Apache Web page and security optimization

Apache Web page and security optimization

?

• Apache is a cross-platform Web server, because of its simple and efficient, stable security features, is widely used in computer technology in all areas. Now, with its huge number of users, Apache has become the number one Web server for users.
  ?

• However, in a real production environment, it is still not possible to use the default configuration of Apache directly to serve as a server. After all, in order to use Apache server more fully and rationally, we should make some necessary adjustments to Apache's default configuration according to our actual needs.

• Need to compile Apache Add Optimization module (install detailed operation)

  # cd /opt/httpd-2.4.2# ./configure --prefix=/usr/local/httpd \    //安装目录--enable-deflate \              //压缩模板--enable-expires \            //支持 HTTP 控制--enable-so \                    //让apache核心装载DSO--enable-rewrite \             //启用重写功能 --enable-charset-lite \       //启动字符集支持--enable-cgi                      //启用CGI脚本程序支持,便于扩展网站的应用访问能力 # make && make install

?

• Web page compression (page load speed to save traffic)

  Gzip is a popular file compression algorithm and is now widely used, especially on Linux platforms. When applying gzip compression to a plain text file, the effect is very noticeable and can reduce file size by more than 70%. This depends on the content in the file. Using the GZIP module in Apache, we can use the GZIP compression algorithm to compress the Web content published by the Apache server before transferring it to the client browser. This compression actually reduces the number of bytes transmitted over the network, the most obvious benefit is that the speed of page loading can be accelerated.

  # vim /etc/httpd.conf打开Apache主配置文件  去掉下面三行前面 #LoadModule headers_module modules/mod_headers.soLoadModule deflate_module modules/mod_deflate.so    LoadModule filter_module modules/mod_filter.so........................................在Apache主配置文件末尾添加<IfModule mod_deflate.c>    AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript    DeflateCompressionLevel 9    SetOutputFilter DEFLATE</IfModule>注解：<IfModule mod_deflate.c>对html、plain、css、xml、javacript内容启用gzip压缩是指压缩程度的等级，从1到9，9是最高等级，级别越高，压缩越小对上面设置的所有 输出启用压缩</IfModule>

• Validating syntax and modules

  # cd /usr/local/httpd/bin# ./apachectl -tSyntax OK     //验证配置文件成功# ./apachectl -t -D DUMP_MODULES | grep "deflate"deflate_module (shared)# systemctl restart httpd   //重启服务

• Web cache

The Web cache is a page cache that is often not changed or rarely changes, and the next time the browser accesses these pages again, it does not need to download the pages again, thus increasing the user's access speed

    # vim /etc/httpd.conf    Apache主配置开启模块（去#号）    LoadModule expires_module modules/mod_expires.so    配置文件末尾添加    <IfModule mod_expires.c>        ExpiresActive On        ExpiresDefault "access plus 50 seconds"         #缓存为50秒    </IfModule>

• Validating syntax and modules

  # cd /usr/local/httpd/bin# ./apachectl -tSyntax OK     //验证配置文件成功# ./apachectl -t -D DUMP_MODULES | grep "expires"expires_module (shared)# systemctl restart httpd   //重启服务

Apache Security Optimization
?

• Hidden versions

The hidden version reduces the risk of being attacked and protects the server from running safely.

    # vim /etc/httpd.conf  （去掉下面配置行的#）    Include conf/extra/httpd-default.conf    # vim /usr/local/httpd/conf/extra/httpd-default.conf    ServerTokens Prod            //修改成Prod   只显示名称，没有版本    ServerSignature Off    # systemctl restart httpd   //重启服务

• Anti-theft chain

Now many long stations are direct use of other resources on the site, if your website bandwidth performance is not good, it is easy to this kind of website to the traffic fee light, below I introduce in Apache environment Anti-theft chain configuration method, which they can not directly use your site resources Oh.

Master configuration File Modification

    # vim /etc/httpd.conf       LoadModule rewrite_module modules/mod_rewrite.so   //去掉#号 开启    ...................................        <Directory "/usr/local/httpd/htdocs">                   Options Indexes FollowSymLinks          //215行添加            AllowOverride None            Require all granted            RewriteEngine On            RewriteCond %{HTTP_REFERER} !^http://benet.com/.*$ [NC]            RewriteCond %{HTTP_REFERER} !^http://benet.com$ [NC]            RewriteCond %{HTTP_REFERER} !^http://www.benet.com/.*$ [NC]            RewriteCond %{HTTP_REFERER} !^http://www.benet.com/$ [NC]            RewriteRule .*\.(gif|jpg|swf)$ http://www.benet.com/error.png [R,NC,L]        #设置规则 盗用gif jpg swf 结尾的文件时  跳转盗链的替代图片：（error.png图片放在站点目录下）        .........省略n行        </Directory>        (.*$：以任意字符结尾            NC：不区分大写            R：强制跳转）

 

• Test

  # vim /usr/local/httpd/htdocs/index.html  //编辑默认首页

• Open a Web server again

• Edit a hotlinking Web page

  # vim /usr/local/httpd/htdocs/index.html     //编辑盗链的首页

• Visit hotlinking Web page

• Can see to jump to the site of evil Error.png pictures

Apache Web page and security optimization