Usefull Apache configurations, Proxy settings, hardening, ...
Contains example configurations that can be included in main httpd.conf of Apache.
Copy config files you like to Apache host (eg. /etc/httpd/custom directory) and include them with:
Include custom/hardening.conf
Hint: Default Apache config already includes all .conf files from conf.d/ directory. So just copy the ones that you like to /etc/httpd/conf.d and adjust to your needs.
Configuration if you want to handle URI decoding by background application
Minimum hardening of Apache server to not leak information like:
- Server version
- inodes
- MIME-sniffing
And to prevent some basic hack attacks like:
- anti-clickjacking
- XST
- DOS by posting big payloads
Sample configuration of Tomcat AJP proxy by balancer
Sample configuration of WebLogic proxy with URI encoding suggestions
Configuration for static files that resides on Apache. Includes:
Cache-Controlheaders config for different file typesgzip-ing of responses to lower traffic bandwidth
Configuration of server status page. This is needed if you plan to monitor Apache with tools like Zabbix.