notas:apache
¡Esta es una revisión vieja del documento!
Tabla de Contenidos
Tips de Apache
Cosas varias con las que me tope cuando tuve que modificar la configuración de Apache.
Directorio sin autenticacion dentro de otro con autenticacion
Ejemplo en algunos casos tenemos un directorio autenticado
<Directory "/usr/local/nagios/share"> AuthType Basic AuthName "Nagios Access" Options All Order allow,deny Allow from all AllowOverride None AuthUserFile /usr/local/nagios/etc/passwd.nagios require valid-user </Directory>
Pero a la vez dentro de el tenemos un directorio que no precisa privilegios y queremos que sea visible para los demas usuarios de la red sin necesidad de autenticación, para ello deberemos configurarlo de la siguiente manera :
<Directory "/usr/local/nagios/share/wiki"> Options +Indexes Satisfy Any Allow from All AllowOverride All </Directory>
Seguridad
En el blog sherekan http://sherekan.com.ar/2009/08/11/securizando-servidor-apache-parte-iv/ hay una nota simple sobre phpsu.
/etc/apache2/conf.d/security
# # Disable access to the entire file system except for the directories that # are explicitly allowed later. # # This currently breaks the configurations that come with some web application # Debian packages. It will be made the default for the release after lenny. # #<Directory /> # AllowOverride None # Order Deny,Allow # Deny from all #</Directory> # Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. # # En Prod no mostramos ninguna info de version ni nada ServerTokens Prod # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail # # No mostrar info de version ni nada ServerSignature Off # # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended # TraceEnable Off
/etc/php5/apache2/php.ini
expose_php = Off
notas/apache.1268072890.txt.gz · Última modificación: 2010/03/08 18:28 por cayu