Server Limits for Apache SecurityIn this fourth part of a six-part series on Apache installation and configuration, you will learn how to set server configuration limits, prevent information leaks, and more. This article is excerpted from chapter two of Apache Security, written by Ivan Ristic (O'Reilly; ISBN: 0596007248). Copyright © 2006 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.
print this article SEARCH DEV SHED |
Though you are not likely to fine-tune the server during installation, you must be aware of the existence of server limits and the way they are configured. Incorrectly configured limits make a web server an easy target for attacks (see Chapter 5). The following configuration directives all show default Apache configuration values and define how long the server will wait for a slow client: # wait up to 300 seconds for slow clients The default value for the connection timeout (300 seconds) is too high. You can safely reduce it below 60 seconds and increase your tolerance against denial of service (DoS) attacks (see Chapter 5). The following directives impose limits on various aspects of an HTTP request: # impose no limits on the request body LimitXMLRequestBodyis an Apache 2 directive and is used by the mod_dav module to limit the size of its command requests (which are XML-based). Seeing that the maximal size of the request body is unlimited by default (2 GB in practice), you may wish to specify a more sensible value forLimitRequestBody. You can go as low as 64 KB if you do not plan to support file uploads in the installation. The following directives control how server instances are created and destroyed in Apache 1 and sometimes in Apache 2 (as described further in the following text): # keep 5 servers ready to handle requests You may want to lower the maximal number of clients (MaxClients) if your server does not have enough memory to handle 150 Apache instances at one time. You should make a habit of putting a limit on the maximal number of requests served by one server instance, which is unlimited by default in Apache 1 (as indicated by the0 MaxRequestsPerChildvalue) but set to10000 in Apache 2. When a server instance reaches the limit, it will be shut down and replaced with a fresh copy. A high value such as1000 (or even more) will not affect web server operation but will help if an Apache module has a memory leak. Interestingly, when the Keep-Alive feature (which allows many requests to be performed over a single network connection) is used, all requests performed over a single Keep-Alive connection will be counted as one for the purposes ofMaxRequestsPerChildhandling. Apache 2 introduces the concept of multiprocessing modules (MPMs), which are special-purpose modules that determine how request processing is organized. Only one MPM can be active at any one time. MPMs were introduced to allow processing to be optimized for each operating system individually. The Apache 1 processing model (multiple processes, no threads, each process handling one request at one time) is called prefork, and it is the default processing model in Apache 2 running on Unix platforms. On Windows, Apache always runs as a single process with multiple execution threads, and the MPM for that is known as winnt. On Unix systems running Apache 2, it is possible to use the worker MPM, which is a hybrid, as it supports many processes each with many threads. For the worker MPM, the configuration is similar to the following (refer to the documentation for the complete description): # the maximum number of processes Since the number of threads per process is fixed, the Apache worker MPM will change the number of active processes to obey the minimum and maximum spare threads configured. Unlike with the prefork MPM, theMaxClientsdirective now controls the maximum number of active threads at any given time.
blog comments powered by Disqus |
/ 8 
Getting Started with Apache
