production environment, after the deployment of Apache, we should be from a security or performance point of view, before the Apache service on-line, to do a lot of optimization debugging it.
Apache
Lab Environment:
Apache version: httpd-2.2.31
Source Package storage Location:/USR/LOCAL/SRC
Source Package Compilation Installation Location: apache:/usr/local/apache2.2-xuegod/
Tip 1:
Install sensitive information such as Apache screened Apache version
To view Apache version information:
[Email protected]yeyou ~]# curl-iwww.baidu.com
。。。
x-powered-by:hphp
server:bws/1.1
X-ua-compatible:ie=edge,chrome=1
Bdpagetype:1
Bdqid:0xcfd31d8200026e11
bduserid:0
Test your website to see what version? There is no corresponding vulnerability
[Email protected]yeyou ~]# curl-iwww.taobao.com
http/1.1 302 Found
Server:tengine two-time development based on Nginx
Date:tue, 201502:22:06 GMT
Content-type:text/html
content-length:258
Connection:keep-alive
location:https://www.taobao.com/
Completely eliminate sensitive information such as versions
To completely change the version and other information, you need to modify the source package under the Include/ap_release.h file before compiling
[Email protected]yeyou httpd-2.2.25] #pwd
/usr/local/src
[Email protected]yeyou src]# rm-rfhttpd-2.2.25
[Email protected]yeyou src]# tar zxfhttpd-2.2.25.tar.gz
[Email protected]yeyou src]# cdhttpd-2.2.25
[[email protected]yeyou httpd-2.2.25] #vim include/ap_release.h # Modify the source version information for your company's information, hide the real version information
Change:
#define Ap_server_basevendor "Apache software Foundation"
#define Ap_server_baseproject "Apachehttp SERVER"
#define AP_SERVER_BASEPRODUCT "Apache"
45
#define Ap_server_majorversion_number 2
#define Ap_server_minorversion_number 2
#define Ap_server_patchlevel_number 25
0 Ap_server_devbuild_boolean #define
For:
#defineAP_SERVER_BASEVENDOR "Xuegod"
#defineAP_SERVER_BASEPROJECT " Web Server "
#defineAP_SERVER_BASEPRODUCT " xuegod Web Server "
#defineAP_SERVER_MAJORVERSION_NUMBER 8
#defineAP_SERVER_MINORVERSION_NUMBER 1
#defineAP_SERVER_PATCHLEVEL_NUMBER 2
#defineAP_SERVER_DEVBUILD_BOOLEAN 3
Comments:
#define Ap_server_basevendor "Apache software Foundation" # Vendor name of the service
#define Ap_server_baseproject "Apache HTTP SERVER" # Project name of the service
#define AP_SERVER_BASEPRODUCT "Apache" # Product name of the service
#define AP_SERVER_MAJORVERSION_NUMBER2 # Major Version number
#defineAP_SERVER_MINORVERSION_NUMBER 4 # Minor version number
#defineAP_SERVER_PATCHLEVEL_NUMBER 6 # Patch Level
#defineAP_SERVER_DEVBUILD_BOOLEAN 0 #
Note: The lines listed above, you can change to the one you want, and then compile and install, and then modify the httpd-default.conf file, the other party will completely do not know your version number.
