Apache
From Terminal23wiki
This page will hold settings and changes to improve the security of Apache. I typically use Apache 2.2x on Ubuntu and Windows boxes. Most of these settings will be what I use on Ubuntu 7.10, but may also work on Windows, or other Linux distributions.
Contents |
hide some version info
ServerTokens Major
disallow directory index views
Make sure the option "Indexes" is not present (or prefixed with a "-") in the main directory directives. The below config line illustrates what to look for and remove, not what the line should end up looking like.
Options Indexes FollowSymLinks
php: execute backup files to prevent info disclosure
Some editors will leave small scraps of files around which are suffixed by a ~ mark. These are not typically picked up by PHP and executed, and if someone browses to those files, they may display as text or prompt to download, which can lead to soruce code disclosure. It is better to let php execute the files as normal, which will keep the code safe.
AddType application/x-httpd-php .php .php~
supress php error messages
In the php.ini file, add/edit the following line:
display_errors = Off
references
http://fosswire.com/2008/01/01/bullet-proof-your-server-1-apache/
