securing apache web server

[eagles051387]

I found a great link to harden apache, but I am curious could it cause any problems with vesta and apache itself?

http://www.tecmint.com/apache-security-tips/

[skurudo]

I found a great link to harden apache, but I am curious could it cause any problems with vesta and apache itself?

Document root Directory: /var/www/html or /var/www
Oh YEAH! With this settings you get too much troubles.

1. hide Apache Version and OS Identity from Errors
safe
2. Disable Directory Listing
safe
3. Keep updating Apache Regularly
safe
4. Disable Unnecessary Modules
be careful with this
5. Run Apache as separate User and Group
not safe, be careful... apache2 already run from www-data
6. Use Allow and Deny to Restrict access to Directories
safe, I think
7. Use mod_security and mod_evasive Modules to Secure Apache
safe, but in Vesta you have firewall, file2ban and nginx...
8. Disable Apache’s following of Symbolic Links
safe
9. Turn off Server Side Includes and CGI Execution
safe
10. Limit Request Size
safe, but you already have nginx to limit this - limit body size option
11. Protect DDOS attacks and Hardening
safe, but you have lmit connection by yourself in nginx config
12. Enable Apache Logging
already there )
13. Securing Apache with SSL Certificates
ehm... ok

For security you can use BASEDIR template ^_^

[eagles051387]

in regards to disabling the directory listing where is the httpd.conf file for apache found on ubuntu 14.04 with vesta installed?

[eagles051387]

where can i also find the option section to disable symbolic links as well sa the options to turn off server side includes and cgi execution?

[eagles051387]

In the original post point 10 what do you mean connection limit in the nginx config what exactly in the config file am I looking for?

[skurudo]

in regards to disabling the directory listing where is the httpd.conf file for apache found on ubuntu 14.04 with vesta installed?

Mmm... Ubuntu just like Debian - /etc/apache2/apache2.conf

But! For users and domain you have templates for apache here - /usr/local/vesta/data/templates/web/apache2/ - and this code:

Code: Select all

   <Directory %sdocroot%>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

-Indexes -- directory listing off originally

[skurudo]

where can i also find the option section to disable symbolic links as well sa the options to turn off server side includes and cgi execution?

/usr/local/vesta/data/templates/web/apache2/*
/usr/local/vesta/data/templates/web/nginx/*

Edit templates and add domains with your settings. As you can see nginx\hosting.tpl template already have disable_symlinks options. For apache2 templates remember about openbase_dir - fixed or not? Need to check

Code: Select all

php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
 

[skurudo]

In the original post point 10 what do you mean connection limit in the nginx config what exactly in the config file am I looking for?

/etc/nginx/nginx.conf -> client_max_body_size

[BBuchanan1013]

6. Use Allow and Deny to Restrict access to Directories
safe, I think

As long as it's done correctly, you'll have no issue's. You'll know if you've done it wrong with an error 500.