IdentifiantMot de passe
Mot de passe oublié ?Je m'inscris ! (gratuit)

Installation et sécurisation d'une station Debian 3.0 stable


Installation et sécurisation d'une station Debian 3.0 stable

15/05/2004

[ Précédent ] [ Sommaire ] [ Suivant ] [ Télécharger ]

ANNEXE 6. Fichier de configuration Apache minimal


ANNEXE 6. Fichier de configuration Apache minimal


#
# Debian-secinst v0.1.2 : ANNEXE 6 - Fichier de configuration Apache minimal
# Simon Castro
#

####################################
# Section 1 : Environnement Global #
####################################


ServerType standalone
ServerRoot /etc/apache
LockFile /var/lock/apache.lock
PidFile /var/run/apache.pid
ScoreBoardFile /var/run/apache.scoreboard

MinSpareServers 2
MaxSpareServers 5
StartServers 2

User www-data
Group www-data

Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MaxClients 15
MaxRequestsPerChild 100

#
# Support des modules
#

LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime.so
LoadModule negotiation_module /usr/lib/apache/1.3/mod_negotiation.so
LoadModule autoindex_module /usr/lib/apache/1.3/mod_autoindex.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule unique_id_module /usr/lib/apache/1.3/mod_unique_id.so
LoadModule setenvif_module /usr/lib/apache/1.3/mod_setenvif.so
LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so

#
# Configuration générale du serveur
#

Port 80
Listen 80
Listen 443

#
# Repertoires et permissions
#

DocumentRoot /var/www/htdocs

<Directory />
  Options SymLinksIfOwnerMatch
  AllowOverride None
</Directory>

<Directory "/var/www/htdocs">
  Options SymLinksIfOwnerMatch
  AllowOverride None
  Order allow,deny
  Allow from all
</Directory>

Alias /icons/ /usr/share/apache/icons/
<Directory /usr/share/apache/icons>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

#
# Configurations specifiques aux modules
#

<IfModule mod_dir.c>
  DirectoryIndex index.html index.htm index.shtml index.cgi
</IfModule>

<IfModule mod_autoindex.c>
IndexOptions FancyIndexing NameWidth=*
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/deb.gif .deb
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
</IfModule>

TypesConfig /etc/mime.types
DefaultType text/plain
AddDefaultCharset on

<IfModule mod_mime.c>
  AddEncoding x-compress Z
  AddEncoding x-gzip gz tgz
  AddLanguage da .dk
  AddLanguage nl .nl
  AddLanguage en .en
  AddLanguage et .ee
  AddLanguage fr .fr
  AddLanguage de .de
  AddLanguage el .el
  AddLanguage it .it
  AddLanguage ja .ja
  AddCharset ISO-2022-JP .jis
  AddLanguage pl .po
  AddCharset ISO-8859-2 .iso-pl
  AddLanguage pt .pt
  AddLanguage pt-br .pt-br
  AddLanguage ltz .lu
  AddLanguage ca .ca
  AddLanguage es .es
  AddLanguage sv .se
  AddLanguage cz .cz
  <IfModule mod_negotiation.c>
	  LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
  </IfModule>
  AddType application/x-tar .tgz
  AddType image/bmp .bmp
  AddType text/x-hdml .hdml
</IfModule>

<IfModule mod_setenvif.c>
  BrowserMatch "Mozilla/2" nokeepalive
  BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
  BrowserMatch "RealPlayer 4\.0" force-response-1.0
  BrowserMatch "Java/1\.0" force-response-1.0
  BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>

##############################################
### Securite : Protection .htaccess etc... ###
##############################################

UseCanonicalName Off
ServerSignature Off
ServerAdmin nobody@noone.com

AccessFileName .htaccess
<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
</Files>

#############################################
### Gestion des logs : Format et fichiers ###
#############################################

HostnameLookups Off

LogLevel warn
SSLLogLevel warn

LogFormat "%h %l %u %v %A:%p %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common
LogFormat "%h %l %u %v %A:%p %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x/%{SSL_CIPHER_ALGKEYSIZE}x" commonssl

CustomLog /var/log/apache/access.log common
ErrorLog /var/log/apache/error.log
SSLLog /var/log/apache/ssl.log

###################
### Gestion SSL ###
###################

SSLSessionCache none
SSLMutex sem
SSLRandomSeed startup builtin

########################
### Plugin WebSphere ###
########################

LoadModule app_server_http_module /usr/local/websphere500/appserver/bin/mod_app_server_http.so
WebSpherePluginConfig /usr/local/websphere500/appserver/config/cells/plugin-cfg.xml

####################
### VirtualHosts ###
####################

<VirtualHost {@IP}> 
DocumentRoot /var/www/htdocs
ServerName {@IP}

CustomLog /var/log/apache/access.log common
ErrorLog /var/log/apache/error.log
</VirtualHost>

<VirtualHost {@IP ou HOSTNAME}:443> 
DocumentRoot /var/www/htdocs
ServerName {@IP ou HOSTNAME}

SSLEngine On
SSLCertificateFile /etc/apache/ssl/{HOSTNAME}.crt
SSLCertificateKeyFile /etc/apache/ssl/{HOSTNAME}.key

CustomLog /var/log/apache/access_ssl.log commonssl
ErrorLog /var/log/apache/error.log
</VirtualHost>
[ Précédent ] [ Sommaire ] [ Suivant ] [ Télécharger ]
Copyright (c) 2003 Simon Castro, scastro [ at ] entreelibre.com.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
You must have received a copy of the license with this document and it should be présent in the fdl.txt file.
If you did not receive this file or if you don't think this fdl.txt license is correct, have a look on the official http://www.fsf.org/licenses/fdl.txt licence file.
Copyright (c) 2003 Simon Castro, scastro [ at ] entreelibre.com.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
You must have received a copy of the license with this document and it should be présent in the fdl.txt file.
If you did not receive this file or if you don't think this fdl.txt license is correct, have a look on the official http://www.fsf.org/licenses/fdl.txt licence file.