====== Web Security Check Guide ======
* Is My Website Hacked? Find Out With This Checklist
* ref: http://www.whoishostingthis.com/resources/website-hacked-checklist/
* Google web check: http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com
* sucuri check: http://sitecheck.sucuri.net/
* ref:
* https://www.nutsandboltsmedia.com/how-to-find-out-if-your-wordpress-site-has-been-hacked/
* http://www.chriswiegman.com/2013/06/how-to-tell-if-your-site-has-been-hacked/
====== Apache Web Server intro ======
* a common and popular php web server
====== httpd.conf ======
* notes:
* path uses / as seperator
* .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process.
**Info Configure Syntax**
* define apache root path.
* define listen port
Listen 80
----
**Directory Config**
* define http root directory and its directory rights
DocumentRoot "D:/my_Server/htdocs"
AllowOverride All
Require all granted
----
**Multiple Sites on Single IP**
* VirtualHost config in httpd.conf and hosts file config
NameVirtualHost 127.0.0.1:80
# allow that directory access if not under http root
Require all granted
ServerName www.test01.com
ServerAlias test01.com
DocumentRoot "D:/my_Server/test01_com/htdocs"
CustomLog "D:/my_Server/log/test01.com.access" combined
# allow that directory access if not under http root
Require all granted
# test02.com:80 for that domain or IP, *:80 for any IP
# server admin for optional providing admin contact if error
ServerName www.test02.com
ServerAlias test02.com
ServerAdmin admin@test02.com
DocumentRoot "D:/my_Server/test02_com/htdocs"
CustomLog "D:/my_Server/log/test02.com.access" combined
* hosts
127.0.0.1 test01.com
127.0.0.1 test02.com
====== .htaccess tutorial ======
* a text file that config how Apache server do with the directory
* tutorial:
* http://www.freewebmasterhelp.com/tutorials/htaccess/
* https://httpd.apache.org/docs/current/howto/htaccess.html
* http://www.htaccess-guide.com/
* https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files--net-4757
* https://www.branded3.com/blog/htaccess-mod_rewrite-ultimate-guide/
* turn off apache version note:
* ref: https://www.tecmint.com/apache-security-tips/
* example ServerSignature Off
ServerTokens Prod
====== Advanced Website Security Setup ======
* read more on [[appwiki:apache|Apache Web Server intro]]
* limit website access through certain IP or IP range
* change Apache site directory .htaccess file
order deny,allow
deny from all
allow from yourIP
allow from yourIPv6
* ref: http://httpd.apache.org/docs/2.0/sections.html#filesystem
* http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow