Hi,

I have installed Apache in my Win 2k Server, ofcourse PHP too.. Well, like IIS, Apache too may not be secure here, Hey, am I right?.. Is there anything I could do on this situation.. For IIS, I use IIS LOCK DOWN tool from Microsoft, and its a pretty cool stuff.. For Apache, what should I do as first step.. I have changed the Apache port 8080 to 80. Well, IIS run on port 8080.. Anyway, comment please..

Manu

Make sure u edit the conf.httpd file and make desired changes. And obviously sign up for Apache and SANS newsletter for any vulnerabilities that may come up
.... off the top of me head

heh wanna host my site? Lol i'm just kidding...
as the previous guy said..Be sure to receive newsletters of any vuln. and stuff...and check the apache site once in a while for news...

There is some firewall for that too i believe...can't tell for sure cuz i don't know very much in those subjects

The same generic guidlines apply wether your running apache on win (nt kernel) or linux. So check out securing apache (linux) and it will give you the same information as one for Win except for path statements. Conf file edits will/should be the same as well as little tricks of the trade.

This assume your already starting with a semi-secured linux or win box such as services, ports, iptables, throttled bandwidth, non-defualt paths, banners off, host from a different box than your main development box etc....

W00 dy,

I don't run both IIS and Apache... When u install windows, IIS will be installed automatically, I can not disable it anyway, I just locked it with IIS lock down tool and well, I believe Apache more than IIS. Since most of those volunerabilities are OS based, I wanted to tighten everything to work Apache fine.. Anyway, thanks alot, I'm working on it...

Manu