在Ubuntu上配置Apache2以实现安全防护涉及多个步骤,包括配置SSL/TLS加密、限制访问、禁用不必要的模块、启用安全模块等。以下是一些关键的安全防护措施:
sudo apt-get install libapache2-mod-ssl-stapling
sudo mkdir /etc/apache2/ssl/
sudo openssl genrsa -out /etc/apache2/ssl/apache.key 2048
sudo openssl req -new -key /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.csr
<VirtualHost *:443>
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>
sudo systemctl restart apache2
Order deny,allow
和Allow from
指令,限制访问来源。<Directory /var/www/html>
Order deny,allow
Deny from all
Allow from 192.168.1.100/24
</Directory>
ServerTokens Prod
Require
指令,禁止用户通过显式路径访问网站目录。<Directory "/var/www/html">
Require all granted
</Directory>
sudo /etc/init.d/apparmor stop
sudo update-rc.d -f apparmor remove
sudo apt-get remove apparmor apparmor-utils
sudo a2dismod php7.x-apache2
sudo apt-get install libapache2-mod-security2
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
sudo ufw allow OpenSSH
sudo ufw enable
通过以上步骤,可以显著提高Ubuntu Apache2服务器的安全性。建议定期检查和更新安全配置,以应对新的安全威胁。