Apache网页安全优化

参考手工编译安装Apache 安装这些包 yum install gcc gcc-c++ make pcre pcre-devel zlib-devel -y

./configure \
--prefix=/usr/local/httpd \
--enable-deflate \ //支持可压缩
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi

接下来 make &&make install
**修改它的配置文件 vi /etc/init.d/httpd 在文件最前面插入下面的行

#!/bin/sh

chkconfig:2345 85 15

# description:Apache is a World Wide Web server.

给它执行权限 chmod +x /etc/init.d/httpd

chkconfig --add httpd
chkconfig --list httpd
chkconfig --level 35 httpd on
建立软链接 ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf
vi /usr/local/apache/conf/httpd.conf 修改以下两行
Listen:IPV4
ServerName:主机名.域名
开启网站服务 service httpd start
vim /etc/httpd.conf
LoadModule headers_module modules/mod_headers.so
LoadModule deflate_module modules/mod_deflate.so //开启 去掉前面#
LoadModule filter_module modules/mod_filter.so
末尾添加:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml text/javascript
DeflateCompressionLevel 9
SetOutputFilter DEFLATE
</IfModule>
cd /usr/local/httpd/bin
./apachectl -t
Syntax OK //验证配置文件成功

验证模块
./apachectl -t -D DUMP_MODULES | grep "deflate"
deflate_module (shared)
网页缓存 ./configure \
--prefix=/usr/local/httpd \
--enable-deflate \
--enable-expires \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi

vim /etc/httpd.conf
LoadModule expires_module modules/mod_expires.so
末尾添加:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 50 seconds" //50s之后过期
</IfModule>
cd /usr/local/httpd/bin
./apachectl -t
Syntax OK
查看模块 ./apachectl -t -D DUMP_MODULES | grep "expires"
expires_module (shared)
**安全优化 yum install zlib-devel -y

./configure \
--prefix=/usr/local/httpd \
--enable-deflate \
--enable-so \
--enable-rewrite \
--enable-charset-lite \
--enable-cgi
主配置文件修改

<Directory "/usr/local/httpd/htdocs">
Options Indexes FollowSymLinks

AllowOverride None

Require all granted下插入：

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://benet.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.benet.com/$ [NC]
RewriteRule .*\.(gif|jpg|swf)$ http://www.benet.com/error.png

</Directory>

LoadModule rewrite_module modules/mod_rewrite.so //开启

./apachectl -t -D DUMP_MODULES | grep "rewrite"
rewrite_module (shared)**

**隐藏版本信息 Include conf/extra/httpd-default.conf 去#，开启

vim httpd-default.conf

ServerTokens Prod //只显示名称，没有版本
ServerSignature Off

**