Apache
  Home arrow Apache arrow Page 4 - Installing Apache
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
APACHE

Installing Apache
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-01-03

    Table of Contents:
  • Installing Apache
  • Installation Instructions
  • Selecting modules to install
  • Configuration and Hardening

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    Save your reputation with your customers. Learn how you can have embedding success with Advantage Database Server (ADS).

    Installing Apache - Configuration and Hardening
    (Page 4 of 4 )

    Now that you know your installation works, make it more secure. Being brave, we start with an empty configuration file, and work our way up to a fully functional configuration. Starting with an empty configuration file is a good practice since it increases your understanding of how Apache works. Furthermore, the default configuration file is large, containing the directives for everything, including the modules you will never use. It is best to keep the configuration files nice, short, and tidy.

    Start the configuration file (/usr/local/apache/conf/httpd.conf) with a few general-purpose directives:

      # location of the web server files
      ServerRoot /usr/local/apache
      # location of the web server tree
      DocumentRoot /var/www/htdocs
      # path to the process ID (PID) file, which
      # stores the PID of the main Apache process
      PidFile /var/www/logs/httpd.pid
      # which port to listen at
      Listen 80
      # do not resolve client IP addresses to names
      HostNameLookups Off

    Setting Up the Server User Account

    Upon installation, Apache runs as a user nobody. While this is convenient (this account normally exists on all Unix operating systems), it is a good idea to create a separate account for each different task. The idea behind this is that if attackers break into the server through the web server, they will get the privileges of the web server. The intruders will have the same priveleges as in the user account. By having a separate account for the web server, we ensure the attackers do not get anything else free.

    The most commonly used username for this account is httpd, and some people use apache. We will use the former. Your operating system may come pre-configured with an account for this purpose. If you like the name, use it; otherwise, delete it from the system (e.g., using the userdel tool) to avoid confusion later. To create a new account, execute the following two commands while running as root.

      # groupadd httpd
      #
    useradd httpd -g httpd -d /dev/null -s /sbin/nologin

    These commands create a group and a user account, assigning the account the home directory /dev/null and the shell /sbin/nologin (effectively disabling login for the account). Add the following two lines to the Apache configuration file httpd.conf:

      User httpd
      Group httpd

    Please check back next week for the continuation of this article.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

       · This article is an excerpt from the book "Apache Security," published by O'Reilly....
     

    Buy this book now. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Check it out today at your favorite bookstore. Buy this book now.

       

    APACHE ARTICLES

    - Putting Apache in Jail
    - Containing Intrusions in Apache
    - Server Limits for Apache Security
    - Setting Permissions in Apache
    - Installing Apache
    - Apache Installation and Configuration
    - Apache Tapestry and Custom Components: DateI...
    - Tapestry and AJAX: Autocompleter and InlineE...
    - PropertySelection and IPropertySelectionMode...
    - The DatePicker and Shell Components of Apach...
    - Apache Tapestry: ASO and More Components
    - Apache Tapestry and DirectLink, IoC and DI
    - Making a CelebrityCollector with Apache Tape...
    - Apache Tapestry and Listener Methods, Condit...
    - The Properties of Tapestry Pages




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway