Securing Apache 2 Step by Step

By Blane Warrene

Security Focus has published a fantastic, in-depth piece by Artur Maj, a principal software engineer with Oracle, on locking down Apache 2.

The article starts with the assumption that initially Apache will serve only static HTML pages, and walks through several steps to establishing a chroot environment in which Apache will run. Steps include tuning the operating system, choosing Apache modules, building and configuring Apache and finally the chroot process.

For those running dynamic sites, fear not, links to securing PHP and MySQL, also written by Maj, are included at the end of the exercise. Sample httpd.conf and Apache startup scripts are available as well.

While running Apache in a chroot jail is not a simple task, it is one of the most secure ways to operate a web server as the true root of the server, or all directories below / are almost completely inaccessible even if the server’s security is successfully breached by an intruder.

No Reader comments



Learn Coding Online
Learn Web Development

Start learning web development and design for free with SitePoint Premium!

Instant Website Review

Use Woorank to analyze and optimize your website to improve your website to improve your ranking!

Run a review to see how your site can improve across 70+ metrics!

Get the latest in Front-end, once a week, for free.