Apache服务器的安全性和优化技巧 [英] Apache Webserver security and optimization tips

问题描述

我如何对付管理和运行我的第一个互联网连接的Apache网络服务器，如果有任何系统管理者和开发人员在那里，想和大家分享一些关于为运行Apache安全性和优化建议他们的知识我想知道网络服务器。

也许你可以安装Apache网络服务器（在Linux中）后，分享您的前五（或十个）的事情，你马上待办事项。

任何帮助非常AP preciated。

解决方案

基本

1. 请务必安装最新的稳定版本。运行旧的或不稳定版本的Apache可能你的系统暴露在安全漏洞或未经测试的解决方案


2. 确保只有预期请求实际处理。你应该考虑的 <谁/ em>的有访问由Apache的暴露出来的网络资源和如何。


3. 避免运行Apache作为根。这是必须的。


4. 处理您的日志即可。日志往往会变得越来越大;考虑设置logrotate的或定期清洁您的日志。


5. 显示器的Apache与健康监测系统。我喜欢夫妇穆宁和monit的，既容易setuo和维护。 Nagios的和其他人都值得一试。


6. 如果Apache正在服务的Web应用程序（即PHP，Perl和Rails）的请确保请求是由正确的模块以正确的顺序处理


7. 写一个漂亮的404和500的消息。迟早您的访客将捕获错误。


8. 停止和重新启动Apache 上，这样你就可以确保两个shoutdown和启动程序工作flawlessy。


9. 使用的mod_security

安全

1. 保护Apache的反对DOS。


2. 只加载模块真正需要的。


3. 监控日志弄清楚，如果一些奇怪的事情正在发生。

性能

1. 如果您是从源头code编译Apache，一定要使用MPM（多处理模块）。


2. 只加载模块真正需要的。


3. 检查MaxClients的设置，以便您的服务器不酿出这么多孩子在开始交换。


4. 使用mod_deflate模块模块，它提供了DEFLATE输出过滤器，允许从服务器输出到通过网络发送到客户端之前是COM pressed。

I'm about to deal with managing and running my first Internet connected Apache webserver and I was wondering if there are any sys admins and developers out there that would like to share some of their knowledge regarding security and optimization tips for running Apache webserver.

Maybe you can share your top five (or ten) list of things you immediately do after installing Apache webserver (on a Linux box).

Any help very much appreciated.

解决方案

Basic

1. Be sure to have the latest stable version installed. Running old or unstable version of Apache could expose your system to security flaws or untested solutions
2. Be sure only the intended requests are actually processed. You should consider who has to access the web resources exposed by Apache and how.
3. Avoid running Apache as root. This is a must.
4. Handle your logs. Logs tend to become bigger and bigger; consider to setup logrotate or to clean your log periodically.
5. Monitor Apache health with a monitoring system. I like to couple munin and monit, both easy to setuo and to maintain. Nagios and others are worth a look.
6. If Apache is serving web apps (i.e. PHP, Perl, Rails) be sure the requests are handled by the right module in the right order.
7. Write a nice 404 and 500 message. Sooner or later your visitors will catch an error.
8. Stop and restart Apache, so you can be sure both the shoutdown and start procedure is working flawlessy.
9. Use mod_security

Security

1. Protect Apache against DOS.
2. Load only the modules really needed.
3. Monitor your log to figure out if something strange is happening.

Performance

1. If you are compiling Apache from source code, be sure to use MPM (Multi-Processing Modules).
2. Load only the modules really needed.
3. Check the MaxClients setting so that your server does not spawn so many children it starts swapping.
4. Use the mod_deflate module, it provides the DEFLATE output filter that allows output from your server to be compressed before being sent to the client over the network.

这篇关于Apache服务器的安全性和优化技巧的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！