以下是Debian Apache的安全设置方法:
sudo apt update && sudo apt upgrade -y
sudo ufw enable
sudo ufw allow 'Apache Full'
rewrite
、headers
):sudo a2dismod <module_name>
sudo systemctl restart apache2
sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d yourdomain.com
/etc/apache2/conf-enabled/security.conf
,设置:ServerSignature Off
ServerTokens Prod
.htaccess
或虚拟主机配置限制IP访问:<Directory "/var/www/html">
Require all granted
# 或限制特定IP
# Require ip 192.168.1.1
</Directory>
sudo tail -f /var/log/apache2/access.log
sudo apt install goaccess
goaccess /var/log/apache2/access.log
Options -Indexes
。755
,文件为644
,属主为www-data
。mod_security
)增强防护。参考来源: