logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache Virtual Configs Standard Hardened Setups
Author
ArtM



Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada

PostPosted: Mon 13 Mar '06 16:38    Post subject: Apache Virtual Configs Standard Hardened Setups Reply with quote

Any suggestions and/or example Virtual Configs appreciated. I'm concerned about security & flexibility in an Apache 2.2 PHP 5 MySQL Perl setup. What I have so far is below:

----------------------------------------------------------------
#
# Testing MyDomain.ca
#

<VirtualHost *:80>

ServerName testing.MyDomain.ca

ServerAdmin webmaster@MyDomain.ca

DocumentRoot "X:/Webs/MyDomain.CA/Testing"

DirectoryIndex "index.html"

Options Indexes

IndexOptions FancyIndexing FoldersFirst

SetEnvIf Remote_Addr "192\.168\.007\.1[2-4][0-9]" lanip
ErrorLog "X:/LOGDATA/Apache/Virtuals/MyDomain/MYDTesting-errors.log"
CustomLog "X:/LOGDATA/Apache/Virtuals/MyDomain/MYDTesting-access.log" common env=!lanip


Options Indexes FollowSymLinks +ExecCGI


ScriptAlias /cgi-bin/ "X:/Webs/MyDomain.CA/Testing/cgi-bin/"

<Directory "X:/Webs/MyDomain.CA/Testing/cgi-bin">
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>


</VirtualHost>

---------------------------------------------------------------------
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Mon 13 Mar '06 19:03    Post subject: Reply with quote

The config looks standard.

What kind of "security & flexibility" do you want ?

For security I strongly advise to use mod_security.


Steffen
Back to top
ArtM



Joined: 23 Feb 2006
Posts: 59
Location: Bedford NS Canada

PostPosted: Mon 13 Mar '06 22:48    Post subject: Reply with quote

Steffen wrote:
The config looks standard.

What kind of "security & flexibility" do you want ?

For security I strongly advise to use mod_security.


Steffen


Flexibility - just to be able to add new virtuals easily.

Security - so I don't get hacked/wormed by 'roamers'.
(Most of my stuff is family/private. I am using Robots.txt to keep out search engines.)

I have installed Mod_Security - and it appears to work using your test.

Is your Mod_Security.conf sufficient in most cases - or should I be looking for further strengthening additions to it? Do you recommend a firewall in addition? Any suggestions? (I am behind a router)
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Tue 14 Mar '06 15:55    Post subject: Reply with quote

You are using a router. If you can configure the ports. Only free needed ports.

List of needed Ports in buisness companys
* = optional
Code:

21 ftp
22 ssh*
25 stmp
42 Host name server*
80 http
81 WebDAV*
130-133 cisco systems*
443 https
3306 mysql*
3389 Windows remote desktop*
8080 proxy*
Back to top
Jorge



Joined: 12 Mar 2006
Posts: 376
Location: Belgium

PostPosted: Tue 14 Mar '06 17:27    Post subject: Reply with quote

Flexibilyt you ask?

try:
Code:

LoadModule vhost_alias_module modules/mod_vhost_alias.so
Listen 80

#HTTP Server
<VirtualHost _default_:80>
     VirtualDocumentRoot c:/hosts/%0/httpdocs/
     VirtualScriptAlias c:/hosts/%0/cgi-bin/
</VirtualHost>


http://www.blackdot.be/private/youmaynotseethis.htm
becomes
c:\hosts\www.blackdot.be\httpdocs\private\youmaynotseethis.htm
(same for cgi requests)

My page has some more info and a download of a program to simply add the folders
mkhost www.domain.com and your set Smile
URL: http://www.blackdot.be/?inc=apache/masshosting/index.htm
Back to top


Reply to topic   Topic: Apache Virtual Configs Standard Hardened Setups View previous topic :: View next topic
Post new topic   Forum Index -> Apache