Apache Tuning hidden version information and 404 redirects

production environment, after the deployment of Apache, we should be from a security or performance point of view, before the Apache service on-line, to do a lot of optimization debugging it.

Apache

Lab Environment:

Apache version: httpd-2.2.31

Source Package storage Location:/USR/LOCAL/SRC

Source Package Compilation Installation Location: apache:/usr/local/apache2.2-xuegod/

Tip 1:

Install sensitive information such as Apache screened Apache version

To view Apache version information:

[Email protected]yeyou ~]# curl-iwww.baidu.com

。。。

x-powered-by:hphp

server:bws/1.1

X-ua-compatible:ie=edge,chrome=1

Bdpagetype:1

Bdqid:0xcfd31d8200026e11

bduserid:0

Test your website to see what version? There is no corresponding vulnerability

[Email protected]yeyou ~]# curl-iwww.taobao.com

http/1.1 302 Found

Server:tengine two-time development based on Nginx

Date:tue, 201502:22:06 GMT

Content-type:text/html

content-length:258

Connection:keep-alive

location:https://www.taobao.com/

Completely eliminate sensitive information such as versions

To completely change the version and other information, you need to modify the source package under the Include/ap_release.h file before compiling

[Email protected]yeyou httpd-2.2.25] #pwd

/usr/local/src

[Email protected]yeyou src]# rm-rfhttpd-2.2.25

[Email protected]yeyou src]# tar zxfhttpd-2.2.25.tar.gz

[Email protected]yeyou src]# cdhttpd-2.2.25

[[email protected]yeyou httpd-2.2.25] #vim include/ap_release.h # Modify the source version information for your company's information, hide the real version information

Change:

#define Ap_server_basevendor "Apache software Foundation"

#define Ap_server_baseproject "Apachehttp SERVER"

#define AP_SERVER_BASEPRODUCT "Apache"

45

#define Ap_server_majorversion_number 2

#define Ap_server_minorversion_number 2

#define Ap_server_patchlevel_number 25

0 Ap_server_devbuild_boolean #define

For:

#defineAP_SERVER_BASEVENDOR "Xuegod"

#defineAP_SERVER_BASEPROJECT " Web Server "

#defineAP_SERVER_BASEPRODUCT " xuegod Web Server "

#defineAP_SERVER_MAJORVERSION_NUMBER 8

#defineAP_SERVER_MINORVERSION_NUMBER 1

#defineAP_SERVER_PATCHLEVEL_NUMBER 2

#defineAP_SERVER_DEVBUILD_BOOLEAN 3

Comments:

#define Ap_server_basevendor "Apache software Foundation" # Vendor name of the service

#define Ap_server_baseproject "Apache HTTP SERVER" # Project name of the service

#define AP_SERVER_BASEPRODUCT "Apache" # Product name of the service

#define AP_SERVER_MAJORVERSION_NUMBER2 # Major Version number

#defineAP_SERVER_MINORVERSION_NUMBER 4 # Minor version number

#defineAP_SERVER_PATCHLEVEL_NUMBER 6 # Patch Level

#defineAP_SERVER_DEVBUILD_BOOLEAN 0 #

Note: The lines listed above, you can change to the one you want, and then compile and install, and then modify the httpd-default.conf file, the other party will completely do not know your version number.

Source code compile and install Apache

[Email protected]yeyou httpd-2.2.11]# Yum installopenssl*

[Email protected]yeyou httpd-2.2.25]#./configure--prefix=/usr/local/apache2.2-xuegod--enable-so-- Enable-rewrite--enable-ssl--enable-deflate--enable-expires # Check the installation environment and generate makefile files

Configuration parameters Use:

--prefix=/usr/local/apache2.2 # Specify the installation path

--enable-so # supports dynamic loading mode Block

--enable-rewrite # Support website Address rewriting

--enable-ssl # Support SSL Encryption

--enable-deflate # compression before page transfer is supported

--enable-expires # support for setting the page cache time

Compiling and installing:make&& make install

To view the post-installation directory:

