appwiki:apache

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

appwiki:apache [2021/08/28 08:00] – created yingappwiki:apache [2021/08/28 08:00] (current) – [Web Security Check Guide] ying
Line 9: Line 9:
     * https://www.nutsandboltsmedia.com/how-to-find-out-if-your-wordpress-site-has-been-hacked/     * https://www.nutsandboltsmedia.com/how-to-find-out-if-your-wordpress-site-has-been-hacked/
     * http://www.chriswiegman.com/2013/06/how-to-tell-if-your-site-has-been-hacked/     * http://www.chriswiegman.com/2013/06/how-to-tell-if-your-site-has-been-hacked/
 +====== Apache Web Server intro ======
 +  * a common and popular php web server
  
 +====== httpd.conf ======
 +
 +  * notes:
 +    * path uses / as seperator
 +    * .htaccess is per-folder httpd.conf (if allowed), but all-in-one config in httpd.conf is faster for server to process. 
 +
 +**Info Configure Syntax**
 +
 +  * define apache root path.
 +  * define listen port <code>
 +Listen 80
 +</code>
 +
 +----
 +
 +**Directory Config**
 +
 +  * define http root directory and its directory rights <code>
 +DocumentRoot "D:/my_Server/htdocs"
 +
 +<Directory "D:/my_Server/htdocs">
 +    AllowOverride All
 +    Require all granted
 +</Directory>
 +</code>
 +
 +----
 +
 +**Multiple Sites on Single IP**
 +
 +  * VirtualHost config in httpd.conf and hosts file config<code>
 +NameVirtualHost 127.0.0.1:80
 +
 +# allow that directory access if not under http root
 +<Directory "D:/my_Server/test01_com/htdocs">
 +    Require all granted
 +</Directory>
 +
 +<VirtualHost test01.com:80>
 +    ServerName www.test01.com
 +    ServerAlias test01.com
 +    DocumentRoot "D:/my_Server/test01_com/htdocs"
 +    CustomLog "D:/my_Server/log/test01.com.access" combined
 +</VirtualHost>
 +
 +# allow that directory access if not under http root
 +<Directory "D:/my_Server/test02_com/htdocs">
 +    Require all granted
 +</Directory>
 +
 +# test02.com:80 for that domain or IP, *:80 for any IP
 +# server admin for optional providing admin contact if error
 +<VirtualHost test02.com:80>
 +    ServerName www.test02.com
 +    ServerAlias test02.com
 +    ServerAdmin admin@test02.com
 +    DocumentRoot "D:/my_Server/test02_com/htdocs"
 +    CustomLog "D:/my_Server/log/test02.com.access" combined
 +</VirtualHost>
 +
 +</code>
 +    * hosts <code>
 +127.0.0.1 test01.com
 +127.0.0.1 test02.com
 +</code>  
 +  
 +====== .htaccess tutorial ======
 +
 +  * a text file that config how Apache server do with the directory
 +
 +  * tutorial: 
 +    * http://www.freewebmasterhelp.com/tutorials/htaccess/
 +    * https://httpd.apache.org/docs/current/howto/htaccess.html
 +    * http://www.htaccess-guide.com/
 +    * https://code.tutsplus.com/tutorials/the-ultimate-guide-to-htaccess-files--net-4757
 +    * https://www.branded3.com/blog/htaccess-mod_rewrite-ultimate-guide/
 +
 +  * turn off apache version note:
 +    * ref: https://www.tecmint.com/apache-security-tips/
 +    * example <code>ServerSignature Off
 +ServerTokens Prod
 +</code>
 ====== Advanced Website Security Setup ====== ====== Advanced Website Security Setup ======
  
  • appwiki/apache.1630137627.txt.gz
  • Last modified: 2021/08/28 08:00
  • by ying