This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
apache [2006/06/08 23:45]
a restructured (mod_deflate)
apache [2012/07/31 12:45] (current)
greebo old revision restored
Line 1: Line 1:
 ====== Apache ====== ====== Apache ======
 +==== utils ====
 +   * vlogger: http://n0rp.chemlab.org/vlogger
 +   * webalizer: http://www.mrunix.net/webalizer
 +===== optimization =====
 +  * **disable DNS Look Up**
 +  * **MaxClients** ( 512 )
 +  * **KeepAlive**
 +     * Disable KeepAlive connections (by setting KeepAlive to Off)
 +     * Shorten the KeepAliveTimeout value to something like 3 seconds for instances), reducing the maximum simultaneous opened connections to 768
 +  * **Compress HTTP Content**
 +  * **Turn off unwanted services** - There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file. Those services/features that could cause the most issues include:
 +       * Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”.
 +       * Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”.
 +       * CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”.
 +       * Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”.
 +       * None. You can turn off all options (in the same way you set the above) using “None” with the Option directive.
 +   * **Disable unused modules**
 +   * **Restrict access**
 +Order Deny, Allow
 +Deny from all
 +Allow from
 +   * **Limit request size** - Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a directive, LimitRequestBody, that is placed within a Directory tag. The size of your limit will depend upon your Web site’s needs. By default, LimitRequestBody is set to unlimited.
 +   * **Hide Apache’s version number**
 +ServerSignature Off
 +ServerTokens Prod
 +TraceEnable Off
 +in ssl.conf
 +   SSLProtocol -ALL +SSLv3 +TLSv1
 +in vhost
 +   Include conf/ssl.conf
 +   RewriteEngine on
 +   RewriteRule .* - [F]
 +   * **Disable unnecessary PHP variable**
 +allow_call_time_pass_reference = Off
 +magic_quotes_gpc = Off
 +register_long_arrays = Off
 +register_argc_argv = Off
 +allow_url_fopen = Off
 +expose_php = Off
 +disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo
 ===== mod_deflate (Apache2) ===== ===== mod_deflate (Apache2) =====
-also see: [[http://www.howtoforge.com/apache2_mod_deflate|HowtoForce - ModDeflate]]+also see: [[http://www.howtoforge.com/apache2_mod_deflate|HowtoForce - ModDeflate]], [[http://pflanze.mine.nu/~chris/mod_deflate/mod_deflate_readme_EN.html|mod_deflate]]
   <Location />   <Location />
    # Insert filter    # Insert filter
Line 33: Line 89:
   </Location>   </Location>
 +This configuration will compress everything except for images. Of course, you can’t test this with curl, but you can test it with Firefox and [[https://addons.mozilla.org/en-US/firefox/addon/3829|LiveHTTPHeaders]]. If you don’t have Firefox handy, you can try a very handy **[[http://www.gidnetwork.com/tools/gzip-test.php|web application]]** that will give you the statistics about the compression of your site’s data.
 deflate.load deflate.load
 header.load header.load
 += SSL =
 +#SSLSessionCache         shmcb:/var/run/apache2/ssl_scache(512000)\\
 +SSLSessionCache         dbm:/var/run/apache2/ssl_scache\\
 +SSLSessionCacheTimeout  300\\
apache.1149803137.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready