Apache HTTP Server

The article "Ensuring a website safety" is provided by Sophos Plc and SophosLabs.

December 2007.

Apache is an open source server software featuring powerful configuration tools and a due level of support. For successful deployment it requires more detailed setup, but at the same time, it provides greater control over the server. Usually Apache servers are running under Linux or BSD, but they can also work under Windows.

Due to its complexity, full Apache configuration procedure isn't considered in this document. Nevertheless, it makes sense to follow these guidelines [3-6]:

  • Disable default access to resources and turn on only necessary resource features.

  • Keep log of all requests. This will help you identify suspicious activity.

  • Subscribe to Apache Server Announcement mailing list. It allows you to receive updates and security system fixes in time.

If the sites need advanced features, HTTP server is often complemented with a PHP or ASP server interpreter or a CGI interface.

Next