Securing Apache Win32 tips?
Results 1 to 9 of 9

Thread: Securing Apache Win32 tips?

  1. #1

    Securing Apache Win32 tips?

    Yeah I'm setting up a webserver as some of you know. It's Apache 1.3.23 for windows. Need to learn how to secure it from evil people. Just wondering if you guys knew of any tweaks that I could do for the Config file and other stuff that a newbie might need to know. I've got a book called Apache it's an O'Reilly book but it didn't go to far in depth for windows security

    Sorry if this gets double posted

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Best idea....Install it on *nix instead of windows.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Souleman you know I can't use Linux or Unix on my computer... common now

  4. #4
    Apache itself won't need to be secured (aside from normal updates) but you'll have to secure the windows box... set it up behind a firewall and allow only apache's port

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    I use Apache myself, this are the things i made:

    what about ssl ? http://www.webreview.com/1999/03_05...3_05_99_8.shtml
    what about .htaccess ?
    go to c:\apache\bin\
    htpasswd -c c:\apache\htdocs\secrets\password.txt your user
    make a .htaccess file (notepad):
    AuthName Secrets
    AuthType Basic
    AuthUserFile htdocs\secrets\password.txt
    AuthGroupFile dev\null
    require user your user
    open httpd.conf
    search for AllowOverride
    replace it through AuthConfig

    if you now try to open the "secrets" directory or any file in it a Password form should pop up

    this are only some suggestions. sure you can also set up some php or any other password dialog...

    ------------------------------------------------------------------------------------------------------------------------
    "Knowledge is the Real Power"
    \"Knowledge is the Real Power\"

  6. #6
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Hmmm, freeOn.. Am I the 'evil' one?
    PM me in IRC or in AO and ill give you a few tips

  7. #7
    hey Meister that link didn't work. Your not evil ac1dsp3ctrum I'm talking about the script kiddies who will erase all my files clear my database and other stuff.

    Well I changed most of the defaults so there file names are different and changed the directory so nothing is where it should be. I thought that might help. Anyways more tips are welcome. Meister get back to me I'm curious to where that link goes. Ac1dsp3ctrum I'm goin to IRC right now.

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Ahhh, not IRC. Watch out for that place. It is inheraently evil.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    As a matter of fact, Acid, yes, you are - but for entirly other reasons Please post those tips here, I'm interested too.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •