Introduction
This isn’t a comprehensive guide to hardening Apache—plenty of folks more qualified have tackled that. Instead, this is a personal overview of what I did, and why.
The "Server in the Cellar" is a standalone machine dedicated to web hosting. Since 2003, it's been humming along with nothing but server software and site files. It doesn’t even know about my other machines. From day one, the logs have shown bot attempts—trying to break out of directories, probing for CGI scripts, and so on. While I doubt I could fend off a determined attacker, disrupting this little machine would be a mean-spirited act.
Hardening Apache not only protects the site but also its visitors.
Apache's default security has served me well for years.
Members Only
Want to keep reading?
This story is available exclusively to members. Sign up for free to unlock the full article.