Ferramentas de Usuário

Ferramentas de Site


pt:buster:internet:http:apache

4.1.1 Apache2

Instalação

<sxh bash; highlight: [1]> root@server:~# apt install apache2 apache2-doc </sxh>

Configuração

Durante a instalação do apache2 é criado um ficheiro de configuração bastante restrito. No entanto essa configuração pode ser alterada editando o ficheiro /etc/apache2/sites-available/000-default.conf:

<sxh; highlight: []; title: /etc/apache2/sites-available/000-default.conf> <VirtualHost *:80>

      # The ServerName directive sets the request scheme, hostname and port that
      # the server uses to identify itself. This is used when creating
      # redirection URLs. In the context of virtual hosts, the ServerName
      # specifies what hostname must appear in the request's Host: header to
      # match this virtual host. For the default virtual host (this file) this
      # value is not decisive as it is used as a last resort host regardless.
      # However, you must set it for any further virtual host explicitly.
      #ServerName www.example.com
      ServerAdmin webmaster@localhost
      DocumentRoot /var/www/html
      # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
      # error, crit, alert, emerg.
      # It is also possible to configure the loglevel for particular
      # modules, e.g.
      #LogLevel info ssl:warn
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined
      # For most configuration files from conf-available/, which are
      # enabled or disabled at a global level, it is possible to
      # include a line for only one particular virtual host. For example the
      # following line enables the CGI configuration for this host only
      # after it has been globally disabled with "a2disconf".
      #Include conf-available/serve-cgi-bin.conf

</VirtualHost> </sxh>

Segurança

Sempre que é solicitada uma página ao servidor httpd, este envia na resposta a sua assinatura (nome, versão, sistema operativo, etc…). Estas informações podem ser utilizadas para explorar vulnerabilidades e facilitar o ataque ao servidor.

Por segurança é conveniente desligar o envio da assinatura do servidor, o que pode ser feito no ficheiro de configuração de segurança do servidor /etc/apache2/conf-available/security.conf:

<sxh; highlight: [14,16,25,27]; title: /etc/apache2/conf-available/security.conf> # […]

# Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases.

# # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. #ServerTokens Minimal #ServerTokens OS #ServerTokens Full ServerTokens Prod

# # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to “EMail” to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail #ServerSignature Off #ServerSignature On ServerSignature Off

# […] </sxh>

Verificar que a sintaxe do ficheiro de configuração está correta:

<sxh bash; highlight: [1]> root@server:~# apachectl -t Syntax OK </sxh>

Reiniciar o servidor apache2:

<sxh bash; highlight: [1]> root@server:~# systemctl restart apache2 </sxh>

Verificação

Num browser, inserir o endereço do servidor (http://192.168.1.100):

Servidor apache a funcionar

Referências

pt/buster/internet/http/apache.txt · Última modificação em: 2020-08-02 20:10 (edição externa)

Excepto menção em contrário, o conteúdo neste wiki está sob a seguinte licença: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki