httpd.conf tricks

AllowOverride All is really helpful when you are the admin of the server and want full control over your site:

Code:

<Directory /www/modphp>
Options FollowSymLinks MultiViews
AllowOverride All
</Directory>

—————-

Use VirtualHost right off the bat, it’s easier to manage if you’re going to run multiple sites on one Apache server (which is almost always):

Example:
Code:

NameVirtualHost 68.178.150.145:80
<VirtualHost 68.178.150.145:80>
ServerName www.modphp.org
ServerAlias modphp.org
DocumentRoot /www/modphp
</VirtualHost>

——————-

Use modrewrite to always redirect to your site, must be the first VirtualHost on the IP (you can try it on this site, try pointing to www.modphp.com and see what happens:

Code:

<VirtualHost 68.178.150.145:80>
DocumentRoot /www/rewrite
ServerName rewrite.modphp.org
RewriteEngine On
RewriteRule /.* http://www.modphp.org/?orighost=%{HTTP_HOST} [R]
</VirtualHost>

——————-

Disable the Trace Method, which is a security issue:

Code:

<VirtualHost 68.178.150.145:80>
ServerName www.modphp.org
ServerAlias modphp.org
DocumentRoot /www/modphp
# DISABLE THE TRACE METHOD:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* – [F]
</VirtualHost>

———————-

If you use CVS to maintain your webcode, you want to disable it from being viewed, else people can look at your http://www.modphp.org/CVS/Entries file and see alll of your files and their versions.

Code:

<Files ~ “^\.#”>
Order deny,allow
Deny from all
</Files>
<Directory ~ “.*\/CVS\/.*”>
Order deny,allow
Deny from all
</Directory>

————————————-

Disable the UserDir, if you don’t use it. Else, a hacker can use it to verify usernames on your system:

Code:

<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

——————-

Let the SSL passphrase get passed in automatically, so you don’t have to type it in every time. I used a PHP script, but it could just as well be a bash shell script or a perl script. All it does is echo the SSL passphrase. You’ll want this file to be root owned, and chmod’d to 700. This line goes in the SSL VirtualHost section, there is already a line for SSLPassPhraseDialog, just change the value:

Code:

SSLPassPhraseDialog exec:/path/to/ssl_pass.php

Comments are closed.