Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
apache [2005/07/02 10:09] 193.77.104.168 created |
apache [2012/07/31 12:45] greebo old revision restored |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | < | + | ====== Apache ====== |
- | # Insert filter | + | ==== utils ==== |
- | SetOutputFilter DEFLATE | + | * vlogger: http:// |
+ | * webalizer: http:// | ||
- | # | ||
- | # | ||
- | # Netscape 4.x has some problems... | ||
- | | ||
- | # Netscape 4.06-4.08 have some more problems | ||
- | | ||
- | # MSIE masquerades as Netscape, but it is fine | + | ===== optimization ===== |
- | # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html | + | * **disable DNS Look Up** |
+ | * **MaxClients** ( 512 ) | ||
+ | * **KeepAlive** | ||
+ | * Disable KeepAlive connections (by setting KeepAlive to Off) | ||
+ | * Shorten the KeepAliveTimeout value to something like 3 seconds for instances), reducing the maximum simultaneous opened connections to 768 | ||
+ | * **Compress HTTP Content** | ||
+ | * **Turn off unwanted services** - There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file. Those services/ | ||
+ | * Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”. | ||
+ | * Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”. | ||
+ | * CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”. | ||
+ | * Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”. | ||
+ | * None. You can turn off all options (in the same way you set the above) using “None” with the Option directive. | ||
+ | * **Disable unused modules** | ||
+ | * **Restrict access** | ||
+ | < | ||
+ | Order Deny, Allow | ||
+ | Deny from all | ||
+ | Allow from 192.168.1.0/ | ||
+ | </ | ||
+ | * **Limit request size** - Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a directive, LimitRequestBody, | ||
+ | * **Hide Apache’s version number** | ||
+ | < | ||
+ | ServerSignature Off | ||
+ | ServerTokens Prod | ||
+ | TraceEnable Off | ||
+ | </code> | ||
- | # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 | + | in ssl.conf |
- | # the above regex won't work. You can use the following | + | |
- | # workaround to get the desired effect: | + | |
- | | + | |
- | # Don't compress images | + | |
- | | + | SSLCipherSuite ALL:!aNULL: |
- | SetEnvIfNoCase Request_URI \.(?:exe|t? | + | |
- | | + | |
- | # Make sure proxies don't deliver the wrong content | + | in vhost |
- | | + | |
- | </ | + | |
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | * **Disable unnecessary PHP variable** | ||
+ | < | ||
+ | allow_call_time_pass_reference = Off | ||
+ | magic_quotes_gpc = Off | ||
+ | register_long_arrays = Off | ||
+ | register_argc_argv = Off | ||
+ | allow_url_fopen = Off | ||
+ | expose_php = Off | ||
+ | disable_functions = symlink, | ||
+ | </ | ||
+ | |||
+ | ===== mod_deflate (Apache2) ===== | ||
+ | |||
+ | also see: [[http:// | ||
+ | < | ||
+ | # Insert filter | ||
+ | | ||
+ | | ||
+ | # | ||
+ | # | ||
+ | # Netscape 4.x has some problems... | ||
+ | | ||
+ | | ||
+ | # Netscape 4.06-4.08 have some more problems | ||
+ | | ||
+ | | ||
+ | # MSIE masquerades as Netscape, but it is fine | ||
+ | # BrowserMatch \bMSIE !no-gzip !gzip-only-text/ | ||
+ | | ||
+ | # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 | ||
+ | # the above regex won't work. You can use the following | ||
+ | # workaround to get the desired effect: | ||
+ | | ||
+ | | ||
+ | # Don't compress images | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | # Make sure proxies don't deliver the wrong content | ||
+ | Header append Vary User-Agent env=!dont-vary | ||
+ | </ | ||
+ | |||
+ | This configuration will compress everything except for images. Of course, you can’t test this with curl, but you can test it with Firefox and [[https:// | ||
deflate.load | deflate.load | ||
header.load | header.load | ||
+ | |||
+ | |||
+ | = SSL = | ||
+ | http:// | ||
+ | |||
+ | ssl.conf\\ | ||
+ | # | ||
+ | SSLSessionCache | ||
+ | SSLSessionCacheTimeout | ||
+ | |||
+ | |||