File: apache_conf.advice

package info (click to toggle)
yasat 755-1
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 1,020 kB
  • ctags: 9
  • sloc: sh: 5,780; makefile: 47
file content (57 lines) | stat: -rw-r--r-- 4,137 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
EN,APACHE_CONF_TIMEOUT=configure timeout below 20s
  Your timeout is too high, for protection against DoS set it low.
  20s is good enough.
  <div class="conf">Timeout 20</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#timeout">http://httpd.apache.org/docs/2.2/mod/core.html#timeout</a>
ADVICEEND
EN,APACHE_CONF_HOSTNAMELOOKUPS=Set HostNameLookup to off
  It's better for performance and network traffic.
  <div class="conf">HostNameLookup off</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups">http://httpd.apache.org/docs/2.2/mod/core.html#hostnamelookups</a>
ADVICEEND
EN,APACHE_CONF_SERVERSIGNATURE=Hide apache version by setting serversignature off
  Hide your apache version
  <div class="conf">ServerSignature off</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#serversignature">http://httpd.apache.org/docs/2.2/mod/core.html#serversignature</a>
ADVICEEND
EN,APACHE_CONF_SERVERTOKENS=Hide apache version by setting servertokens to prod
  Hide your apache version
  <div class="conf">servertokens prod</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#servertokens">http://httpd.apache.org/docs/2.2/mod/core.html#servertokens</a>
ADVICEEND
EN,APACHE_CONF_SSL_SSLV2=SSLV2 is deprecated, disable it with -SSLv2
  SSLv2 is known to be a weak protection, disable it.
  see <a href="http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol">http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol</a>
ADVICEEND
EN,APACHE_CONF_PROXYREQUESTS=You are acting as an open-proxy, check your configuration for be sure to enable only local users
  See <a href="http://httpd.apache.org/docs/2.2/mod/mod_proxy.html">http://httpd.apache.org/docs/2.2/mod/mod_proxy.html</a>
ADVICEEND
EN,APACHE_CONF_TRACEENABLE=Disable the TRACE debugging function.
  See <a href="http://httpd.apache.org/docs/2.0/mod/core.html#traceenable">http://httpd.apache.org/docs/2.0/mod/core.html#traceenable</a>
  <a href="http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/">http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/</a>
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTBODY=Set the limitrequestbody directive
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody">http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody</a>
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTFIELDS=Set the LimitRequestFields directive
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#LimitRequestFields">http://httpd.apache.org/docs/2.2/mod/core.html#LimitRequestFields</a>
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTFIELDSIZE=Set the LimitRequestFieldsize directive
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize">http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfieldsize</a>
ADVICEEND
EN,APACHE_CONF_LIMITREQUESTLINE=Set the limitrequestline directive
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline">http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline</a>
ADVICEEND
EN,APACHE_ERRORDOC_CUSTOM=Use a custom ErrorDocument
  If possible, make and use a custom ErrorDocument branded according to your website.
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#errordocument">http://httpd.apache.org/docs/2.2/mod/core.html#errordocument</a>
ADVICEEND
EN,APACHE_CONF_KEEPALIVES=Enable keepalive
  <div class="conf">KeepAlive on</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#keepalive">http://httpd.apache.org/docs/2.2/mod/core.html#keepalive</a>
ADVICEEND
EN,APACHE_CONF_KEEPALIVE_TIMEOUT=Decrease the value of keepalivetimeout
  According toe the official documentation <i>Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.</i>
  <div class="conf">KeepAliveTimeout 5</div>
  See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#keepalivetimeout">http://httpd.apache.org/docs/2.2/mod/core.html#keepalivetimeout</a>
ADVICEEND