LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Optimizing/Securing Apache & PHP (https://www.linuxquestions.org/questions/linux-server-73/optimizing-securing-apache-and-php-666304/)

yah0m 08-29-2008 09:44 AM
Optimizing/Securing Apache & PHP
 
Any tips for securing and increasing the speed of apache? All I need is the pure basics.


My current Setup:

APACHE:
Compile:
Code:
./configure --prefix=/usr/local/apache2 --with-mpm=prefork --enable-mods-shared='rewrite ssl' --enable-rewrite --enable-ssl --with-ssl --disable-env --disable-status --disable-autoindex --disable-cgi --disable-userdir --disable-actions --disable-asis --enable-deflate --enable-so
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_filter.c
mod_log_config.c
prefork.c
http_core.c
mod_mime.c
mod_dir.c
mod_actions.c
mod_alias.c
mod_so.c


httpd.conf
Code:
ServerRoot "/usr/local/apache2"
Listen 80
LoadModule php5_module        modules/libphp5.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule deflate_module modules/mod_deflate.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>
ServerAdmin admin@domain.org
ServerName domain.org:80
DocumentRoot "/www"
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod 
PidFile /usr/local/apache2/logs/httpd.pid
ScoreBoardFile /usr/local/apache2/logs/httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
        MinSpareServers 5
        MaxSpareServers 10
        StartServers 5
        MaxClients 150
        MaxRequestsPerChild 0
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html
DeflateFilterNote ratio
DeflateCompressionLevel 3
</IfModule>
<Directory />
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
</Directory>
<Directory /www>
        Options None
        AllowOverride None
        Order deny,allow
        Deny from all
</Directory>
<Directory "/www/domain.org/html">
        Options All
        AllowOverride All
        Order allow,deny
        Allow from all
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html
</Directory>
<IfModule dir_module>
        DirectoryIndex index.php index.html
</IfModule>
<FilesMatch "^\.ht">
        Order allow,deny
        Deny from all
        Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        <IfModule logio_module>
          LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
        </IfModule>
        CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
        ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
        TypesConfig conf/mime.types
        AddType application/x-compress .Z
        AddType application/x-gzip .gz .tgz
        AddType application/x-httpd-php .php
</IfModule>
NameVirtualHost domain.org:80
<VirtualHost domain.org:80>
        DocumentRoot "/www/domain.org/html"
        ServerName "domain.org"
        ServerAlias "domain.org"
        ErrorLog /www/domain.org/logs/error_log
        CustomLog /www/domain.org/logs/access_log combined
</VirtualHost>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
PHP:
Compile:
Default

php.ini
Code:
engine = On
zend.ze1_compatibility_mode = Off
short_open_tag = On
asp_tags = Off
precision        =  14
y2k_compliance = On
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func=
serialize_precision = 100
allow_call_time_pass_reference = Off
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions = phpinfo,dir,readfile,shell_exec,exec,virtual,passthru,proc_close,proc_get_status
,proc_open,proc_terminate,syste
disable_classes = ni_get(), phpinfo(), shell_exec(), popen()
expose_php = Off
max_execution_time = 30; Maximum execution time of each script, in seconds
max_input_time = 60; Maximum amount of time each script may spend parsing request data
memory_limit = 16M        ; Maximum amount of memory a script may consume
error_reporting  =  E_ALL
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
variables_order = "EGPCS"
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
doc_root =
user_dir =
extension_dir = "/usr/lib/php/modules"
enable_dl = On
file_uploads = Off
upload_max_filesize = 20M
allow_url_fopen = On
default_socket_timeout = 60

aus9 08-30-2008 12:21 AM
until you get a better reply, there are 2 stickys that may interest you in security forum

1) post 6 in particular to the security references

2) the sticky on php


All times are GMT -5. The time now is 01:09 AM.