[PLUG] Configuring Apache modules for better security
Paul Heinlein
heinlein at madboa.com
Fri Jan 21 19:33:14 UTC 2011
On Fri, 21 Jan 2011, Keith Lofstrom wrote:
> I'm cleaning up the config, removing stuff I don't really need. Ivan
> Ristic's book "Apache Security" has been helpful, and he makes many
> good suggestions, such as minimizing the modules loaded. Sounds
> good, my apache config loads way too many modules. But it is
> unclear which modules are actually being used by my web apps. Is
> there an easy way to find out? Or do I just try all the features of
> all the apps, while pulling out modules and looking for breakage?
I believe the apachectl (or, on Debian-esque systems, apache2ctl) can
run a syntax check that will warn you when an unknown runtime
directive is encountered. (If a module isn't loaded, Apache won't know
about its runtime directives.) So,
1. Make a working copy of your apache config
2. Comment out a module or two (or ten)
3. apachectl -f $WorkingCopy -t
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG
mailing list