Discussion on:
DOWNLOAD: Apache Web Server: Lock it down in 10 steps

4
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
Email Alert
Just In
RE: the top 10 listed
thomas_nooning 8th May 2005
While some of the items listed are indeed part of the default configuration on many distributions, not all of them are. I've yet to come across one that installs Apache into a chroot jail for instance, well maybe Tinfoil Hat Linux. But leaving it up to the defaults is not the best idea on any production webserver, you should know the best practices by heart.

And mod_gzip is nice, but be careful with browser compatility and certain file types, like CSS and JavaScript.
View in thread

Tags: security, linux, apache, web server, unix

Community Preferences
0 Votes
+ -
Editor
DOWNLOAD: Apache Web Server: Lock it down in 10 steps
jasonhiner Updated - 6th May 2005
.
http://techrepublic.com.com/5138-10595-5697982.html

After you take a look at this video, please post your feedback, ideas for future improvements, or further thoughts on this topic.

Thanks,
TechRepublic Downloads Team
0 Votes
+ -
Other Ideas?
thomas_nooning 6th May 2005
I'd be interested in hearing what you other SysAdmins out there have done to harden Apache. And please let me know if you have any questions regarding the steps outlined in the download.

Thanks, Tom
0 Votes
+ -
the top 10 listed
Jaqui 7th May 2005
are the default configuration options of all the linux distros I've looked at.
also the recommended config from apache.org.

I would add:
install the bandwidth module, which kills the iis specific viruses that consume data transfer by reporting infected machines to one location.

disable any cgi but approved scripts.
do not enable frontpage extentions ( they break security by accessing activex controls )

force download and saving of any file other than html/xhtml/php/xml
( do default opening of pdf )

use moz_gzip
compress all data being transferred, saves data transfer, and stops execution of malicious code until user enables.
0 Votes
+ -
RE: the top 10 listed
thomas_nooning 8th May 2005
While some of the items listed are indeed part of the default configuration on many distributions, not all of them are. I've yet to come across one that installs Apache into a chroot jail for instance, well maybe Tinfoil Hat Linux. But leaving it up to the defaults is not the best idea on any production webserver, you should know the best practices by heart.

And mod_gzip is nice, but be careful with browser compatility and certain file types, like CSS and JavaScript.
Keyboard Shortcuts:
Prev
Next
Toggle
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question