Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
apache [2009/07/23 16:17] 193.164.137.40 |
apache [2012/07/30 20:18] 188.143.232.12 dijjfZhmxGR |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Apache ====== | + | I had the same problem. after fowolling |
- | ==== utils ==== | + | |
- | * vlogger: http:// | + | |
- | * webalizer: http:// | + | |
- | + | ||
- | + | ||
- | + | ||
- | ===== optimization ===== | + | |
- | * **disable DNS Look Up** | + | |
- | * **MaxClients** ( 512 ) | + | |
- | * **KeepAlive** | + | |
- | * Disable KeepAlive connections (by setting KeepAlive to Off) | + | |
- | * Shorten | + | |
- | * **Compress HTTP Content** | + | |
- | * **Turn off unwanted services** - There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file. Those services/ | + | |
- | * Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”. | + | |
- | * Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”. | + | |
- | * CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”. | + | |
- | * Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”. | + | |
- | * None. You can turn off all options (in the same way you set the above) using “None” with the Option directive. | + | |
- | * **Disable unused modules** | + | |
- | * **Restrict access** | + | |
- | < | + | |
- | Order Deny, Allow | + | |
- | Deny from all | + | |
- | Allow from 192.168.1.0/ | + | |
- | </ | + | |
- | * **Limit request size** - Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a directive, LimitRequestBody, | + | |
- | * **Hide Apache’s version number** | + | |
- | < | + | |
- | ServerSignature Off | + | |
- | ServerTokens Prod | + | |
- | TraceEnable Off | + | |
- | </ | + | |
- | + | ||
- | in ssl.conf | + | |
- | + | ||
- | | + | |
- | | + | |
- | + | ||
- | in vhost | + | |
- | + | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | ||
- | * **Disable unnecessary PHP variable** | + | |
- | < | + | |
- | allow_call_time_pass_reference = Off | + | |
- | magic_quotes_gpc = Off | + | |
- | register_long_arrays = Off | + | |
- | register_argc_argv = Off | + | |
- | allow_url_fopen = Off | + | |
- | expose_php = Off | + | |
- | disable_functions = symlink, | + | |
- | </ | + | |
- | + | ||
- | ===== mod_deflate (Apache2) ===== | + | |
- | + | ||
- | also see: [[http:// | + | |
- | < | + | |
- | # Insert filter | + | |
- | | + | |
- | + | ||
- | # | + | |
- | # | + | |
- | # Netscape 4.x has some problems... | + | |
- | | + | |
- | + | ||
- | # Netscape 4.06-4.08 have some more problems | + | |
- | | + | |
- | + | ||
- | # MSIE masquerades as Netscape, but it is fine | + | |
- | # BrowserMatch \bMSIE !no-gzip !gzip-only-text/ | + | |
- | + | ||
- | # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 | + | |
- | # the above regex won't work. You can use the following | + | |
- | # workaround to get the desired effect: | + | |
- | | + | |
- | + | ||
- | # Don't compress images | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | ||
- | # Make sure proxies don't deliver the wrong content | + | |
- | Header append Vary User-Agent env=!dont-vary | + | |
- | </Location> | + | |
- | + | ||
- | This configuration will compress everything except for images. Of course, you can’t test this with curl, but you can test it with Firefox and [[https://addons.mozilla.org/ | + | |
- | + | ||
- | + | ||
- | deflate.load | + | |
- | header.load | + | |
- | + | ||
- | + | ||
- | = SSL = | + | |
- | http:// | + | |
- | + | ||
- | ssl.conf\\ | + | |
- | # | + | |
- | SSLSessionCache | + | |
- | SSLSessionCacheTimeout | + | |
- | + | ||
- | + |