Thursday, October 25, 2007

Securing Apache

Apache is perhaps difficult and complicated to tweak so first of all I'll learn how to secure it.

In ubuntu I'll have to tweak the file /etc/apache2/sites-enabled/000-default/. To disable display or disallow browsing of folders if I don't have a index.html file there I need Options -indexes. However Habari requires that FollowSymLinks is allowed while WP doesn't need this, don't know why.

If I don't allow access to files other than those saved in the site folders then I need below between [Directory /] and [/Directory]

Order Deny,Allow
Deny from all
Options None
AllowOverride None

I have used XAMPP for years on PC there are things that I got to learn now when apache is running in a server.

Once new settings are entered I could check syntax by apache2ctl configtest before restarting apache by apache2ctl graceful

No comments:

Post a Comment