Apache DocumentRoot must be directory

July 15, 2013 mohancheema 0

You have created a separate partition for you htdocs folder and mounted it on /path/to/documentroot. However, when you try to start Apache you get following error ‘DocumentRoot must be directory’.

This is due to SELinux to get Apache working you have 2 ways

  1. Crude way:- disable SELinux altogether
  2. Eligible way:- set SELinux context to that directory

Disable Trace/Track in Apache HTTPD

September 30, 2011 mohancheema 0


Disabling TRACE and TRACK in Apache for PCI-related vulnerabilities like Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability is surprisingly easy with the Apache web server. The main thing to keep in mind is understanding that if you are running apache and this vulnerability pops up during a scan, you can be reasonably certain that TRACK is not the problem TRACE is.

How to disable directory listing in APACHE

October 11, 2010 mohancheema 1

One of the “must do’s” on setting a secure apache webserver environment is to disable directory listing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary.

No Picture

Protecting Your Web Server Using Mod Security

April 28, 2010 mohancheema 0

ModSecurity is a web application firewall (WAF). With over 70% of attacks now carried out over the web application level, organisations need all the help they can get in making their systems secure. WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.

No Picture

Protecting Your Web Server

April 28, 2010 mohancheema 0

If you plan to run a web server, you’d better be prepared to see it attacked. Securing a web server is a non-trivial task that requires an understanding of the web server’s relationship with the network. By being aware of what security measures are on the web server, you can balance the security necessary within your applications. In this chapter, we will look at how to ensure the network is secure, and then go through the steps for making a secure and dynamite web server. We will also address what to do in the event of an attack.