1 | page 2
The LimitRequest directives are used to place limits on the amount of resources Apache will use in reading requests from clients. By limiting these values, some kinds of denial of service attacks can be mitigated.

The RLimit directives are used to limit the amount of resources which can be used by processes forked off from the Apache children. If you plan to run binaries via PHP system call, specifying this limit prevents potential denial of service if there are problems associated with the binary codes.

7. To prevent identity spoofing and other domain name (dns) related issues which may cause a severe security breach:

  • Use IP addresses in the directive VirtualHost.

  • Use IP addresses in the directive Listen.

  • Ensure all virtual hosts have an explicit ServerName directive.

  • Create a server that has no pages to serve.

  • Since the server environment is dedicated to known users only, you should use system-wide parameters and configurations. In other words, the same set of parameters and rules should be applied to all web sites on the dedicated server. Local configuration files such as .htaccess should not be present on the server.



    This section of the condensed guide explains the following topics in details.

  • How to verify apache installed version and upgrade to the latest stable release.

  • Run apache under the administration (non-root) account.

  • (Named) virtual host setting to support multiple domains per IP.

  • Apache URL rewrite.

  • Disable potential disaster (reboot, shutdown, /etc, /bin, /sbin, system probing ../../ etc).

  • Use soft links to protect downloadable products.

  • Bandwith allowance control.

  • Issue your own SSL certificates for https testing.

  • Customized messages for errors and warnings such as page redirection (404, etc).

  • How to set up and access the new web server using the domain name without using DNS.

  • Set file attributes to read-only (user, no group or public access).

  • Access control and local rewrites with .htaccess and .htpasswd when absolutely necessary.

  • IP ban at web server level.

  • Disable directory browsing.

  • AddType to support download files.

  • Disable php error message output to web pages.

  • Third-party tools to identify geographic locations via IP address.
  • 1 | page 2