Apache tuning

Bug #1163626 reported by François Marier on 2013-04-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar
Low
Unassigned

Bug Description

There are a couple of easy things to tune on our Apache config files:

* disable unused modules
* set AllowOverride to None
* Disable SymlinksIfOwnerMatch

François Marier (fmarier) wrote :

AllowOverride is on by default.

François Marier (fmarier) wrote :

These modules are currently enabled on production:

$ ls /etc/apache2/mods-enabled/*.load
alias.load
auth_basic.load
authn_file.load
authz_default.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.load
cgid.load
deflate.load
dir.load
env.load
expires.load
headers.load
mime.load
negotiation.load
reqtimeout.load
rewrite.load
setenvif.load
ssl.load
status.load
wsgi.conf
wsgi.load

We should investigate whether these are needed:

authn_file.load
authz_default.load
authz_groupfile.load
authz_host.load
authz_user.load
autoindex.load
cgid.load
dir.load
mime.load
negotiation.load
reqtimeout.load
status.load

Changed in libravatar:
assignee: François Marier (fmarier) → nobody
François Marier (fmarier) wrote :

Related to this is the idea of hardening the config: https://wiki.debian.org/Apache/Hardening

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers