Shulou(Shulou.com)06/03 Report--

How to enhance the security of the Apache server? Perhaps many people do not understand, in order to let you understand better, the editor summed up the following content, I hope you can gain something according to this article.

It is important to secure the Web server, which means that only others are allowed to view part of the information and protect the data and restrict access.

These are common things to enhance the security of Apache Web servers.

1. Hide Apache version and operating system information Apache shows its version and operating system name errors, as shown in the screenshot below.

Hackers can use this information to launch attacks using public vulnerabilities in a specific version of the server or operating system. To prevent Apache webserver from displaying this information, we can modify the server signature option provided in the apache configuration file. By default, it is on (that is, on), and it is set to off (that is, off).

Vim / etc/httpd/conf/httpd.conf

Modify the content as follows:

ServerSignature Off

ServerTokens Prod

We also set "ServerTokens Prod", which tells the Web server to return only apache and disables major and minor versions of the operating system. After you modify the configuration file, you must restart / reload the Apache Web server for it to take effect.

Service httpd restart

After modifying and restarting the Apache server, you should see a similar result-

two。 Disable directory list

If the document root does not have an index file (such as index.html,index.php,index.html, etc.), the apache Web server displays all the contents of the document root by default.

You can turn off this feature for a specific directory through the options directive provided in the Apache configuration file.

Options-Indexes

3. Disable unnecessary modules

It is best to disable all unused unnecessary modules, and you can see a list of enabled modules in the apache configuration file-

[root@amsterdam] # httpd-M

Perl_module (shared)

Php5_module (shared)

Proxy_ajp_module (shared)

Python_module (shared)

Ssl_module (shared)

Many of the listed modules can be disabled, such as mod_imap,mod_include,mod_info,mod_userdir,mod_autoindex, because they are hardly used by any production Web server.

Vi / etc/httpd/conf/httpd.conf

And then comment out-

# LoadModule auth_digest_module modules/mod_auth_digest.so

After annotating the module, save the file. Restart the apache service using the following command.

/ etc/init.d/httpd restart/

4. Use mod_evasive to refute DoS attacks

If you want to protect the Web server from Dos, that is, denial of service, you must enable the module mod_evasive. It is a third-party module that can detect Dos attacks and prevent the damage caused by the attacks far beyond its running process.

5. Limit request size

Apache has no limit on the total size of http requests that can cause DoS attacks. You can use directory tags to limit the request size of the Apache directive LimitRequestBody.

This value can be set from 0 to 2GB (that is, 2147483647 bytes) as required.

LimitRequestBody 512000

After reading the above, do you have any further understanding of how to enhance the security of the Apache server? If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.