Wednesday, January 19, 2011

Alzheimer's Disease More Condition_symptoms segurizar apache

Amendments to the general configuration of apache as the safety analysis of a site

Points to consider:

1 - Delete the info.php
2 - Do listing
directories 3 - Avoid http TRACE method
4 - Disable server-status or the server info


======= ======== 1 ============

delete the file, not to give info on how it is installed and compiled my PHP

========= ======== 2 ==========

For example these directories:

Alias / icons / "/ var / www / icons /"

"/var/www/icons"> \u0026lt;Directory

# Options Indexes MultiViews Options-Indexes MultiViews AllowOverride None

Order allow, deny Allow from all

\u0026lt;/ Directory>

\u0026lt;Directory /var/www/html/turismocarretera/css/>

Options-Indexes \u0026lt;/ Directory> \u0026lt;Directory
/var/www/html/turismocarretera/images/>

Options-Indexes \u0026lt;/ Directory>

As you can see we add we add the "-" (minus or hyphen)Indexes to


================== ========= 3 Apache version 2.0.52

This works for each virtual host or
website or domain to add these lines in each virtual host
NOTE: Regardless of whether on the same server multiple virtual hosts h, change the label of the rewrite log file

# Directive to avoid
TRACE method mod_rewrite.c> \u0026lt;IfModule

RewriteEngine On RewriteCond% {REQUEST_METHOD} ^ TRACE RewriteRule
.* - [F]

RewriteLog RewriteLogLevel 9 "/ var / log / httpd / rewrite_granturismo.v8.log "
\u0026lt;/ IfModule>

In the newer Apache, httpd-2.2.3-43
no need to put in each virtual host, but in the settings section of the Apache, section 2.

# To avoid http method
TraceEnable off

Result:
So we prove that the TRACE method is disabled
alienaLX
alexa @: ~ $ telnet 200.4.1.14 Trying
static.granturismo.com.ar 80. .. Connected to static.granturismo.com.ar
. Escape character is'^]'.
Tipeamos

method:

TRACE / HTTP/1.1
and then the virtual host name or host

webpage: static.granturismo.com.

there ar several Enters give until it appears

http response if you give us:

HTTP/1.1 200 OK HTTP/1.1 400
or


not serve, you should see 403, which is FORBIDDEN or HTTP/1.1 405 Method Not Allowed

============= ============== 4

To deny the script server-status, denying it Deny All

with /server-status> \u0026lt;Location

SetHandler server-status Order deny, allow Deny from all

# ; Allow from.
example.com \u0026lt;/ Location> Also

should be put on the board of ExtendedStatus
Off apache, to not show information, version, etc, etc

# ExtendedStatus controls whether Apache will generate "full" status # information
(ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when to the "server-status" handler is street. The default is Off. Off
#
ExtendedStatus

-------------------------------------------
---------------- On jboss: jmx-console
making safe, put password, a login screen

0 comments:

Post a Comment