Linux setup steps/Customize Apache configuration

From Nick Jenkins

Jump to: navigation, search

Customizing Apache: 

nano /etc/apache2/apache2.conf

Make these two changes: 

- ServerTokens Full
+ ServerTokens Prod

- ServerSignature On
+ ServerSignature Off

Comment this out: 

#    Alias /icons/ "/usr/share/apache2/icons/"
#
#    <Directory "/usr/share/apache2/icons">
#        Options Indexes MultiViews
#        AllowOverride None
#        Order allow,deny
#        Allow from all
#    </Directory>

Save, and test config: 

apache2ctl -t

Restart the web server: 

/etc/init.d/apache2 force-reload

Removing some more unwanted things: 

nano /etc/apache2/sites-available/default

Then change this line: 

  <Directory /var/www/>
- Options Indexes FollowSymLinks MultiViews
+ Options -Indexes FollowSymLinks MultiViews

... and delete this section (special directory we don't use): 

-        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-        <Directory "/usr/lib/cgi-bin">
-                AllowOverride None
-                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
-                Order allow,deny
-                Allow from all
-        </Directory>

... and delete this section (another special directory we don't use): 

-    Alias /doc/ "/usr/share/doc/"
-    <Directory "/usr/share/doc/">
-        Options Indexes MultiViews FollowSymLinks
-        AllowOverride None
-        Order deny,allow
-        Deny from all
-        Allow from 127.0.0.0/255.0.0.0 ::1/128
-    </Directory>

Turn server signature off on forbidden pages: 

-        ServerSignature On
+        ServerSignature Off

Also: remove the bit about "apache2-default", and the 3 line comment above it.

Test config: 

apache2ctl -t

Then reload apache so that it gets these changes: 

/etc/init.d/apache2 reload

Note: if HTTPS has already been setup, then need to repeat the above steps for the SSL site configuration files too.

Then remove mod_autoindex, not needed: 

a2dismod autoindex

Then reload apache so that it gets this change: 

/etc/init.d/apache2 force-reload

To see a list of which Apache2 modules are enabled, do: 

ls /etc/apache2/mods-enabled/

Can then remove unwanted modules like so: 

a2dismod perl
a2dismod mod_python

Reload apache: 

/etc/init.d/apache2 force-reload

Enable the expires module: 

a2enmod expires

Reload apache: 

/etc/init.d/apache2 force-reload

Few more apache tweaks - allow index.php3 as index file - "nano /etc/apache2/mods-enabled/dir.conf", and change: 

- DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.php3

OPTIONAL, MOST PEOPLE SHOULD SKIP THIS ITEM - Then "nano /etc/apache2/apache2.conf" , and below the ErrorDocument information, add this for handling 404 requests (e.g. http://bling/broken.php3444 ) 

ErrorDocument 404 /broken.php3

Then "nano /etc/apache2/mods-enabled/php5.conf", and change to prevent PHP .inc file source code from being visible (e.g.: http://IP-address/lib-functions.inc ) 

- AddType application/x-httpd-php .php .phtml .php3
+ AddType application/x-httpd-php .php .phtml .php3 .inc

Then check above syntax is OK: 

apache2ctl -t

Then restart apache: 

/etc/init.d/apache2 force-reload

Set up the HTTP / Apache auth / passwords. Needed to be prompted for a password when accessing directories with .htaccess and .htpasswd files. 

nano /etc/apache2/sites-available/default

... and replace all occurrences like this, with the line below: 

- AllowOverride None
+ AllowOverride AuthConfig

Test config: 

apache2ctl -t

Then reload apache so that it gets these changes: 

/etc/init.d/apache2 reload

Note: if HTTPS has already been setup, then need to repeat the above steps for the SSL site configuration files too. ( nano /etc/apache2/sites-available/ssl )

Retrieved from "http://nickj.org/Linux_setup_steps/Customize_Apache_configuration"
Personal tools