Apache Security Configuration

Written by James McDonald

August 27, 2011

Apache Web Server Security Configuration
If you are thinking of moving to a self managed service one of the really important things is that you think heavily about security, especially of anything exposed to the web.

If you have apache running then it’s crucial to have something that is sniffing your incoming requests and knocking anything that doesn’t look right on the head.
Mod Security: http://www.modsecurity.org/
Some patterns for Mod Security to use: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Listing Currently Install DSO (Dynamic Shared Objects)

apachectl -t -D DUMP_MODULES

The purpose the above command is to allow you to identify and weed out any modules that are not absolutely required for your particular web applications to run.

Getting some process separation using SUEXEC (SLOW)
http://blog.stuartherbert.com/php/2007/12/18/using-suexec-to-secure-a-shared-server/
You may need this so that you can further enforce the separation between web sites by having them served as different users.

A Better Way Using fcgid
http://blog.stuartherbert.com/php/2008/10/07/can-you-secure-a-shared-server-with-php-fastcgi/

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

How to Research a CPU Upgrade

How to Research a CPU Upgrade

Upgrade Time! Doing a lot of VMWare Workstation virtualization to create labs for self-study and training. Finding...