Apache post-build steps

If you followed my post on Apache from source, then you’ll also want to review these additional steps. Unless otherwise specified these steps are for modification of the httpd.conf file found in “/usr/local/apache/conf”.

1. Comment out the modules:

dav_module
dav_fs_module
proxy_ftp_module
proxy_scgi_module

2. Add the following excerpt to disable access to .svn/.git folder contents (put below similar rule for .ht* files):

#
# The following lines prevent .svn folders from being
# viewed by Web clients.
#
<DirectoryMatch "\.svn">
Order allow,deny
Deny from all
Satisfy All
</DirectoryMatch>

#
# The following lines prevent .git folders from being
# viewed by Web clients.
#
<DirectoryMatch "\.git">
Order allow,deny
Deny from all
Satisfy All
</DirectoryMatch>

5. Insert the following at the bottom of the file:

AddDefaultCharset Off

# Limit details, less details in response headers
ServerTokens prod

# Disable ETag exposure, this affects browser caching
Header unset ETag
FileETag None

# Disable these methods, this should be added to any vhosts defined
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s