UbuntuLinux: Apache installation settings

UbuntuLinux: Apache installation settings-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Install Apache2

Sudo apt-get install apache2

Edit the/etc/apache2/apache2.conf file. before modifying the file, back up the configuration file. In this way, you can recover an error.

AddDefaultCharset ISO-8859-1 => AddDefaultCharset GB2312

In this way, we won't go through the garbled code every time we open the web page!

Add the security Module to ensure the normal operation of Apache services. Now we have installed mod-security. (Optional)

First install the libapache2-mod-security package

Sudo apt-get install libapache2-mod-security

This module is not activated by default, we can see a mod-security.load file in the/etc/apache2/mod-available Directory, but there is no soft link in the/etc/apache2/mod-enabled directory. Now we activate it:

$ Sudo ln-s/etc/apache2/mod-available/mod-security.load/etc/apache2/mod-enabled/mod-security.load

$ Sudo cp/usr/share/doc/libapache2-mod-security/examples/httpd2.conf. example-full/etc/apache2/mod-available/mod-security.conf

$ Sudo cp/etc/apache2/mod-available/mod-security.conf/etc/apache2/mod-available/mod-security.conf.orig

$ Sudo vi/etc/apache2/mod-available/mod-security.conf

==== Mod-security.conf file content start ====

# Check the content length to avoid Heap Overflow attacks

SecFilterForceByteRange 32 254 => SecFilterForceByteRange 32 126

# Debug settings

SecFilterDebugLevel 9 => SecFilterDebugLevel 0

# Set the default action

SecFilterDefaultAction "deny, log, status: 499" => SecFilterDefaultAction "deny, log, status: 404"

# Pass the settings to the subdirectory

SecFilterInheritance Off

# Redirect user on filter match

# When matching sh, redirect to a special warning page. This page is self-written. If you write some warnings, attackers may be unable to leave the page. This section will not take effect first, it is not too late to expire after the relevant configuration is configured. Remember to make it take effect after configuration.

# SecFilter sh redirect: http: // localhost/hack/warning.htm

# Prevent OS specific keywords

# Filter sensitive things. We use * to prevent attackers from using/etc/./passwd.

SecFilter/etc/passwd => SecFilter/etc/* passwd

SecFilter/bin/* sh

# Very crude filters to prevent SQL injection attacks

# Prevent SQL insert attacks

SecFilter "delete [[: space:] + from"

SecFilter "insert [[: space:] +"

SecFilter "select. + from"

SecFilter "select [[: space:] + from"

SecFilter "union [[: space:] + from"

==== Mod-security.conf file content ended ====

Sudo ln-s/etc/apache2/mod-available/mod-security.conf/etc/apache2/mod-enabled/mod-security.conf

Restart the Apache2 service.

Sudo/etc/init. d/apache2 restart

Note: The third step may cause some websites to fail to run normally. You can refer to removing some restrictions. Because it is a security module, you can refer to the firewall approach to turn off all insecure services, then open the necessary information as needed.

UbuntuChina Wiki: Apache installation settings

Post: ubuntu