LINUX APACHE Server Configuration Raiders (3)
Author: Bo OSO Oso
Primary server settings
Apache servers require a variety of settings to define yourself to use various parameters to provide web services. For the case of using the virtual host, in addition to the settings overwritten in the definition item of the virtual host (some settings must be redefined), the settings here are the default settings of the virtual host.
Port 80
Port defines the ports used in the HTTPD daemon in Standalone mode, and the standard port is 80. This option is only valid for a server that starts in an independent manner. Which port is defined in inetd.conf on an inetd.conf.
Using an 80-port under UNIX requires root privileges, some administrators are for security reasons, it is considered that the HTTPD server is not possible without security vulnerabilities, so it is preferred to use ordinary users' permissions to start the server, so you can't use 80 ports and other less than 1024 Port, but must use ports greater than 1024 to start HTTPD, in general, 8000 or 8080 is also a commonly used port. The Apache HTTPD server itself can be run after opening an 80-port with root permissions, which reduces the risk, thus do not need to consider this security issue. However, if the ordinary users also want to install their WWW servers, they have to use ports greater than 1024.
User Nobody
Group nogroup
User and Group configuration are security assurances, and Apache runs it to the user and group permissions of these two options after opening the port, which reduces the danger of the server. This option is also only used for Standalone mode, inetd mode specifies users who run apache in inetd.conf. Since the server must perform a setUID () operation that changes the identity, the initial process should have root privileges. If you use non-root users to start AAPCHE, this configuration will not work.
The default setting is Nobody and NOGROUP, this user and group do not own files in the system, ensuring that the server itself and the CGI process that is started by the CGI process without permission to change the file system. In some cases, for example, in order to run the CGI and UNIX interaction, it is necessary to allow the server to access files on the server. If you still use Nobody and NOGROUP, then files belonging to Nobody, which is unfavorable for system security. Because other programs will also perform certain operations with Nobody and Nogroup permissions, it is possible to access these Nobody owned files, causing security issues. Under normal circumstances, a specific user and group should be set for web services, and the user and group settings are changed here.
ServerAdmin you@your.address
Perhaps in the configuration file should only have ServerAdmin, which is used to configure the Email address of the administrator of the WWW server, which will return to the browser under the HTTP service error, so that the web user and administrator contacts, Report error. It is accustomed to using WebMaster on the server as the administrator of the WWW server, and the email sent to WebMaster will be sent to the real web administrator.
#Servername new.host.name
By default, you don't need to specify this servername parameter, the server will automatically understand
Analysis process to get its own name, but if the server's name parses problems (usually reverse resolution
Correctly), or there is no official DNS name, you can also specify an IP address here. When ServerName is set
When you are incorrect, the server cannot start normally. Usually a web server can have multiple names, and the client browser can use all of these names or IP addresses to access this server, but in the case where the virtual host is not defined, the server always responds to the browser with its own formal name. ServerName defines the formal name you recognized by the web server, such as a server name (defined in DNS) is exmaple.org.cn, and for convenient memory, an alias is also defined for www.exmaple .org.cn, then Apache automatically parses the name of Example.org.cn, so that the server always tells the client to Example.org.cn regardless of the customer browser uses which name sends a request. Although this general does not cause any problems, considering that the server may migrate to other computers, but only want to complete the migration task by changing the WWW alias configuration in the DNS, so I don't want customers to use Linux records in their bookmarks. If the address of this server, you must use ServerName to re-specify the official name of the server.
DocumentRoot "/ www /"
DocumentRoot defines the path to which the server is stored, and the UR L requested by the client program is mapped to the web file in this directory. Subdaters in this directory, and use
The files and directories indicated by the symbol connection can be accessed by the browser, just to use the same relative directory name on the URL.
Note that although the symbol connection is logically located under the root documentation directory, it can actually be in the computer.
In any of the directory, you can enable the client to access the directory outside of those root documents.
Increased flexibility but reduces security. Apache provides a FollowSymlinks option in the directory access control to open or close the feature of support symbolic connections.
>> Previous article: Linux Under Apache Server Configuration Raiders (2) >> Next article: Linux Apache Server Configuration Raiders (4)