To get an in-depth knowledge on Apache Web Server, please visit, this.

However if you’ve already begun working with Apache and know about it, and are only concerned with securing your server, here are a few tricks that will help you out, read them and use them carefully.

Protecting the Files on Your Web Server

Most files that control web server’s operation are under ‘ServerRoot’

–Server runs under an identity (nobody) that shouldn’t have the ability to modify its own control files

–Exceptions are error_log and access_log

Most files in server’s DocumentRoot should be read-only to serverCarefully consider exceptions.

–Symbolic links can bypass DocumentRoot control

Protecting your computer from unauthorized users

Authentication – the process of allowing users access to the Web service based on usernames and passwords or IP addresses or domains

Protecting your computer from programs that run on the host computer

–SSI “includes”

–Executable directories

–Controls, scripts, applets, etc

Protecting the URLs on Your Web Site

This involves the Mandatory and Discretionary access that was discussed in the Server Users and Documents powerpoint slides which discussed the use of Authentication and Authorization.

Permissions on ServerRoot Directories

You want to be sure these directories are writeable only by root

–If non-root users can modify files that root either executes /writes, system is open to root compromises  (httpd could be replaced, log files overwritten, etc.)

More Security Tips for Apache

CGI – scripts run under Apache’s user so may possibly conflict with other scripts

suEXECprogram included with Apache to allow scripts to run as different users

Disallow .htaccess files – may override admin’s security controls

–AllowOverride None

Server Side Includes – require additional processing by Apache – require .shtml

–Can also execute (EXEC) any CGI script or program under permissions of user/group Apache Runs in

Use IncludesNOEXEC directive to prohibit

 

 

Categories: Knowledgebase

0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: