Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Webmaster > Tips and Tricks

September 1st, 2007, 11:07 GMT · By Adrian Placinta

Secure Apache Server for Windows

SHARE:

Adjust text size:


httpd.conf
Enlarge picture
Securing Apache is the most important thing to do if you don`t want to have problems with hackers. The first thing you must do is make sure you will always have the latest versions of Apache distribution and to make sure you will install the patches. If you don`t do so it could leave you vulnerable to high-profile exploits that
storm the Internet.

Another advice is to hide the Apache version. By default, Apache shows what version you have installed and attackers can use this information to compromize your webserver. To hide this information, add to your httpd.conf:
ServerSignature Off
ServerTokens Prod

When you set ServerTokens Prod the visitor will see only: Server: Apache.

Also, turning off directory browsing will block unauthorized persons to see your directory listing. To prevent that, add Options -Indexes to your httpd.conf file. With this directive you will also turn off server side includes: Options -Includes. Using Options -ExecCGI you can stop CGI. If you use CGI files, don`t use the directive. To disable all options, just use Options -None. To disable multiple options, use: Options -ExecCGI -Indexes

Another way to secure your webserver is to use only the modules you need and to turn off those you won`t need. To disable a module put # in front of LoadModule directive. For example, to unload isapi module use: #LoadModule isapi_module modules/mod_isapi.so.

If you want to make sure that only users from a network or from an IP class will access your website, restrict access from httpd.conf file. For a network class add:
Order Deny,Allow
Deny from all
Allow from 192.18.0.0/16

and for an ip add:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168

To limit the effects of a denial of service attack, decrease the Timeout value: Timeout 30. Turning on HTTP Keep Alive can improve client performance by as much as 50%, so you should let this setting turned on. Decrease the chances of a denial of service attack, lower the values. Change the values for MaxKeepAliveRequests(which defaults to 100) and the KeepAliveTimeout (which defaults to 15).

TELL US WHAT YOU THINK:

5,346 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Monitoring a Linux System with X11/Console/Web-Based Tools
Installing NTFS Write Support on Fedora/Ubuntu
How to Setup a Mail Server on FC6
Apache service and command prompt

READER COMMENTS:


Comment #1 by: Marco on 16 Apr 2009, 11:03 UTC reply to this comment

I can't understand the last line:

Allow from 127.0.0.1 192.168

Does that allow any IP other then localhost ?

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use