Source code compile and install Apache
[Email protected]yeyou httpd-2.2.11]# Yum installopenssl*
[Email protected]yeyou httpd-2.2.25]#./configure--prefix=/usr/local/apache2.2-xuegod--enable-so-- Enable-rewrite--enable-ssl--enable-deflate--enable-expires # Check the installation environment and generate makefile files
Configuration parameters Use:
--prefix=/usr/local/apache2.2 # Specify the installation path
--enable-so # supports dynamic loading mode Block
--enable-rewrite # Support website Address rewriting
--enable-ssl # Support SSL Encryption
--enable-deflate # compression before page transfer is supported
--enable-expires # support for setting the page cache time
Compiling and installing:make&& make install
To view the post-installation directory:
[Email protected]yeyou httpd-2.2.25]# ls/usr/local/apache2.2-xuegod/conf/httpd.conf
/usr/local/apache2.2-xuegod/conf/httpd.conf
To store the root directory of a Web site:
[[email protected]yeyou httpd-2.2.25] #ls/usr/local/apache2.2-xuegod/htdocs/
Index.html
To modify the default home page content:
[Email protected]yeyou httpd-2.2.25]# echo apache-xuegod>>/usr/local/apache2.2-xuegod/htdocs/ Index.html
To start Apache:
Configure Apache to boot up and use the service command to start the Apache server
[[email protected] httpd-2.2.25] #cp/usr/local/apache2.2-xuegod/bin/apachectl/etc/init.d/apachectl-xuegod
To start Apache:
[[Email protected]2.25]#/etc/init.d/apachectl-xuegod Start
Test: Hide Apache version information
curl-i192.168.1.63 # I don't see anything about Apache.
http/1.1 OK
Date:sat, 201509:43:44 GMT
Server:xuegod Web Server/8.1.2-dev (Unix) mod_ssl/8.1.2-devopenssl/1.0.0-fips
Last-modified:sat, Aug2015 09:37:36 GMT
ETag: "6d086-3a-51e6ff35dba19"
Accept-ranges:bytes
content-length:58
Content-type:text/html
Hide the version number and system type again
Next, modify it again:
Vim/usr/local/apache2.2-xuegod/conf/httpd.conf
405 #Includeconf/extra/httpd-default.conf
For:
Includeconf/extra/httpd-default.conf
2 ) to open a httpd-default.conf file, modify the following two places
Vim/usr/local/apache2.2-xuegod/conf/extra/httpd-default.conf
Change:
Servertokens full
serversignature on Signature Signature
For:
Servertokens Prod # do not display server operating system types
serversignature Off # The Web server version number is not displayed
How to make the Apache configuration file effective:
Method 1: Restart the service: restart
Method 2: Reload the configuration file without restarting the service
Reload It's Nginx .
/etc/init.d/apachectl-xuegod Graceful Elegance of
Test:
curl-i192.168.1.63
http/1.1 OK
Date:thu, Jan 201602:31:24 GMT
Server:xuegod Web Server
Summarize:
1, change include/ap_release.h before installation
2, httpd.conf extra/httpd-default.conf Remove Comments
3, Modify Extra/httpd-default.conf
Servertokens full
serversignature on Signature Signature
For:
Servertokens Prod # do not display server operating system types
serversignature Off # The Web server version number is not displayed
2 , error page elegant display
To improve the user experience of the site, avoid ugly default error prompts like 404,403.
Http://192.18.1.63/a.html
Method One:
vim/usr/local/apache2.2-xuegod/conf/httpd.conf # Add the following red markup to the tag in the root directory.
<directory "/usr/local/apache2.2-xuegod/htdocs" >
。。。
In about 159 lines, insert:
ErrorDocument 404/404.html
</Directory>
Note: On the 404.html page of the #将404错误跳转到/usr/local/apache2.2-xuegod/htdocs
Note: The errordocument command format is as follows:
ErrorDocument page link or file to which the error code jumps
To create a 404 test page:
echo "404 Go To Home" >/usr/local/apache2.2-xuegod/htdocs/404.html
Restart:
/etc/init.d/apachectl-xuegodrestart
Method 2: After an error, jump to a link
vim/usr/local/apache2.2-xuegod/conf/httpd.conf # Add the following red markup to the tag in the root directory.
<directory "/usr/local/apache2.2-xuegod/htdocs" >
。。。
In about 159 lines, insert:
ErrorDocument 404 http://www.baidu.com
</Directory>
Note: #将404错误跳转到http://www.baidu.com
Restart:
/etc/init.d/apachectl-xuegod restart
Apache Tuning hidden version information and 404 redirects