# vim /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)
# vim /etc/apache2/apache2.conf (Debian/Ubuntu)
ServerSignature Off ServerTokens Prod
# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)
Options -Indexes
# httpd -v Server version: Apache/2.2.15 (Unix) Server built: Aug 13 2013 17:29:28
# grep LoadModule /etc/httpd/conf/httpd.conf class="hljs-preprocessor"># have to place corresponding "LoadModule" lines at this location so the # LoadModule foo_module modules/mod_foo.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule ext_filter_module modules/mod_ext_filter.so ....
# groupadd http_web class="hljs-comment"># useradd -d /var/www/ -g http-web -s /bin/nologin http_web
User http_web Group http_web
Options None Order deny,allow Deny from all
$ sudo apt-get install libapache2-modsecurity $ sudo a2enmod mod-security $ sudo /etc/init.d/apache2 force-reload
# yum install mod_security # /etc/init.d/httpd restart
Options -FollowSymLinks
# Enable symbolic links Options +FollowSymLinks
Options -Includes Options -ExecCGI
Options -Includes -ExecCGI
LimitRequestBody 512000
DocumentRoot /var/www/html/example.com/ ServerName www.example.com DirectoryIndex index.htm index.html index.php ServerAlias example.com ErrorDocument 404 /story.php ErrorLog /var/log/httpd/example class="hljs-preprocessor">.com_error_log CustomLog /var/log/httpd/example class="hljs-preprocessor">.com_access_log combined
# openssl genrsa -des3 -out example.com.key 1024 # openssl req -new -key example.com.key -out exmaple.csr # openssl x509 -req -days 365 -in example.com.com.csr -signkey example.com.com.key -out example.com.com.crt
SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key SSLCertificateChainFile /etc/pki/tls/certs/sf_bundle.crt ServerAdmin ravi.saive@example.com ServerName example.com DocumentRoot /var/www/html/example/ ErrorLog /var/log/httpd/example class="hljs-preprocessor">.com-error_log CustomLog /var/log/httpd/example class="hljs-preprocessor">.com-access_log common
