Some Important ways to secure your hosting servers :
1)Configure Apache to right
Most of the problems arise from improper configuration of the apache web server. Please take note on
a) ServerSignature (Off)
b) ServerTokens (Prod)
c) AllowOverride (None, have this configured to all only to the necessary folders)
d) Options (Only FollowSymlinks)
directives.
2) Enable SSL
3) Strict Permission levels.
Let the apache user can have only Read and execute permissions and the hosted folders and allow write permissions only to necessary folders. Let root user hold the ownership of the folders and files and add apache user to group.
4) Separate Virtual Hosts
Provide virtual hosts to each application and their document root is the application folder alone. From this virtual host, no other folders or applications should be accessed.
5) File Downloads
Force Files to be downloaded and viewed instead of displaying it in the browser itself.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.