For Linux System Web Server Security-Linux Enterprise Application-Linux server application information, the following is a detailed description. To protect Web host security, remove unnecessary services. Before removing unnecessary services, you must first specify the type of host you want to create. There are three types of hosts:
Intranet Web host-a host without Internet connection, usually connected to a LAN.
Private or external Web hosts-hosts that are connected to the Internet but only provide services to very limited customers.
Public or sacrifice Web hosts-a common Web host that users who know or do not know can access the Internet around the clock.
Different host types determine the provision of different services, and all unnecessary services are blocked. This is because the running service may open security vulnerabilities. Access control is required for services to run. You can use the TCPWrapper toolkit, which provides access control for remote services based on pattern matching, it can be used to prohibit or allow services to some users. After the service is reduced, access control and authentication should be established on the Web server. Apache is the most popular Web server in LINUX. To create rules for network access control, you must use the following command:
# Controls who can get stuff from this server.
Order allow, deny
Allow from all
These commands provide three control channels. The allow command controls which hosts can be connected, the deny command controls which hosts cannot be connected, and the order command controls the order in which the allow/deny commands are executed. By using these commands, You can explicitly authorize hosts and block unauthorized hosts.
There are many options for Apache Security Settings. these settings are strict enough, but different options may cause security problems. For example, the ExecCGI option is to select whether to allow the CGI program to run. The CGI program is not safe. Therefore, if you do not need to execute the CGI program, try not to execute it. Other options may have different problems. Pay attention to them during installation. Currently, Apache not only provides basic type authentication, but also supports digest-based MD5 encryption authentication.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
