|
How To Make Your Web Server Prod Ready |
|
|
Dec 23, 2007 at 02:33 PM |
#*** References ***#
Linux Basement: Customizing Drupal - Part 1
Debian Admin: Hide Apache Information & PHP software version
PaulDorCom: Apache Hardening
#Back Up your apache2.conf file:
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.confOrig
sudo vi /etc/apache2/apache2.conf
#*** Anable Webalizer Hostname Lookup ***#
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
#HostnameLookups Off
HostnameLookups On
#*** Fix "apache2: Could not reliably determine the server's
# fully qualified domain name" Error ***#
#
#Add ServerName tag entry:
#
ServerName "http://www.yourDomainName.org"
#*** Hide Apache Information ***#
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Full
ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
#ServerSignature On
ServerSignature Off
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
ErrorDocument 500 "The server encountered an error with this request."
ErrorDocument 404 "HTML Error"
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#*** Clean URL Rewrite ***#
cd /var/www
sudo a2enmod rewrite
#Module rewrite installed; run /etc/init.d/apache2 force-reload to enable.
sudo /etc/init.d/apache2 force-reload
sudo vi /etc/apache2/sites-available/default
#Under <Diretory /var/www/>
#change Allowoverride from None to All so that it looks like this:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
# Mambo specific: Anable .htaccess file in your website root directory
sudo mv htaccess.txt .htaccess
#Go to Mambo Admin ->Global Configuration -> SEO
#Select Search Engine Friendly URLs: yes
#Restart Apache
sudo /etc/init.d/apache2 restart
#*** Hide Php Information ***#
#Make a backup of php.ini file
cd /etc/php5/apache2
sudo cp php.ini php.iniOrig
sudo vi php.ini
;
; Misc
;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
;expose_php = On
expose_php = Off
#Restart Apache
sudo /etc/init.d/apache2 restart
|
LUG How Tos 