-
April 1st, 2002, 05:25 PM
#1
Securing Apache Webserver Win32 ?
Yeah I'm setting up a webserver as some of you know. It's Apache 1.3.23 for windows. Need to learn how to secure it from evil people. Just wondering if you guys knew of any tweaks that I could do for the Config file and other stuff that a newbie might need to know. I've got a book called Apache it's an O'Reilly book but it didn't go to far in depth for windows security.
-
April 1st, 2002, 05:52 PM
#2
Senior Member
I use Apache myself, this are the things i made:
what about ssl ? http://www.webreview.com/1999/03_05/..._05_99_8.shtml
what about .htaccess ?
go to c:\apache\bin\
htpasswd -c c:\apache\htdocs\secrets\password.txt your user
make a .htaccess file (notepad):
AuthName Secrets
AuthType Basic
AuthUserFile htdocs\secrets\password.txt
AuthGroupFile dev\null
require user your user
open httpd.conf
search for AllowOverride
replace it through AuthConfig
if you now try to open the "secrets" directory or any file in it a Password form should pop up
this are only some suggestions. sure you can also set up some php or any other password dialog...
------------------------------------------------------------------------------------------------------------------------
"Knowledge is the Real Power"
\"Knowledge is the Real Power\"
-
April 1st, 2002, 07:14 PM
#3
Member
My suggestion for dealing with Apache on Unix and Windows is to disable all the modules that you do not use. For instance, if your site contains no pHp, there is no reason to have the module. The more modules you have, the more chances that there is a security hole.
-
April 2nd, 2002, 07:49 PM
#4
Good idea thanks the only two I guess I really need are php and not sure if there is one for mySQL or not but that's not a bad idea to do
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|