Study Notes - Apache Reinforcement 1
foreword
The pache hardening method is usually hardened from the following seven angles: hiding version information, prohibiting access to external files, redirecting error pages, closing TRACE, disabling CGI, deleting useless files, and repairing Apache file parsing.
1. Hide version information
一般情况下,软件的漏洞信息和特定版本是相关的,所以,软件的版本号对于攻击者来说是很有价值的。攻击者利用某些方法得到目标主机所提供服务的版本信息,通过这些返回的信息,攻击者就能判断服务的漏洞信息,这就存在安全隐患。
The hidden method takes xampp as an example
First of all, use BP to capture packets before modification, it will be easy to find out the version exposure
and then we will enter the relevant configuration files
C:\xampp\apache\conf下的httpd.conf配置文件
Add ServerSignature Off and ServerTokens ProductOnly to the configuration file
Now after restarting apache, capture the package again, you will find that the version number has been hidden
2. Prohibit access to files
攻击者访问后台管理页面,就能进行一些操作达到进入后台的目的,这就存在安全隐患。禁止访问外部文件,这种方法通常用来禁止访问者访问后台管理目录或者程序目录,来增加安全性。
We go into the relevant configuration file
C:\xampp\apache\conf下的httpd.conf配置文件,找到
<Directory />
AllowOverride none
Require all denied
</Directory>
Cut it and put it at the end of the file, and modify it to
<Directory"C:/xampp/htdocs/dashboard">
Orderallow,deny
Denyfromall
</Directory>
It should be noted that what is added in "" is the file directory that you need to prohibit access to
Summarize
This is one of Apache's reinforcement methods, and it will continue to be updated in the future