Securing an Apache Server
One area that all people who interact with your CMS website will touch is your web server software. The Apache httpd web server is the most popular of the web servers on the market, with more than 50 percent of the market share.
Apache is a very well-maintained and developed system; generally it's secure out of the box. However, this robust system offers many different configuration options and, hence, many opportunities to leave something amiss.
Obviously, one of the first steps to securing an Apache server is to ensure that you use the latest version of Apache.
Log in to your server via SSH using Putty and issue the command httpd -v. A screen similar to that shown in Figure 5-7 should appear. Consult the Apache.org website to determine whether you need to update your version of Apache.
Figure 5-7: Apache version information
The rest of this section examines how to configure Apache for secure use and operation.
Configuring Apache for Secure Operation
An attacker who is more than a kiddie-scripter wants to gather as much information as possible. Given the likelihood you're running Apache, that part of the hacker's information gathering is out of the way. In that case, the next item the attacker wants to get is the version information about Apache, which means that you must restrict the information Apache gives out. Knowing your Apache version is a key source ...
Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
