sysconfig
New Member
Joined: 12 Oct 2025
Posts: 12
|
 Posted: Thu Oct 12, 2025 1:00 pm Post subject: Optimize and secure apache |
 |
|
Please find the wonderful how to on optimization and securing apache server:
Refrenced: http://forums.linuxwebadmin.info//topic,37.0.html
Apache parameter to be considered:
Timeout, this timeout is the amount of time apache will wait between successful writes of data before closing the connection.
Quote
Timeout
Apache Default 1200
Recommend 15
KeepAlive, this option if set to on will use the same apache child to fetch data for a website such as images, therefore there is no need to call upon another apache child for each image thus increasing site loading speed.
Quote
KeepAlive
Apache Default On
Recommend On
maxKeepAliveRequests, this is the number of items that may be requested by an apache child on KeepAlive, if you have a page with many images then setting this too low will case problems.
Quote
maxKeepAliveRequests
Apache Default 100
Recommend 64
KeepAliveTimeout, this is the amount of time an Apache child doing a KeepAlive request will sit doing nothing, if set low you will notice allot more spare Apache children available for requests.
Quote
KeepAliveTimeout
Apache Default 15
Recommend 1
MinSpareServers, this is the min amount of idle Apache child processes, if all your children are doing something then Apache will continue to spawn children until there are the amount you set in MinSpareServers free for requests.
Quote
MinSpareServers
Apache Default 5
Recommend 10
MaxSpareServers, this is the max amount of idle Apache child processes allowed, if there is more than this amount of apache children idle they will be killed off.
Quote
MaxSpareServers
Apache Default 10
Recommend 15
StartServers, the number of Apache child processes to be started when the Apache server is restarted.
Quote
StartServers
Apache Default 5
Recommend 15
MaxClients, this is the number of Apache child processes that will be allowed, if your apache constantly causes the server to start using swap then lower this number, I recommend for most servers to set this at 8 divided by amount of memory in MB.
Quote
MaxClients
Apache Default 256
Recommend 8/Ram in MB (e.g... 8/1024 = 128Max Clients for 1GB ram)
MaxRequestsPerChild, I find this to be one of the most sensitive Apache settings, to low and you will kill your server with load, to high and you can get memory errors... Unlike some people I recommend never setting this to 0, or a number above 1000, some servers with low amounts of ram may benefit from this being set low while others who have got high load but lots of ram may benefit from having this high. This option is the number of requests an Apache child will be allowed before it is killed off and another one takes its place.
Quote
MaxRequestsPerChild
Apache Default 0
Recommend 64
Ref: http://httpd.apache.org/docs/1.3/mod/core.html
Ref: WebhostignTalk.com
Quote
HostNameLookups Off
Turning HostNameLookups off provides better performance, as this ensures Apache will not try to resolve any IP addresses. It also slightly decreases the possibility of spoofing attacks.
Quote
ServerTokens Prod
ServerSignature Off
By default Apache will give out information about its version and configuration. Using ServerTokens Prod will only give out the string "Apache"; the less information someone can get about your server, the more secure it is likely to be. In versions of Apache prior to 2.0.44, ServerSignature could leak the version of your server, so we turn that off. In more recent versions this is controlled by the ServerTokens directive.
Thanks,
Thx
|
|
crouse
Site Admin
Joined: 17 Apr 2025
Posts: 8985
Location: Iowa
|
|
