接下來,為了使服務器更安全以及更加符合我們的實際要求,對默認的設置進行一些必要的更改。尤其在一些細節方面,越少向外界透露服務器的信息,就越能保證服務器的安全。
[root@sample ~]# vi /etc/httpd/conf/httpd.conf ← 編輯Apache的設定檔
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS ← 找到這一行,將“OS”改為“Prod”(在出現錯誤頁的時候不顯示服務器操作繫統的名稱)
↓
ServerTokens Prod ← 變為此狀態
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On ← 找到這一行,將“On”改為“Off”
↓
ServerSignature Off ← 在錯誤頁中不顯示Apache的版本
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. [email protected]
#
ServerAdmin root@localhost ← 將管理員郵箱設置為自己常用的電子郵件
↓
ServerAdmin [email protected] ← 根據實際情況修改預設值
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
#ServerName new.host.name:80 ← 修改主機名
↓
ServerName www.centospub.com:80 ← 根據實際情況修改,端口號保持默認的80
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks ← 找到這一行,刪除“Indexes”,並添加“Includes”、“ExecCGI”
↓
Options Includes ExecCGI FollowSymLinks ← 允許執行CGI及SSI
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi ← 找到這一行,去掉行首的“#”,並在行尾添加“.pl”
↓
AddHandler cgi-script .cgi .pl ← 允許擴展名為.pl的CGI腳本運行
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None ← 找到這一行,將“None”改為“All”
↓
AllowOverride All ← 變為此狀態,允許.htaccess
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ← 找到這一行
↓
LogFormat "%h %l %u %t \"%!414r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ← 改為此狀態(添加“!414”到規則中,對於過長的日志不記錄)
#
# Specify a default charset for all pages sent out. This is
# always a good idea and opens the door for future internationalisation
# of your web site, should you ever want it. Specifying it as
# a default does little harm; as the standard dictates that a page
# is in iso-8859-1 (latin1) unless specified otherwise i.e. you
# are merely stating the obvious. There are also some security
# reasons in browsers, related to javascript and URL parsing
# which encourage you to always set a default char set.
#
AddDefaultCharset UTF-8 ← 找到這一行,在行首添加“#”
↓
#AddDefaultCharset UTF-8 ← 不使用UTF-8作為網頁的默認編碼,由網頁上的指定語系決定
<Directory "/var/www/icons"> ← 找到這一個標簽,並在標簽中更改相應選項
Options Indexes MultiViews ← 找到這一行,將“Indexes”刪除
↓
Options MultiViews ← 變為此狀態(不在瀏覽器上顯示樹狀目錄結構)
AllowOverride None
Order allow,deny
Allow from all
</Directory>
[root@sample ~]# rm -f /etc/httpd/conf.d/welcome.conf /var/www/error/noindex.html ← 刪除測試頁 |
然後,啟動HTTP服務。
[root@sample ~]# chkconfig httpd on ← 設置HTTP服務自啟動
[root@sample ~]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 確認2--5為on的狀態就OK
[root@sample ~]# /etc/rc.d/init.d/httpd start ← 啟動HTTP服務
Starting httpd: [ OK ] ← 啟動成功會出現OK
如果啟動失敗的話,會出現錯誤信息。原因可能是因為httpd.conf文件編輯過程中的失誤,請檢查httpd.conf。 |
