[SATLUG] LAMP Server Question #3

Alex Bartonek bartonekdragracing at yahoo.com
Wed Oct 8 08:07:43 CDT 2014

There isnt a simple answer to your question.  You can secure Apache with various rules in httpd.conf and/or .htaccess but then your other question asks about PHP and MySQL (or whatever DB).   Well, what about secure coding standards?  What if you write PHP and it has embedded SQL commands that parse input and bring back results?  Nefarious individuals can fart around entering various crap to see how far they can get..sql injection comes to mind.

You can hide the Apache & OS version from popping up on a 404, get rid  of directory listings, disable modules in httpd.conf that you arent using...there's alot.  I hate to say it, but if you google "securing apache", there are a ton of hits.   

So your answer is two part..first secure apache, then PHP, but also dont forget that MySQL has default settings/tables/users that need to be changed/deleted once you install it.

On Tue, 10/7/14, Alan Lesmerises <alesmerises at satx.rr.com> wrote:

 -->  QUESTION #3:
 This server will be for the use of one particular
 organization and needs 
 to be secured against outside parties from 'snooping' or
 worse.  What 
 resources (web sites, etc.) would you recommend for
 setting-up and 
 securing an Apache server in this situation?  Also,
 with all the 
 different packages or "projects" sponsored by Apache, which
 ones should 
 I make sure are included (and any configuration advice) when
 I install 
 Al Lesmerises
 SATLUG mailing list
 SATLUG at satlug.org
 http://alamo.satlug.org/mailman/listinfo/satlug to
 Powered by Rackspace (www.rackspace.com)

More information about the SATLUG mailing list