Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

29.15. Securing Apache

Change some important permissions on files and directories for your Web Server. When you install Apache on your server, there are some files and directories that have too many permissions set by default. The binary program httpd can be set to be read-only by the super-user root, and executable by the owner, group, and others for better security. The /etc/httpd/conf and /var/log/httpd directories don't need to by readable, writable or executable by other people.
        [root@deep ]/# chmod 511 /usr/sbin/httpd
        [root@deep ]/# chmod 750 /etc/httpd/conf/
        [root@deep ]/# chmod 750 /var/log/httpd/
      

If you have enabled the automatic indexing of directories in your Apache configuration file; IndexOptions in httpd.conf, then you'll have a security issue since any requests for a directory that don't find an index file will build an index of what is in the directory. In many cases, you may only want people seeing files that you specifically link to. To turn this off, you need to remove read permissions from the DocumentRoot directory but not the files inside it.
        [root@deep ]/# cd /home/httpd/
        [root@deep ]/httpd# chmod 311 ona
        [root@deep ]/httpd# ls -la
      

        d-wx--x--x   13 webadmin webadmin     1024 Jul 28 08:12 ona
      
Now, with this modification, any requests for this protected directory should return an error message like:

        Forbidden
        You don't have permission to access /ona/ on this server.
      

Tip: ona is the DocumentRoot, the directory out of which you will serve your documents, in our example.

 
 
  Published under the terms of the Open Publication License Design by Interspire