Included below is a recommended security configuration guide for the Apache web server, designed to provide security administrators with a method of configuring an installation based on the agreed security risk profile of the target system.
The security configuration document divides recommendations into levels "Premium", "Standard", and "Basic", and covers a variety of installation, configuration and ongoing management tasks, including:
* Linux and Windows Installation Requirements
* Apache Base Installation
* Identification and Authentication
* Privacy and Encryption
* Access Control
The following is a recommended security checklist for the Apache web server. This document should be used as a guide to the installation and configuration of Apache Servers in conjunction with an agreed security plan for the identified system. The document is designed for use by experienced IT administrators.
Some of the settings may be dependant on the patch levels of the components in use, and therefore differences may exist between this document and the actual file paths and access control settings on your machine. Users are encouraged to notify Intersect Alliance of any errors or omissions.
The security configuration parameters that are graded according to arbitrary levels of PREMIUM, STANDARD or BASIC. These ratings are relative and should not be read in absolute terms. A number of security grades refer to a "risk assessment". It is strongly recommended that a security risk assessment be used to ensure that the most appropriate grade is chosen for a given production environment.