Securing Apache 2 Step by Step

By Blane Warrene
We teamed up with SiteGround
To bring you up to 65% off web hosting, plus free access to the entire SitePoint Premium library (worth $99). Get SiteGround + SitePoint Premium Now

Security Focus has published a fantastic, in-depth piece by Artur Maj, a principal software engineer with Oracle, on locking down Apache 2.

The article starts with the assumption that initially Apache will serve only static HTML pages, and walks through several steps to establishing a chroot environment in which Apache will run. Steps include tuning the operating system, choosing Apache modules, building and configuring Apache and finally the chroot process.

For those running dynamic sites, fear not, links to securing PHP and MySQL, also written by Maj, are included at the end of the exercise. Sample httpd.conf and Apache startup scripts are available as well.

While running Apache in a chroot jail is not a simple task, it is one of the most secure ways to operate a web server as the true root of the server, or all directories below / are almost completely inaccessible even if the server’s security is successfully breached by an intruder.

The most important and interesting stories in tech. Straight to your inbox, daily. Get Versioning.
We teamed up with SiteGround
To bring you up to 65% off web hosting, plus free access to the entire SitePoint Premium library (worth $99). Get SiteGround + SitePoint Premium Now
Login or Create Account to Comment
Login Create Account