Apache Hardening

Posted by ghimau under
Attn: alycia
Based on my findings yesterday, here are some hardening tips to your apache server.

1. To disable server-infoOpen your apache httpd.conf, find the following paragaraph
SetHandler server-info
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-info
Order deny,allow
#Allow from all
Deny from all

2. To disable server-statusOpen your apache httpd.conf, find the following paragaraph
SetHandler server-status
Order deny,allow
Allow from all
Change to this to, then restart your apache(httpd) server.
SetHandler server-status
Order deny,allow
#Allow from all
Deny from all

3. To disable directory listing, which is the most crucial part.Open your apache httpd.conf, find the following paragaraph
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
Allow from all
Change to this to, then restart your apache(httpd) server.
Options FollowSymLinks ExecCGI Indexes
AllowOverride None
# Controls who can get stuff from this server.
Order allow,deny
#Allow from all
Deny from all

If you done it right, you'll get 403 Forbidden error message when trying to access the 'vulnerable' page

Open source is secure only if you put some effort to secure it. Otherwise, it is more vulnerable comparing to windows

7 comments:

On 29 June 2007 at 13:37 , alycia said...

ok, saya akan view step2 tu... nak try kat server..

Thanks ye..

 
On 29 June 2007 at 15:13 , ghimau said...

ok.. no hal

 
On 29 June 2007 at 15:34 , kecik said...

"saya"?.. gile formal...korang ni baru berkenalan ke hape??

 
On 29 June 2007 at 16:50 , ghimau said...

ek eleh.. kecoh la kecik ni :P

 
On 29 June 2007 at 17:26 , alycia said...

ini bahasa pejabat hik hik hik...

 
On 2 July 2007 at 14:35 , فيصل said...

hahaha saya bahasa pejabat.. betul tu .. akak, abang pun bahasa pejabat.. bila panggil seseorang tu akak.. automatik kita bahasakan diri kita saya

 
On 3 July 2007 at 10:27 , viruspadu said...

ye betul...
mmg otometik gitew...