Differences
This shows you the differences between two versions of the page.
Previous revision | |||
— | appwiki:apache [2021/08/28 08:00] (current) – [Web Security Check Guide] ying | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Web Security Check Guide ====== | ||
+ | |||
+ | * Is My Website Hacked? Find Out With This Checklist | ||
+ | * ref: http:// | ||
+ | * Google web check: http:// | ||
+ | * sucuri check: http:// | ||
+ | |||
+ | * ref: | ||
+ | * https:// | ||
+ | * http:// | ||
+ | ====== Apache Web Server intro ====== | ||
+ | * a common and popular php web server | ||
+ | |||
+ | ====== httpd.conf ====== | ||
+ | |||
+ | * notes: | ||
+ | * path uses / as seperator | ||
+ | * .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process. | ||
+ | |||
+ | **Info Configure Syntax** | ||
+ | |||
+ | * define apache root path. | ||
+ | * define listen port < | ||
+ | Listen 80 | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | **Directory Config** | ||
+ | |||
+ | * define http root directory and its directory rights < | ||
+ | DocumentRoot " | ||
+ | |||
+ | < | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | **Multiple Sites on Single IP** | ||
+ | |||
+ | * VirtualHost config in httpd.conf and hosts file config< | ||
+ | NameVirtualHost 127.0.0.1: | ||
+ | |||
+ | # allow that directory access if not under http root | ||
+ | < | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | ServerName www.test01.com | ||
+ | ServerAlias test01.com | ||
+ | DocumentRoot " | ||
+ | CustomLog " | ||
+ | </ | ||
+ | |||
+ | # allow that directory access if not under http root | ||
+ | < | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | # test02.com: | ||
+ | # server admin for optional providing admin contact if error | ||
+ | < | ||
+ | ServerName www.test02.com | ||
+ | ServerAlias test02.com | ||
+ | ServerAdmin admin@test02.com | ||
+ | DocumentRoot " | ||
+ | CustomLog " | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | * hosts < | ||
+ | 127.0.0.1 test01.com | ||
+ | 127.0.0.1 test02.com | ||
+ | </ | ||
+ | | ||
+ | ====== .htaccess tutorial ====== | ||
+ | |||
+ | * a text file that config how Apache server do with the directory | ||
+ | |||
+ | * tutorial: | ||
+ | * http:// | ||
+ | * https:// | ||
+ | * http:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | * turn off apache version note: | ||
+ | * ref: https:// | ||
+ | * example < | ||
+ | ServerTokens Prod | ||
+ | </ | ||
+ | ====== Advanced Website Security Setup ====== | ||
+ | |||
+ | * read more on [[appwiki: | ||
+ | |||
+ | * limit website access through certain IP or IP range | ||
+ | * change Apache site directory .htaccess file < | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | allow from yourIP | ||
+ | allow from yourIPv6 | ||
+ | </ | ||
+ | </ | ||
+ | * ref: http:// | ||
+ | * http:// | ||