# Secure Apache Server ¶

Go back

This page's purpose is to list notes that can't be put into a topic-specific page such as SSL, or headers. I learned a lot from this article about apache-security-tips by tecmint. Note that you can "generate" a secure configuration using the Mozilla Generator and you may check these configurations.

## Use .htaccess ¶

Once you enabled them, as I explained in the setup, you will be able to use .htaccess, meaning you will be able to override the configuration of the server in a repository and its sub-directories. You may enjoy this cheatsheet.

Some samples of code

# Disable directory browsing
Options All -Indexes

# Redirect everything (aside direct access)
# to index.php (when mod_rewrite is not installed)
<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>

# you may allow localhost
order deny,allow
deny from all
# allow localhost
allow from 127.0.0.1

# create a redirect
Redirect 301 /duck https://duckduckgo.com/

# deny some directories
RewriteRule ^/?(\.git|logs|temp|vendor - [F]
# deny some files

Here is an example: you want to deny everyone to your folder uploads, aside from your website, and add a limit size for the file uploaded of 100ko. We are putting in upload, the .htaccess
order deny,allow