Installation et sécurisation d'une station Debian 3.0 stable15/05/2004
ANNEXE 6. Fichier de configuration Apache minimal
ANNEXE 6. Fichier de configuration Apache minimal
#
# Debian-secinst v0.1.2 : ANNEXE 6 - Fichier de configuration Apache minimal
# Simon Castro
#
####################################
# Section 1 : Environnement Global #
####################################
ServerType standalone
ServerRoot /etc/apache
LockFile /var/lock/apache.lock
PidFile /var/run/apache.pid
ScoreBoardFile /var/run/apache.scoreboard
MinSpareServers 2
MaxSpareServers 5
StartServers 2
User www-data
Group www-data
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MaxClients 15
MaxRequestsPerChild 100
#
# Support des modules
#
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so
#
# Configuration générale du serveur
#
Port 80
Listen 80
Listen 443
#
# Repertoires et permissions
#
DocumentRoot /var/www/htdocs
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
</Directory>
<Directory "/var/www/htdocs">
Options SymLinksIfOwnerMatch
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /icons/ /usr/share/apache/icons/
<Directory /usr/share/apache/icons>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
#
# Configurations specifiques aux modules
#
<IfModule mod_dir.c>
DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/deb.gif .deb
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>
TypesConfig /etc/mime.types
DefaultType text/plain
AddDefaultCharset on
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
<IfModule mod_negotiation.c>
LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
</IfModule>
AddType application/x-tar .tgz
AddType image/bmp .bmp
AddType text/x-hdml .hdml
</IfModule>
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
##############################################
### Securite : Protection .htaccess etc... ###
##############################################
UseCanonicalName Off
ServerSignature Off
ServerAdmin nobody@noone.com
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
#############################################
### Gestion des logs : Format et fichiers ###
#############################################
HostnameLookups Off
LogLevel warn
SSLLogLevel warn
LogFormat "%h %l %u %v %A:%p %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
LogFormat "%h %l %u %v %A:%p %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x/%{SSL_CIPHER_ALGKEYSIZE}x" commonssl
CustomLog /var/log/apache/access.log common
ErrorLog /var/log/apache/error.log
SSLLog /var/log/apache/ssl.log
###################
### Gestion SSL ###
###################
SSLSessionCache none
SSLMutex sem
SSLRandomSeed startup builtin
########################
### Plugin WebSphere ###
########################
LoadModule app_server_http_module /usr/local/websphere500/appserver/bin/mod_app_server_http.so
WebSpherePluginConfig /usr/local/websphere500/appserver/config/cells/plugin-cfg.xml
####################
### VirtualHosts ###
####################
<VirtualHost {@IP}>
DocumentRoot /var/www/htdocs
ServerName {@IP}
CustomLog /var/log/apache/access.log common
ErrorLog /var/log/apache/error.log
</VirtualHost>
<VirtualHost {@IP ou HOSTNAME}:443>
DocumentRoot /var/www/htdocs
ServerName {@IP ou HOSTNAME}
SSLEngine On
SSLCertificateFile /etc/apache/ssl/{HOSTNAME}.crt
SSLCertificateKeyFile /etc/apache/ssl/{HOSTNAME}.key
CustomLog /var/log/apache/access_ssl.log commonssl
ErrorLog /var/log/apache/error.log
</VirtualHost>
Copyright (c) 2003 Simon Castro, scastro [ at ] entreelibre.com.
Permission is granted to copy, distribute and/or modify this document under the
terms of the GNU Free Documentation License, Version 1.2 or any later version
published by the Free Software Foundation; with the Invariant Sections being
LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the
Back-Cover Texts being LIST.
You must have received a copy of the license with this document and it should
be présent in the fdl.txt file.
If you did not receive this file or if you don't think this fdl.txt license is
correct, have a look on the official http://www.fsf.org/licenses/fdl.txt
licence file.
|