Many times you might want to fine tune the default permissions of the files created on a linux system. This is very simple and usually if you are using bash all you have to do is to define somewhere in the bash startup files (/etc/profile is a good place for this) a new value for umask like this:
umask 002
(this will allow by default group write permissions on the newly created files)

Normally on modern linux distributions this is by default set to 022 and you can easily find out what it is on your system by running the umask command:
umask

Contrary to what you might think, this is not enough to have this working for all applications and daemons on the system. This works fine for any files created from a shell session, but the files created by other processes, like the web server for example, will still use the default, unless otherwise configured. In order to have apache use a different umask we can define this inside /etc/apache2/envvars (debian, and ubuntu systems) or /etc/sysconfig/httpd (rhel,centos systems) like this:
umask 002
and restart apache to enable it.

Other daemons will have different locations where you can define this to overwrite the default setting for umask (check their documentation if you are unsure).

Apache is one complex piece of software, that contains many features most people are normally not using. You can do so many things with apache outside of the default configurations, and I am not going to discuss today about an external module, but about the plain old mod_log_config.

Normally most people will use for apache logging the combined LogFormat, and will not even think there will be other possible additions to that. This normally looks like:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
and it contains most of the information we would like to see in the logs. Still there are many other information we can include here… just see below for the full list. Read the rest of this entry »

Applies: apache 1.3.x / apache 2.0.x
Required apache module: mod_autoindex
Scope: global server configuration, virtual host, directory, .htaccess
Type: security

Description: How to hide some files from appearing in directory indexes.
Useful: to prevent certain files from appearing in directory indexes, in case this needs to remain enabled. This is particularly useful for non html files (or raw files not parsed by apache and returned as a html to the browser), for example: php include files, libraries (that will not have the extension php), or log files, or any other file that you might want to prevent the users to easily see in the browser. Read the rest of this entry »

Applies: apache 1.3.x / apache 2.0.x
Required apache module: mod-php4/mod-php5
Scope: php.ini
Type: security

Description: How to hide the PHP version to remote requests.
Useful: to not disclose un-needed information. As shown in “Discover the web server software and version of a remote server” anyone can find our valuable information from our apache server banner… This will show you how to suppress the PHP banner X-Powered-By.

Read the rest of this entry »

Applies: apache 1.3.x / apache 2.0.x
Required apache module: – (included in core)
Scope: global server configuration
Type: security

Description: How to hide the apache software version to remote requests.
Useful: to not disclose un-needed information. As shown in “Discover the web server software and version of a remote server” anyone can find our valuable information from our apache server banner... What version are we running? is it vulnerable? what modules, that also might have vulnerabilities, and even what operating system we are running… Too many information… This will not protect in any way from real vulnerabilities if they exist, but it will at least make their life harder. This will also not stop more complex fingerprinting programs to detect some information on the web server, but at least we should not make their life easier .

Read the rest of this entry »

Applies: apache 2.0.x
Required apache module: -
Scope: global server configuration
Type: informational

Description: where the default apache2 configuration files are located on various Linux distributions.
Useful: hmm… you probably know this already, so not really useful… Just as a reference in case you are not familiar with a particular Linux distribution package. Read the rest of this entry »

Applies: – (all web servers might respond with something ‘useful’ here, depends from configurations)
Required apache module: -
Scope: -
Type: informational, remote

Description: anyone can (if interested) find out (if not properly hidden) what software is running on a remote web server.
Useful: for testing. If you will implement my next tip (how to hide this information) then you might want to test this to see it is working properly. Also this is used by various companies like Netcraft to gather the required information for their statistics. Read the rest of this entry »

Here you can find various tips & tricks for configuring and administrating Apache that I found to be useful. Once I will add a new tip, I’ll link it here so you can use this page as a main placeholder for all the tips I will post in the future. Each tip will consist in a very short description, what is it used for, where can you apply it (globally, per directory or per virtual hosts, if it can be activated without administrative privileges in .htaccess) and of course a how to implement it. I will try to keep each tip as short as possible and on a single topic so you can go directly to what you are looking for. Read the rest of this entry »