We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
securing apache web server
-
- Posts: 40
- Joined: Mon Dec 22, 2014 1:29 pm
securing apache web server
I found a great link to harden apache, but I am curious could it cause any problems with vesta and apache itself?
http://www.tecmint.com/apache-security-tips/
http://www.tecmint.com/apache-security-tips/
Re: securing apache web server
eagles051387 wrote:I found a great link to harden apache, but I am curious could it cause any problems with vesta and apache itself?
Document root Directory: /var/www/html or /var/www
Oh YEAH! With this settings you get too much troubles.
1. hide Apache Version and OS Identity from Errors
safe
2. Disable Directory Listing
safe
3. Keep updating Apache Regularly
safe
4. Disable Unnecessary Modules
be careful with this
5. Run Apache as separate User and Group
not safe, be careful... apache2 already run from www-data
6. Use Allow and Deny to Restrict access to Directories
safe, I think
7. Use mod_security and mod_evasive Modules to Secure Apache
safe, but in Vesta you have firewall, file2ban and nginx...
8. Disable Apache’s following of Symbolic Links
safe
9. Turn off Server Side Includes and CGI Execution
safe
10. Limit Request Size
safe, but you already have nginx to limit this - limit body size option
11. Protect DDOS attacks and Hardening
safe, but you have lmit connection by yourself in nginx config
12. Enable Apache Logging
already there )
13. Securing Apache with SSL Certificates
ehm... ok
For security you can use BASEDIR template ^_^
-
- Posts: 40
- Joined: Mon Dec 22, 2014 1:29 pm
Re: securing apache web server
in regards to disabling the directory listing where is the httpd.conf file for apache found on ubuntu 14.04 with vesta installed?
-
- Posts: 40
- Joined: Mon Dec 22, 2014 1:29 pm
Re: securing apache web server
where can i also find the option section to disable symbolic links as well sa the options to turn off server side includes and cgi execution?
-
- Posts: 40
- Joined: Mon Dec 22, 2014 1:29 pm
Re: securing apache web server
In the original post point 10 what do you mean connection limit in the nginx config what exactly in the config file am I looking for?
Re: securing apache web server
Mmm... Ubuntu just like Debian - /etc/apache2/apache2.confeagles051387 wrote:in regards to disabling the directory listing where is the httpd.conf file for apache found on ubuntu 14.04 with vesta installed?
But! For users and domain you have templates for apache here - /usr/local/vesta/data/templates/web/apache2/ - and this code:
Code: Select all
<Directory %sdocroot%>
AllowOverride All
Options +Includes -Indexes +ExecCGI
</Directory>
Re: securing apache web server
/usr/local/vesta/data/templates/web/apache2/*eagles051387 wrote:where can i also find the option section to disable symbolic links as well sa the options to turn off server side includes and cgi execution?
/usr/local/vesta/data/templates/web/nginx/*
Edit templates and add domains with your settings. As you can see nginx\hosting.tpl template already have disable_symlinks options. For apache2 templates remember about openbase_dir - fixed or not? Need to check
Code: Select all
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
Re: securing apache web server
/etc/nginx/nginx.conf -> client_max_body_sizeeagles051387 wrote:In the original post point 10 what do you mean connection limit in the nginx config what exactly in the config file am I looking for?
-
- Posts: 139
- Joined: Thu Jan 07, 2016 12:01 am
Re: securing apache web server
As long as it's done correctly, you'll have no issue's. You'll know if you've done it wrong with an error 500.6. Use Allow and Deny to Restrict access to Directories
safe, I think