Author |
|
ArtM
Joined: 23 Feb 2006 Posts: 59 Location: Bedford NS Canada
|
Posted: Mon 13 Mar '06 16:38 Post subject: Apache Virtual Configs Standard Hardened Setups |
|
|
Any suggestions and/or example Virtual Configs appreciated. I'm concerned about security & flexibility in an Apache 2.2 PHP 5 MySQL Perl setup. What I have so far is below:
----------------------------------------------------------------
#
# Testing MyDomain.ca
#
<VirtualHost *:80>
ServerName testing.MyDomain.ca
ServerAdmin webmaster@MyDomain.ca
DocumentRoot "X:/Webs/MyDomain.CA/Testing"
DirectoryIndex "index.html"
Options Indexes
IndexOptions FancyIndexing FoldersFirst
SetEnvIf Remote_Addr "192\.168\.007\.1[2-4][0-9]" lanip
ErrorLog "X:/LOGDATA/Apache/Virtuals/MyDomain/MYDTesting-errors.log"
CustomLog "X:/LOGDATA/Apache/Virtuals/MyDomain/MYDTesting-access.log" common env=!lanip
Options Indexes FollowSymLinks +ExecCGI
ScriptAlias /cgi-bin/ "X:/Webs/MyDomain.CA/Testing/cgi-bin/"
<Directory "X:/Webs/MyDomain.CA/Testing/cgi-bin">
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
--------------------------------------------------------------------- |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3092 Location: Hilversum, NL, EU
|
Posted: Mon 13 Mar '06 19:03 Post subject: |
|
|
The config looks standard.
What kind of "security & flexibility" do you want ?
For security I strongly advise to use mod_security.
Steffen |
|
Back to top |
|
ArtM
Joined: 23 Feb 2006 Posts: 59 Location: Bedford NS Canada
|
Posted: Mon 13 Mar '06 22:48 Post subject: |
|
|
Steffen wrote: | The config looks standard.
What kind of "security & flexibility" do you want ?
For security I strongly advise to use mod_security.
Steffen |
Flexibility - just to be able to add new virtuals easily.
Security - so I don't get hacked/wormed by 'roamers'.
(Most of my stuff is family/private. I am using Robots.txt to keep out search engines.)
I have installed Mod_Security - and it appears to work using your test.
Is your Mod_Security.conf sufficient in most cases - or should I be looking for further strengthening additions to it? Do you recommend a firewall in addition? Any suggestions? (I am behind a router) |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Tue 14 Mar '06 15:55 Post subject: |
|
|
You are using a router. If you can configure the ports. Only free needed ports.
List of needed Ports in buisness companys
* = optional
Code: |
21 ftp
22 ssh*
25 stmp
42 Host name server*
80 http
81 WebDAV*
130-133 cisco systems*
443 https
3306 mysql*
3389 Windows remote desktop*
8080 proxy*
|
|
|
Back to top |
|
Jorge
Joined: 12 Mar 2006 Posts: 376 Location: Belgium
|
|
Back to top |
|