Optimizing/Securing Apache & PHP

[Yulia]

Any tips for securing and increasing the speed of apache? All I need is the pure basics.


My current Setup:

APACHE:
Compile:

Code:

./configure --prefix=/usr/local/apache2 --with-mpm=prefork --enable-mods-shared='rewrite ssl' --enable-rewrite --enable-ssl --with-ssl --disable-env --disable-status --disable-autoindex --disable-cgi --disable-userdir --disable-actions --disable-asis --enable-deflate --enable-so

Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_filter.c
mod_log_config.c
prefork.c
http_core.c
mod_mime.c
mod_dir.c
mod_actions.c
mod_alias.c
mod_so.c


httpd.conf

Code:

ServerRoot "/usr/local/apache2"
Listen 80
LoadModule php5_module	modules/libphp5.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule deflate_module modules/mod_deflate.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>
ServerAdmin admin@domain.org
ServerName domain.org:80
DocumentRoot "/www"
UseCanonicalName Off 
ServerSignature Off 
HostnameLookups Off 
ServerTokens Prod  
PidFile /usr/local/apache2/logs/httpd.pid 
ScoreBoardFile /usr/local/apache2/logs/httpd.scoreboard 
Timeout 300 
KeepAlive On 
MaxKeepAliveRequests 100 
KeepAliveTimeout 15 
<IfModule prefork.c> 
	MinSpareServers 5 
	MaxSpareServers 10 
	StartServers 5 
	MaxClients 150 
	MaxRequestsPerChild 0 
</IfModule> 
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html 
DeflateFilterNote ratio
DeflateCompressionLevel 3
</IfModule>
<Directory />
	Options None
	AllowOverride None
	Order deny,allow
	Deny from all
</Directory>
<Directory /www>
	Options None
	AllowOverride None
	Order deny,allow
	Deny from all
</Directory>
<Directory "/www/domain.org/html">
	Options All
	AllowOverride All
	Order allow,deny
	Allow from all
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html
</Directory>
<IfModule dir_module>
	DirectoryIndex index.php index.html
</IfModule>
<FilesMatch "^\.ht">
	Order allow,deny
	Deny from all
	Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	<IfModule logio_module>
	  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
	</IfModule>
	CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
	ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache2/cgi-bin">
	AllowOverride None
	Options None
	Order allow,deny
	Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
	TypesConfig conf/mime.types
	AddType application/x-compress .Z
	AddType application/x-gzip .gz .tgz
	AddType application/x-httpd-php .php
</IfModule>
NameVirtualHost domain.org:80
<VirtualHost domain.org:80>
	DocumentRoot "/www/domain.org/html"
	ServerName "domain.org"
	ServerAlias "domain.org"
	ErrorLog /www/domain.org/logs/error_log
	CustomLog /www/domain.org/logs/access_log combined
</VirtualHost>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

PHP:
Compile:
Default

php.ini

Code:

engine = On
zend.ze1_compatibility_mode = Off
short_open_tag = On
asp_tags = Off
precision	=  14
y2k_compliance = On
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func=
serialize_precision = 100
allow_call_time_pass_reference = Off
safe_mode = On
safe_mode_gid = Off
safe_mode_include_dir =
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
disable_functions = phpinfo,dir,readfile,shell_exec,exec,virtual,passthru,proc_close,proc_get_status
,proc_open,proc_terminate,syste
disable_classes = ni_get(), phpinfo(), shell_exec(), popen()
expose_php = Off
max_execution_time = 30; Maximum execution time of each script, in seconds
max_input_time = 60; Maximum amount of time each script may spend parsing request data
memory_limit = 16M	; Maximum amount of memory a script may consume
error_reporting  =  E_ALL
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
variables_order = "EGPCS"
register_globals = Off
register_long_arrays = Off
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
doc_root =
user_dir =
extension_dir = "/usr/lib/php/modules"
enable_dl = On
file_uploads = Off
upload_max_filesize = 20M
allow_url_fopen = On
default_socket_timeout = 60

[davidanand]

compile Mod_ security and Mod_evasive with apache will also keep your server secure.