1. 程式人生 > >Apache網頁安全優化

Apache網頁安全優化

exe cti sig over 添加 tput compress xtra htm

參考手工編譯安裝Apache 安裝這些包 yum install gcc gcc-c++ make pcre pcre-devel zlib-devel -y

./configure \
--prefix=/usr/local/httpd \
--enable-deflate \ //支持可壓縮
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi

接下來 make &&make install
**修改它的配置文件 vi /etc/init.d/httpd 在文件最前面插入下面的行

#!/bin/sh

chkconfig:2345 85 15

# description:Apache is a World Wide Web server.


給它執行權限 chmod +x /etc/init.d/httpd

chkconfig --add httpd
chkconfig --list httpd
chkconfig --level 35 httpd on

建立軟鏈接 ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
vi /usr/local/apache/conf/httpd.conf 修改以下兩行
Listen:IPV4
ServerName:主機名.域名

開啟網站服務 service httpd start


vim /etc/httpd.conf
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so //開啟 去掉前面#
LoadModule filter_module modules/mod_filter.so
末尾添加:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>

cd /usr/local/httpd/bin
./apachectl -t
Syntax OK //驗證配置文件成功

驗證模塊
./apachectl -t -D DUMP_MODULES | grep "deflate"
deflate_module (shared)

網頁緩存 ./configure \
--prefix=/usr/local/httpd \
--enable-deflate \
--enable-expires \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi

vim /etc/httpd.conf
LoadModule expires_module modules/mod_expires.so
末尾添加:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 50 seconds" //50s之後過期
</IfModule>

cd /usr/local/httpd/bin
./apachectl -t
Syntax OK

查看模塊 ./apachectl -t -D DUMP_MODULES | grep "expires"
expires_module (shared)

**安全優化 yum install zlib-devel -y

./configure \
--prefix=/usr/local/httpd \
--enable-deflate \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi
主配置文件修改

<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks

AllowOverride None

Require all granted下插入:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://benet.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.benet.com/error.png

</Directory>

LoadModule rewrite_module modules/mod_rewrite.so //開啟

./apachectl -t -D DUMP_MODULES | grep "rewrite"
rewrite_module (shared)**

**隱藏版本信息 Include conf/extra/httpd-default.conf 去#,開啟

vim httpd-default.conf

ServerTokens Prod //只顯示名稱,沒有版本
ServerSignature Off

**

Apache網頁安全優化