面是一些要检查的安全设置:
SSL:
在httpd.conf中打开SSL
Port 80
Listen 80
Listen 443
SSLSessionCache dbm:/usr/local/apache/ logs/ssl_scache
SSLSessionCacheTimeout 1200
# For increased performance use "SSLMutex sem" instead of the line below
SSLMutex file:/usr/local/apache/logs/ssl_mutex
SSLLog /usr/local/apache/logs/ssl_engine_log
# change the log level default from "info" to "warn"
SSLLogLevel warn
SSLOptions +OptRenegotiate
打开虚拟主机的SSL支持:
# Within the ...
SSLEngine on
# Replace with certificate file name
SSLCertificateFile /usr/local/apache/conf/ssl.
cert/
# Replace with key file name
SSLKeyFile /usr/local/apache/conf/ssl.key/
SSLVerifyClient none
定制SSL的LOG格式:
LogFormat clfa "%h %l %u %t \"%r\" %>s %b\ %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{SSL_CLIENT_S_DN_CN}x\""
CustomLog /usr/local/apache/logs/access_log clfa
被保护的目录:
SSLCipherSuite HIGH: MEDIUM
AuthType Digest
AuthName "Beta code testing"
AuthDigestDomain /test/ http://test.my.dom/beta/
AuthDigestFile /usr/local/apache/conf/
digest_pw
Require valid-user
