Apache is an open source WEB servers, is supported by the nonprofit Apache Software Foundation, hosting, VPS, we use Apache server architecture environment, but any schema environment will suffer from a variety of possible attacks, security vulnerability detection, such as SQL injection and denial of service attacks.
As part of our VPS/server users, we need to do a backup on the server data security, and also need to observe at any time with our server monitoring, to curb the need to pay attention to the latest vulnerability security update script, as the basis of the applications, we need to ensure that Apache based security settings, ensure, on a basis of server security.
Ensuring the security of Apache Web Server 8 security tips
First, regularly updating the system
First of all, we need to ensure is you have installed the latest version of security patches and additional CGI,Perl and Apache and PHP script code. We need to regularly update the data source-dependent package operation.
# Ubuntu/Debian
apt-get update; apt-get dist-upgrade
# Fedora/Centos/RedHat
yum update
Depending on your system environment, select the update command.
Second, set up and protect our SSH security
After we get a VPS, proposed to amend the port, ROOT password, as well as non-ROOT user authorization rights management, log on or we can be the key to SSH client managed VPS. Refer to “set up a Putty SSH key login Linux VPS hosting” and “Xshell setting key login ensures that Linux VPS and server more secure” articles set a key landing.
Third, disable unused services
In order to ensure that our Web server security, you are advised to check all services that are running on the server and open the port, disable all services on the server, we do not need.
# To display all service service–status-all
# Show all port rules
# Displays all the information (RedHat/CentOS/Fedora) chkconfig–list
# Check for suspicious/etc/init.d scripts/init.d
Lastly, disable unnecessary Apache module
By default, many Apache modules are open, but some do not need to use, we can close and streamlined. For example there was shared with the “6 steps to realize a CentOS system streamlined” and “4-steps towards the environments streamlined the Debian system” can improve the rate of implementation less efficient resource.
A – Ubuntu/Debian
cat /etc/apache2/mods-enabled/* | grep -i loadmodule
Open module
a2enmod module_name
Close the module
a2dismod module_name
B – Centos/Fedora/RedHat
cat /etc/httpd/conf/httpd.conf | grep -i LoadModule
Edit the httpd.conf file and search keyword LoadModule, need to close the preceding it with # note save you can instead start remove the #
V, allows Apache to specified users and groups to run
Most of the default Apache uses the default user and group for the Apache, in order to ensure safety, we can use a different user/group. If you run a mail server as the nobody user, you use the same user running Apache. If your mail server is compromised, your Apache will also be affected. For example, we are running as root, if there is a security risk, then the whole system will be too much of a risk. To check/change user/group, edit the httpd.conf file.
#Fedora/Centos/Redhat
vi /etc/httpd/conf/httpd.conf
#Ubuntu/Debian
vi /etc/apache2/httpd.conf
We can use the default user group, you can also create new users/groups.
User apache
Group apache
VI, the prevention of information leaks
Default Apache installation in the default page reflect the port, version information, and so on, we need to hide the information.
#Fedora/Centos/Redhat
vi /etc/httpd/conf/httpd.conf
#Ubuntu/Debian
vi /etc/apache2/conf-enabled/security.conf
Search for ServerTokens and ServerSignature characters, and modifications
ServerTokens Prod
ServerSignature Off
Then restart the Apache
#Fedora/Centos/Redhat
service apache2 restart
#Ubuntu/Debian
service httpd restart
Then our 404 page cannot see the version information.
VII, hide PHP version information
#Fedora/Centos/Redhat
vi /etc/php.ini
#Ubuntu/Debian
vi /etc/php5/apache2/php.ini
Then search the expose_php, the corresponding parameter on to off
Eighth, disable, auto indexing module
#Fedora/Centos/Redhat
/etc/httpd/conf/httpd.conf
“LoadModule autoindex_module modules/mod_autoindex.so” add # before ban
#Ubuntu/Debian
rm -rf /etc/apache2/mods-enabled/autoindex.conf
Remove automatic indexing module
Summarizing, above the old left is organized into 8 security settings for Apache, some settings that we can view the. htaccess file security settings, we can not be overlooked this little file, some security settings that are needed by. htaccess file, there’s time to finish an article. In any case, we are using virtual hosts, or VPS/server, we need to monitor site and project data and a scheduled backup at any time.
Leave a Reply