====== Web Security Check Guide ======

  * Is My Website Hacked? Find Out With This Checklist
    * ref: http://www.whoishostingthis.com/resources/website-hacked-checklist/
    * Google web check: http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com
    * sucuri check: http://sitecheck.sucuri.net/

  * ref:
    * https://www.nutsandboltsmedia.com/how-to-find-out-if-your-wordpress-site-has-been-hacked/
    * http://www.chriswiegman.com/2013/06/how-to-tell-if-your-site-has-been-hacked/
====== Apache Web Server intro ======
  * a common and popular php web server

====== httpd.conf ======

  * notes:
    * path uses / as seperator
    * .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process. 

**Info Configure Syntax**

  * define apache root path.
  * define listen port <code>
Listen 80
</code>

----

**Directory Config**

  * define http root directory and its directory rights <code>
DocumentRoot "D:/my_Server/htdocs"

<Directory "D:/my_Server/htdocs">
    AllowOverride All
    Require all granted
</Directory>
</code>

----

**Multiple Sites on Single IP**

  * VirtualHost config in httpd.conf and hosts file config<code>
NameVirtualHost 127.0.0.1:80

# allow that directory access if not under http root
<Directory "D:/my_Server/test01_com/htdocs">
    Require all granted
</Directory>

<VirtualHost test01.com:80>
    ServerName www.test01.com
    ServerAlias test01.com
    DocumentRoot "D:/my_Server/test01_com/htdocs"
    CustomLog "D:/my_Server/log/test01.com.access" combined
</VirtualHost>

# allow that directory access if not under http root
<Directory "D:/my_Server/test02_com/htdocs">
    Require all granted
</Directory>

# test02.com:80 for that domain or IP, *:80 for any IP
# server admin for optional providing admin contact if error
<VirtualHost test02.com:80>
    ServerName www.test02.com
    ServerAlias test02.com
    ServerAdmin admin@test02.com
    DocumentRoot "D:/my_Server/test02_com/htdocs"
    CustomLog "D:/my_Server/log/test02.com.access" combined
</VirtualHost>

</code>
    * hosts <code>
127.0.0.1 test01.com
127.0.0.1 test02.com
</code>  
  
====== .htaccess tutorial ======

  * a text file that config how Apache server do with the directory

  * tutorial: 
    * http://www.freewebmasterhelp.com/tutorials/htaccess/
    * https://httpd.apache.org/docs/current/howto/htaccess.html
    * http://www.htaccess-guide.com/
    * https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files--net-4757
    * https://www.branded3.com/blog/htaccess-mod_rewrite-ultimate-guide/

  * turn off apache version note:
    * ref: https://www.tecmint.com/apache-security-tips/
    * example <code>ServerSignature Off
ServerTokens Prod
</code>
====== Advanced Website Security Setup ======

  * read more on [[appwiki:apache|Apache Web Server intro]]

  * limit website access through certain IP or IP range
    * change Apache site directory .htaccess file <code>
<Directory /docroot>
order deny,allow
deny from all
allow from yourIP
allow from yourIPv6
</Directory> 
</code>
    * ref: http://httpd.apache.org/docs/2.0/sections.html#filesystem
    * http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow