7.1. Main Settings

Previous page
Table of content
Next page

7.1. Main Settings

The main configuration settings of the Apache Web server are stored in the /etc/conf/httpd.conf file (or in the /etc/httpd.conf file for some distributions). The settings for the Web server, virtual servers, and software modules are stored in this file. For Red Hat Linux, all parameters considered are stored in this file unless another location is stated explicitly.

Like most other services, Apache can be configured using a simple and convenient graphical utility. It is launched by selecting the System Settings/Server Settings/HTTP Server menu sequence in the main menu. Fig. 7.1 shows the main window of the Apache graphical configuration utility.

image from book
Figure 7.1: The main window of the Apache graphical configuration utility

The graphical utility is convenient for configuring initial settings, but afterwards you should review the configuration file. For this, you have to know its parameters.

Note 

The graphical configuration utility should not be used after you edit the configuration file manually because it may interpret the manually-edited values incorrectly and replace them with what it considers to be the right ones. For the changes to take effect, the server has to be restarted. The Apache server reads the configuration file parameters only when it is started.

By editing the configuration file directly, the most secure and most efficient server operation can be achieved. The main parameters of the Apache Web server are the following:

  • ServerType Shows the server type. It can have the inetd or the standalone value. If this parameter is set to inetd , such parameters as port specified in the Apache configuration file are ignored, and the parameters specified in the configuration file of the inetd daemon (see Section 5.4 ) are used instead.

  • ServerRoot Specifies the root directory, in which logs and configuration files are located.

  • Timeout Gives the maximum time to wait when receiving or sending packets.

  • Port Specifies the port, on which the service is to work. The default value for public servers is 80. However, this value can be changed for private servers, for example, to 10387. In this case, the page address is specified as ServerName:10387 for example, www.linux.com:10387/index.htm . This prevents hackers from penetrating the system through the standard Web port unless they scan all ports and find out that port 10387 is used for the Web server. This is a simple but quite effective protection from script kiddies, who possess minimum knowledge about computer security and break into computers only using exploits designed by other hackers.

  • ServerTokens When the system is accessed, it returns a header containing detailed information about the system, which includes the versions of Apache, Linux, and all modules. If hackers learn from this header that the server has an older version of the PHP interpreter (or any other program) installed, they will be able to penetrate the server much faster. Talkative parameters have to be disabled to hide information about the server. The ServerTokens parameter can take one of the following values:

    • Full Directs the header to display full information about the server and the installed modules, including their versions. Using this parameter puts the servers in the gravest danger.

    • Min Directs the header to display minimal information: only the server name and the installed modules. Even a simple list of modules without their versions reveals too much information to hackers.

    • ProductOnly Specifies the server, Apache in this case, and will return the server's name without the version. This is what you need.

    Experienced administrators can even change the server's name, but this requires them to recompile Apache's source codes. The header is stored in the include/ap_releas.h file as the following two lines: 

     #define SERVER_BASEPRODUCT "Apache" #define SERVER_BASEVERSION "2.0"

    Replace the server name and version with other values. Only use a real server name, because a professional hacker will notice the switch.

    In earlier Apache versions, the file was located in a different directory.

  • HostnameLookups If set to "on," the domain names of clients are logged; if set to "off," only the IP addresses are logged.

  • User / Group Gives the name of the user and group that have rights to run the service. The default value is apache. This user and group should possess the minimal rights in the system, sufficient only for operation of the Web server and its modules. Nothing unnecessary should be allowed.

  • ErrorLog and CustomLog Specifies the location of the error and custom log files.

  • LogLevel Specifies the types of messages to log. Possible values are the following: emerg, alert, crit, error, warn, notice, info , and debug.

  • KeepAlive Indicates whether or not persistent connections (processing more than one request per connection) are allowed. The default value of this parameter is off, so a separate connection must be established to receive each file. This wastes resources. Suppose that a user requested a page with 10 images on it. The client's browser will open 11 connections to service this request: One to receive the HTML document and one for each of the document's images. Setting this parameter to on will allow several requests per connection to be processed .

  • MaxKeepAliveRequests Specifies the maximum number of requests that can be serviced per connection.

  • KeepAliveTimeout Specifies the wait in seconds for the next request from the same client. If there are no requests within the time period specified, the connection is broken off.

  • MaxClients Shows the maximum number of clients that can connect simultaneously . Setting the value of this parameter too high may allow hackers to perpetrate a successful DoS attack against the server by opening too many connections for the server to handle. The default value is 150, but this is enough for only a small server. Apache is capable of processing many more requests, even on not-so-powerful computers. You should set this parameter to a value that will allow the server to process the maximum number of requests without hanging.

  • MaxRequestsPerChild Specifies the maximum number of requests a child process can serve. To avoid problems during long operation runs, caused by faulty memory (memory is allocated but not released) or resource usage by Apache or the libraries it uses, a child process is terminated when the maximum number of requests is reached. This is not necessary in most systems, but libraries in some systems (e.g., Solaris) suffer from resource leakage.


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Project Management JumpStart
The .NET Developers Guide to Directory Services Programming
SQL Tips & Techniques (Miscellaneous)
Java How to Program (6th Edition) (How to Program (Deitel))
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy