Apache
Jump to navigation
Jump to search
Dit document beschrijft hoe we na een standaard install van apache op een RHEL server. Apache verder af configureren zodat het wat gehardend is.
Directive and setting | Description/rationale |
---|---|
Uncomment LoadModule info_module modules/mod_info.so | gives out too much information about your web server to potential attackers. |
Uncomment LoadModule status_module modules/mod_status.so | gives out server stats via web pages |
Uncomment LoadModule userdir_module modules/mod_userdir.so | translates URLs to user-specific directories |
Uncomment LoadModule autoindex_module modules/mod_autoindex.so | provides directory listings when no index.html file is present |
AddIcon (remove) AddIconByEncoding (remove) AddIconByType (remove) DefaultIcon (remove) IndexOptions (remove) AddDescription (remove) ReadmeName (remove) HeaderName (remove) IndexIgnore (remove) |
Remove all references to these directives, since we disabled the fancy indexing module. |
/manual | Remove manual pages |
/icons | Remove icons |
ServerSignature Off | Prevents server from giving version info on error pages. |
ServerTokens Prod | Prevents server from giving version info in HTTP headers |
TraceEnable Off | TraceEnable off causes the core server and mod_proxy to return a 405 FORBIDDEN error to the client. |
UserDir disabled root | the UserDir line, since we disabled this module. If you do enable user directories, you’ll need this line to protect root’s files. |
FileETag MTime Size | Disable inode-based ETag generation in the Apache config. You can remove inode information from the ETag header by adding this directive to your Apache config. |