Jump to content


Securing Apache: Step-by-Step

  • Please log in to reply
No replies to this topic

#1 TheSentinel


    The man in the dark

  • General Admin
  • 31,818 posts

Posted 19 December 2003 - 03:46 PM

Securing Apache: Step-by-Step
by Artur Maj
last updated May 14, 2003

This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found.


Before we start securing Apache, we must specify what functionality we expect from the server. Variety of Apache's use makes it difficult to write a universal procedure to secure the server in every case. That's why in this article we'll base on the following functionality:
The Web server will be accessible from the Internet; and,
Only static HTML pages will be served the server will support name-based virtual hosting mechanism specified Web pages can be accessible only from selected IP addresses or users (basic authentication) the server will log all the Web requests (including information about Web browsers)