查看完整版本: httpd 安全性設定

danny 2007-4-19 17:19

httpd 安全性設定

<TABLE width="100%" border=0>
<TBODY>
<TR>
<TD bgColor=#4665a6>
<TABLE border=0>
<TBODY>
<TR>
<TD class=table-title bgColor=#333333>配置HTTP（Apache）</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE> 接下來，為了使服務器更安全以及更加符合我們的實際要求，對默認的設置進行一些必要的更改。尤其在一些細節方面，越少向外界透露服務器的信息，就越能保證服務器的安全。 
<TABLE width="100%" border=2>
<TBODY>
<TR>
<TD bgColor=#000000>[root@sample ~]# vi /etc/httpd/conf/httpd.conf ← 編輯Apache的設定檔 # # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running ServerTokens OS ← 找到這一行，將“OS”改為“Prod”（在出現錯誤頁的時候不顯示服務器操作繫統的名稱） ↓ ServerTokens Prod ← 變為此狀態 # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # ServerSignature On ← 找到這一行，將“On”改為“Off” ↓ ServerSignature Off ← 在錯誤頁中不顯示Apache的版本 # # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. <A href="mailto:[email protected]">[email protected]</A> # ServerAdmin root@localhost ← 將管理員郵箱設置為自己常用的電子郵件 ↓ ServerAdmin <A href="mailto:[email protected]">[email protected]</A> ← 根據實際情況修改預設值 # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # # If this is not set to valid DNS name for your host, server-generated # redirections will not work. See also the UseCanonicalName directive. # # If your host doesn't have a registered DNS name, enter its IP address here. # You will have to access it by its address anyway, and this will make # redirections work in a sensible way. # #ServerName new.host.name:80 ← 修改主機名 ↓ ServerName <A href="http://www.centospub.com:80" target=_blank>www.centospub.com:80</A> ← 根據實際情況修改，端口號保持默認的80 # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # <A href="http://httpd.apache.org/docs-2.0/mod/core.html#options" target=_blank>http://httpd.apache.org/docs-2.0/mod/core.html#options</A> # for more information. # Options Indexes FollowSymLinks ← 找到這一行，刪除“Indexes”，並添加“Includes”、“ExecCGI” ↓ Options Includes ExecCGI FollowSymLinks ← 允許執行CGI及SSI # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server # or added with the Action directive (see below) # # To use CGI scripts outside of ScriptAliased directories: # (You will also need to add "ExecCGI" to the "Options" directive.) # #AddHandler cgi-script .cgi ← 找到這一行，去掉行首的“#”，並在行尾添加“.pl” ↓ AddHandler cgi-script .cgi .pl ← 允許擴展名為.pl的CGI腳本運行 # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride None ← 找到這一行，將“None”改為“All” ↓ AllowOverride All ← 變為此狀態，允許.htaccess # # The following directives define some format nicknames for use with # a CustomLog directive (see below). # LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ← 找到這一行 ↓ LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ← 改為此狀態（添加“!414”到規則中，對於過長的日志不記錄） # # Specify a default charset for all pages sent out. This is # always a good idea and opens the door for future internationalisation # of your web site, should you ever want it. Specifying it as # a default does little harm; as the standard dictates that a page # is in iso-8859-1 (latin1) unless specified otherwise i.e. you # are merely stating the obvious. There are also some security # reasons in browsers, related to javascript and URL parsing # which encourage you to always set a default char set. # AddDefaultCharset UTF-8 ← 找到這一行，在行首添加“#” ↓ #AddDefaultCharset UTF-8 ← 不使用UTF-8作為網頁的默認編碼，由網頁上的指定語系決定 <Directory "/var/www/icons"> ← 找到這一個標簽，並在標簽中更改相應選項 <S>Options Indexes MultiViews</S> ← 找到這一行，將“Indexes”刪除 ↓ Options MultiViews ← 變為此狀態（不在瀏覽器上顯示樹狀目錄結構） AllowOverride None Order allow,deny Allow from all </Directory> [root@sample ~]# rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html ← 刪除測試頁</TD></TR></TBODY></TABLE> 
<TABLE width="100%" border=0>
<TBODY>
<TR>
<TD bgColor=#4665a6>
<TABLE border=0>
<TBODY>
<TR>
<TD class=table-title bgColor=#333333>啟動HTTP服務</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE> 然後，啟動HTTP服務。 
<TABLE width="100%" border=2>
<TBODY>
<TR>
<TD bgColor=#000000>[root@sample ~]# chkconfig httpd on ← 設置HTTP服務自啟動 [root@sample ~]# chkconfig --list httpd httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 確認2--5為on的狀態就OK [root@sample ~]# /etc/rc.d/init.d/httpd start ← 啟動HTTP服務 Starting httpd: [ OK ] ← 啟動成功會出現OK 如果啟動失敗的話，會出現錯誤信息。原因可能是因為httpd.conf文件編輯過程中的失誤，請檢查httpd.conf。 </TD></TR></TBODY></TABLE>

頁: [1]

查看完整版本: httpd 安全性設定