Differences

This shows you the differences between two versions of the page.

--- apache [2005/07/02 10:09]
193.77.104.168 created
+++ apache [2012/07/31 12:45] (current)
greebo old revision restored
@@ Line 1: / Line 1: @@
-<Location />
+====== Apache ======
- # Insert filter
+==== utils ====
- SetOutputFilter DEFLATE
+   * vlogger: http://n0rp.chemlab.org/vlogger
+   * webalizer: http://www.mrunix.net/webalizer
- #DeflateFilterNote ratio
- #DeflateCompressionLevel 9
- # Netscape 4.x has some problems...
- BrowserMatch ^Mozilla/4 gzip-only-text/html
- # Netscape 4.06-4.08 have some more problems
- BrowserMatch ^Mozilla/4\.0[678] no-gzip
- # MSIE masquerades as Netscape, but it is fine
+===== optimization =====
- # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+  * **disable DNS Look Up**
+  * **MaxClients** ( 512 )
+  * **KeepAlive**
+     * Disable KeepAlive connections (by setting KeepAlive to Off)
+     * Shorten the KeepAliveTimeout value to something like 3 seconds for instances), reducing the maximum simultaneous opened connections to 768
+  * **Compress HTTP Content**
+  * **Turn off unwanted services** - There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file. Those services/features that could cause the most issues include:
+       * Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”.
+       * Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”.
+       * CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”.
+       * Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”.
+       * None. You can turn off all options (in the same way you set the above) using “None” with the Option directive.
+   * **Disable unused modules**
+   * **Restrict access**
+<code>
+Order Deny, Allow
+Deny from all
+Allow from 192.168.1.0/16
+</code>
+   * **Limit request size** - Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a directive, LimitRequestBody, that is placed within a Directory tag. The size of your limit will depend upon your Web site’s needs. By default, LimitRequestBody is set to unlimited.
+   * **Hide Apache’s version number**
+<code>
+ServerSignature Off
+ServerTokens Prod
+TraceEnable Off
+</code>
- # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+in ssl.conf
- # the above regex won't work. You can use the following
- # workaround to get the desired effect:
- BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
- # Don't compress images
+   SSLProtocol -ALL +SSLv3 +TLSv1
- SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+   SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
- SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
- SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
- # Make sure proxies don't deliver the wrong content
+in vhost
- Header append Vary User-Agent env=!dont-vary
-</Location>
+   Include conf/ssl.conf
+   RewriteEngine on
+   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
+   RewriteRule .* - [F]
+   * **Disable unnecessary PHP variable**
+<code>
+allow_call_time_pass_reference = Off
+magic_quotes_gpc = Off
+register_long_arrays = Off
+register_argc_argv = Off
+allow_url_fopen = Off
+expose_php = Off
+disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
+</code>
+===== mod_deflate (Apache2) =====
+also see: [[http://www.howtoforge.com/apache2_mod_deflate|HowtoForce - ModDeflate]], [[http://pflanze.mine.nu/~chris/mod_deflate/mod_deflate_readme_EN.html|mod_deflate]]
+  <Location />
+   # Insert filter
+   SetOutputFilter DEFLATE
+   #DeflateFilterNote ratio
+   #DeflateCompressionLevel 9
+   # Netscape 4.x has some problems...
+   BrowserMatch ^Mozilla/4 gzip-only-text/html
+   # Netscape 4.06-4.08 have some more problems
+   BrowserMatch ^Mozilla/4\.0[678] no-gzip
+   # MSIE masquerades as Netscape, but it is fine
+   # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+   # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+   # the above regex won't work. You can use the following
+   # workaround to get the desired effect:
+   BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+   # Don't compress images
+   SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+   SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
+   SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
+   # Make sure proxies don't deliver the wrong content
+    Header append Vary User-Agent env=!dont-vary
+  </Location>
+This configuration will compress everything except for images. Of course, you can’t test this with curl, but you can test it with Firefox and [[https://addons.mozilla.org/en-US/firefox/addon/3829|LiveHTTPHeaders]]. If you don’t have Firefox handy, you can try a very handy **[[http://www.gidnetwork.com/tools/gzip-test.php|web application]]** that will give you the statistics about the compression of your site’s data.
 deflate.load
 header.load
+= SSL =
+http://www.mail-archive.com/modssl-users@modssl.org/msg10790.html\\
+ssl.conf\\
+#SSLSessionCache         shmcb:/var/run/apache2/ssl_scache(512000)\\
+SSLSessionCache         dbm:/var/run/apache2/ssl_scache\\
+SSLSessionCacheTimeout  300\\