[Email protected]yeyou httpd-2.2.25]# ls/usr/local/apache2.2-xuegod/conf/httpd.conf

/usr/local/apache2.2-xuegod/conf/httpd.conf

To store the root directory of a Web site:

[[email protected]yeyou httpd-2.2.25] #ls/usr/local/apache2.2-xuegod/htdocs/

Index.html

To modify the default home page content:

[Email protected]yeyou httpd-2.2.25]# echo apache-xuegod>>/usr/local/apache2.2-xuegod/htdocs/ Index.html

To start Apache:

Configure Apache to boot up and use the service command to start the Apache server

[[email protected] httpd-2.2.25] #cp/usr/local/apache2.2-xuegod/bin/apachectl/etc/init.d/apachectl-xuegod

To start Apache:

[[Email protected]2.25]#/etc/init.d/apachectl-xuegod Start

Test: Hide Apache version information

curl-i192.168.1.63 # I don't see anything about Apache.

http/1.1 OK

Date:sat, 201509:43:44 GMT

Server:xuegod Web Server/8.1.2-dev (Unix) mod_ssl/8.1.2-devopenssl/1.0.0-fips

Last-modified:sat, Aug2015 09:37:36 GMT

ETag: "6d086-3a-51e6ff35dba19"

Accept-ranges:bytes

content-length:58

Content-type:text/html

Hide the version number and system type again

Next, modify it again:

Vim/usr/local/apache2.2-xuegod/conf/httpd.conf

405 #Includeconf/extra/httpd-default.conf

For:

Includeconf/extra/httpd-default.conf

2 ) to open a httpd-default.conf file, modify the following two places

Vim/usr/local/apache2.2-xuegod/conf/extra/httpd-default.conf

Change:

Servertokens full

serversignature on Signature Signature

For:

Servertokens Prod # do not display server operating system types

serversignature Off # The Web server version number is not displayed

How to make the Apache configuration file effective:

Method 1: Restart the service: restart

Method 2: Reload the configuration file without restarting the service

Reload It's Nginx .

/etc/init.d/apachectl-xuegod Graceful Elegance of

Test:

curl-i192.168.1.63

http/1.1 OK

Date:thu, Jan 201602:31:24 GMT

Server:xuegod Web Server

Summarize:

1, change include/ap_release.h before installation

2, httpd.conf extra/httpd-default.conf Remove Comments

3, Modify Extra/httpd-default.conf

Servertokens full

serversignature on Signature Signature

For:

Servertokens Prod # do not display server operating system types

serversignature Off # The Web server version number is not displayed

2 , error page elegant display

To improve the user experience of the site, avoid ugly default error prompts like 404,403.

Http://192.18.1.63/a.html

Method One:

vim/usr/local/apache2.2-xuegod/conf/httpd.conf # Add the following red markup to the tag in the root directory.

<directory "/usr/local/apache2.2-xuegod/htdocs" >

。。。

In about 159 lines, insert:

ErrorDocument 404/404.html

</Directory>

Note: On the 404.html page of the #将404错误跳转到/usr/local/apache2.2-xuegod/htdocs

Note: The errordocument command format is as follows:

ErrorDocument page link or file to which the error code jumps

To create a 404 test page:

echo "404 Go To Home" >/usr/local/apache2.2-xuegod/htdocs/404.html

Restart:

/etc/init.d/apachectl-xuegodrestart

Method 2: After an error, jump to a link

vim/usr/local/apache2.2-xuegod/conf/httpd.conf # Add the following red markup to the tag in the root directory.

<directory "/usr/local/apache2.2-xuegod/htdocs" >

。。。

In about 159 lines, insert:

ErrorDocument 404 http://www.baidu.com

</Directory>

Note: #将404错误跳转到http://www.baidu.com

Restart:

/etc/init.d/apachectl-xuegod restart

Apache Tuning hidden version information and 404 redirects