Apache网页安全优化
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Apache网页安全优化相关的知识,希望对你有一定的参考价值。
参考手工编译安装Apache 安装这些包 yum install gcc gcc-c++ make pcre pcre-devel zlib-devel -y
./configure
--prefix=/usr/local/httpd
--enable-deflate //支持可压缩
--enable-so
--enable-rewrite
--enable-charset-lite
--enable-cgi
接下来 make &&make install
**修改它的配置文件 vi /etc/init.d/httpd 在文件最前面插入下面的行
#!/bin/sh
chkconfig:2345 85 15
# description:Apache is a World Wide Web server.
给它执行权限 chmod +x /etc/init.d/httpd
chkconfig --add httpd
chkconfig --list httpd
chkconfig --level 35 httpd on
建立软链接 ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
vi /usr/local/apache/conf/httpd.conf 修改以下两行
Listen:IPV4
ServerName:主机名.域名
开启网站服务 service httpd start
vim /etc/httpd.conf
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so //开启 去掉前面#
LoadModule filter_module modules/mod_filter.so
末尾添加:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
cd /usr/local/httpd/bin
./apachectl -t
Syntax OK //验证配置文件成功
验证模块
./apachectl -t -D DUMP_MODULES | grep "deflate"
deflate_module (shared)
网页缓存 ./configure
--prefix=/usr/local/httpd
--enable-deflate
--enable-expires
--enable-so
--enable-rewrite
--enable-charset-lite
--enable-cgi
vim /etc/httpd.conf
LoadModule expires_module modules/mod_expires.so
末尾添加:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 50 seconds" //50s之后过期
</IfModule>
cd /usr/local/httpd/bin
./apachectl -t
Syntax OK
查看模块 ./apachectl -t -D DUMP_MODULES | grep "expires"
expires_module (shared)
**安全优化 yum install zlib-devel -y
./configure
--prefix=/usr/local/httpd
--enable-deflate
--enable-so
--enable-rewrite
--enable-charset-lite
--enable-cgi
主配置文件修改
<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted下插入:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://benet.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/$ [NC]
RewriteRule .*.(gif|jpg|swf)$ http://www.benet.com/error.png
</Directory>
LoadModule rewrite_module modules/mod_rewrite.so //开启
./apachectl -t -D DUMP_MODULES | grep "rewrite"
rewrite_module (shared)**
**隐藏版本信息 Include conf/extra/httpd-default.conf 去#,开启
vim httpd-default.conf
ServerTokens Prod //只显示名称,没有版本
ServerSignature Off
**
以上是关于Apache网页安全优化的主要内容,如果未能解决你的问题,请参考以下文章
Apache网页优化与安全优化(网页压缩;网页缓存;网页防盗链;隐藏版本信息)