit
Page 77 and 78: Section 11 Performance Tuning http:
Page 79 and 80: 11.5 Tuning configuration settings
Page 81: 11.5.6 mod mmap static Map static f
Page 84 and 85: - JSP - etc, etc, etc • Each addr
Page 86 and 87: #!/usr/bin/perl use CGI; my $cgi =
Page 89 and 90: Section 13 SSI http://httpd.apache.
Page 91 and 92: SSIStartTag "" 13.4 SSI directives
Page 93: Most commonly, include is used to i
Page 96 and 97: SetHandler Much like the AddHandler
Page 98 and 99: advertising a page that has moved,
Page 100 and 101: AddHandler type-map .var 14.1.3 Cus
Page 102 and 103: AddOutputFilterByType DEFLATE text/
Page 104 and 105: 15.4 Configuration 15.4.1 PerlRequi
Page 106 and 107: Wow. 15.6.2 Apache::Registry If you
Page 108 and 109: 15.8.2 Installing the example mod p
Page 110 and 111: package Acme::Apache::Werewolf; use
Page 112 and 113: • "GET / HTTP/1.0" Request - Meth
Page 114 and 115: 16.4 Exercises 1. Construct a log f
Page 116 and 117: • Precisely how many visitors •
Page 118 and 119: 16.9.2 rotatelogs CustomLog "|/usr/
Page 120 and 121: • Set configuration to use this f
Page 122 and 123: • mod auth nds (Netware Directory
Page 124 and 125: 110
Page 126 and 127: • etc • Also, names like ’ema
Page 130 and 131: 19.2 File permissions The overridin
Page 132 and 133: 19.2.6 public html If users have we
Page 134 and 135: 19.3.3 ServerSignature Automaticall
Page 136 and 137: * Don’t put important things in t
Page 138 and 139: 19.10 mod security http://www.modse
Page 140 and 141: 126
Page 142 and 143: 20.3 Certificates • Generate a ke
Page 144 and 145: 130
Page 146 and 147: 21.1.2 Apache 2.0 modules: [access
Page 148 and 149: 21.6 mod auth Name mod auth On by d
Page 150 and 151: 21.13 mod cgi Name mod cgi On by de
Page 152 and 153: 21.21 mod include Name mod include
Page 154 and 155: Mapping files into memory to improv
Page 156 and 157: 21.35 mod status Name mod status On
Page 158 and 159: To enable DAV in a particular direc
Page 160 and 161: 23.2 Proxying The proxy part lets y
show all

Introduction to the Apache Web Server - ApacheCon

Create successful ePaper yourself

Delete template?

Save as template?