How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
How to install and secure egroupware - Directory UMM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
H<strong>and</strong>ler: cgi-script<br />
----------------------------------------<br />
GET /cgi-bin/modsec-test.pl?p=DELETE%20FRoM+users HTTP/1.0<br />
Host: xxx.xxx.xxx.xxx<br />
User-Agent: mod_security regression test utility<br />
Connection: Close<br />
mod_security-message: Access denied with code 406. Pattern match<br />
"delete[[:space:]]+from" at THE_REQUEST.<br />
mod_security-action: 406<br />
HTTP/1.0 406 Not Acceptable<br />
Content-Length: 352<br />
Connection: close<br />
Content-Type: text/html; charset=iso-8859-1<br />
6.3 Optimization <strong>and</strong> securing of the Apache web server<br />
To <strong>secure</strong> your web server you should disable all unneeded modules. Activate only what you need <strong>to</strong> run<br />
your web applications. Running Apache with fewer modules will also improve its performance.<br />
6.3.1 Recommended modules <strong>to</strong> run<br />
The following is a short overview of what you need <strong>to</strong> run Apache 2 with eGroupWare. All other modules can<br />
<strong>and</strong> should be disabled.<br />
� Optimisation of the Apache web server is not for newbies! When you disable some modules in your<br />
httpd.conf you must also comment out some other options. It is strongly recommended that you disable a<br />
module, s<strong>to</strong>p Apache, <strong>and</strong> start it again…do this one at a time! Take a look for error messages every time.<br />
mod_access.so<br />
mod_auth.so<br />
mod_include.so<br />
mod_log_config.so<br />
mod_expires.so<br />
mod_deflate.so<br />
mod_headers.so<br />
mod_unique_id.so<br />
mod_setenvif.so<br />
mod_mime.so<br />
mod_negotiation.so<br />
mod_dir.so<br />
mod_alias.so<br />
6.3.2 Other Apache configuration options<br />
You can hide information about your Apache web server for security reasons. There are different possibilities for<br />
Apache 1.3 <strong>and</strong> Apache 2.x.<br />
Reiner Jung Install <strong>and</strong> Secure eGroupWare Page 37 of 67