Securing Apache 2 Step by Step

Security Focus has published a fantastic, in-depth piece by Artur Maj, a principal software engineer with Oracle, on locking down Apache 2.

The article starts with the assumption that initially Apache will serve only static HTML pages, and walks through several steps to establishing a chroot environment in which Apache will run. Steps include tuning the operating system, choosing Apache modules, building and configuring Apache and finally the chroot process.

For those running dynamic sites, fear not, links to securing PHP and MySQL, also written by Maj, are included at the end of the exercise. Sample httpd.conf and Apache startup scripts are available as well.

While running Apache in a chroot jail is not a simple task, it is one of the most secure ways to operate a web server as the true root of the server, or all directories below / are almost completely inaccessible even if the server’s security is successfully breached by an intruder.


Category: open source Time: 2004-06-21 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.100 (s). 12 q(s)