appwiki:apache

Web Security Check Guide

Apache Web Server intro

  • a common and popular php web server

httpd.conf

  • notes:
    • path uses / as seperator
    • .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process.

Info Configure Syntax

  • define apache root path.
  • define listen port
    Listen 80

Directory Config

  • define http root directory and its directory rights
    DocumentRoot "D:/my_Server/htdocs"
    
    <Directory "D:/my_Server/htdocs">
        AllowOverride All
        Require all granted
    </Directory>

Multiple Sites on Single IP

  • VirtualHost config in httpd.conf and hosts file config
    NameVirtualHost 127.0.0.1:80
    
    # allow that directory access if not under http root
    <Directory "D:/my_Server/test01_com/htdocs">
        Require all granted
    </Directory>
    
    <VirtualHost test01.com:80>
        ServerName www.test01.com
        ServerAlias test01.com
        DocumentRoot "D:/my_Server/test01_com/htdocs"
        CustomLog "D:/my_Server/log/test01.com.access" combined
    </VirtualHost>
    
    # allow that directory access if not under http root
    <Directory "D:/my_Server/test02_com/htdocs">
        Require all granted
    </Directory>
    
    # test02.com:80 for that domain or IP, *:80 for any IP
    # server admin for optional providing admin contact if error
    <VirtualHost test02.com:80>
        ServerName www.test02.com
        ServerAlias test02.com
        ServerAdmin admin@test02.com
        DocumentRoot "D:/my_Server/test02_com/htdocs"
        CustomLog "D:/my_Server/log/test02.com.access" combined
    </VirtualHost>
    
    • hosts
      127.0.0.1 test01.com
      127.0.0.1 test02.com

.htaccess tutorial

Advanced Website Security Setup

  • appwiki/apache.txt
  • Last modified: 2021/08/28 08:00
  • by ying