 |
Apache服务器配置安全规范及其缺陷
www.hx99.org 阅读: 时间:2007-07-09 整理:华西黑盟
------------------------------------------------------------------ |
主要安全缺陷
httpd.conf----->主配置文件
srm.conf------>填加资源文件
access.conf--->设置文件的访问权限
AuthName"会员专区"
AuthType"Basic"
options indexes followsymlinks
allowoverride authconfig
order allow,deny
allow from all
orderdeny,allow
denyfromall
allowfromsafechina.net
AuthNamePrivateFiles
AuthTypeBasic
AuthUserFile/path/to/httpd/users
requirePhoenix
#htpasswd-c/path/to/httpd/usersPhoenix
Alias /pub /home/ftp/pub/
DefaultType application/octet-stream
Options Indexes
AllowOverride AuthConfig
order allow,deny
allow from all
[root@ pub]# more .htaccess
AuthName Branch Office Public Software Download Area
AuthType Basic
AuthUserFile /etc/.usrpasswd
require valid-user
器的IP地址。
验证你的Apache来源途径
保持更新Apache的补丁程序
避免使用.htaccess文件(分布式配置文件)
监视系统日志
管理文件系统
TimeOutn
Listen8000
Listen192.170.2.1:80
Listen192.170.2.5:8000
Port80
MaxSpareServersn
MinSpareServersn
StartServers5
MaxKeepAliveRequests100
KeepAliveon
KeepAliveTimeout15
HostnameLookupson off double
BindAddress192.168.0.1
BindAddress*
LimitRequestBodyn
LimitRequestBody102400
DocumentRoot/www/htdocs
MaxClientsn
ScriptAliasMatch^/~([^/]*)/cgi-bin/(.*)/home/$1/cgi-bin/$2
(2)在Apache配置文件里面关于public_html的设置里面加入下面的属性:
<CENTER><ccid_nobr>
<tablewidth="400"border="1"cellspacing="0"cellpadding="2"
bordercolorlight="black"bordercolordark="#FFFFFF"align="center">
<tr>
<tdbgcolor="e6e6e6"class="code"style="font-size:9pt">
<pre><ccid_code>
OptionsExecCGI
SetHandlercgi-script
#ifndefHARD_SERVER_LIMIT
#ifdefWIN32
#defineHARD_SERVER_LIMIT1024
#else
#defineHARD_SERVER_LIMIT256
#endif
#endif
orderdeny,allow
denyfrom202.202.202.0/24
Server:Apache/1.3.26(Unix)mod_perl/1.26
ServerTokensProd
Server:Apache
Server:ItiSanOnE-aPaCHeServer
|
|
| ------------------------------------------------------------------------------------------- |
上一篇:几个小绝招增强系统对木马和病毒防范
下一篇:使用Linux防火墙伪装来抵住黑客攻击 |
| ------------------------------------------------------------------------------------------- |
|
|
|
 |
|
|
当前位置:
