So, I just recently installed Apache2, nothing unusual about that. But what is unusual is that I will be opening a server for public eyes very soon, and I want the server to have a safe configuration.
The things that I know I want is:
Apache not showing version information or any other crucial info
PHP not showing any errors at all (fucks up my server online script)
The regular setup to draw down the processes performance demands I already have from another thread (b_b helped me), but should I use the same configs for this one?
Any tip?
Newly installed Apache2
Newly installed Apache2
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
ok, here are some settings you should use:
in apache2.conf (or httpd.conf):
http://httpd.apache.org/docs/2.2/mod/co ... rsignature
in php.ini:
I also recommend to install the Suhosin extension:
http://www.hardened-php.net/suhosin/
in apache2.conf (or httpd.conf):
Code: Select all
ServerSignature Off
ServerTokens Prod
in php.ini:
Code: Select all
expose_php = Off
allow_url_fopen = Off
display_errors = Off
http://www.hardened-php.net/suhosin/