Howto Apache

Howto setup apache, see also apache configuration and official Apache docs


  • Apache runs as a regular user normally, but requires root privileges to first secure ports 80 (HTTP) and 443 (HTTPS) which are under 1024 and are thus privileged ports.
  • Apache user can be found in /etc/passwd
    • Debian: “www-data:x:33:33:www-data:/var/www:/bin/sh”


  • Debian: apt-get install apache
    • or apache-ssl

Start and Stop

For Apache to reload it’s configuration file, the server needs to be restarted. I recommend doing a stop and start separately, as the restart by itself fails sometimes.

  • /etc/init.d/apache stop, /etc/init.d/apache start –or–
    • or apache-ssl, apache2, httpd
  • apachectl stop, apachectl start –or–
    • or apachectl-ssl, apache2


Apache Obsecurity

From Brian Hatch’s HLE Security and Obscurity post about testing and removing Apache identification.

$ curl -i 2>/dev/null | grep Server:
  Server: Apache/1.3.9 (Unix) Debian/GNU PHP/4.0.3pl1
  • Modify /etc/apache/httpd.conf with the ServerTokens setting.
    • ServerTokens min → (Server: Apache/1.3.9)
    • ServerTokens ProductOnly → (Server: Apache)
  • Modify /etc/php4/apache/php.ini to remove X-Powered-By in PHP headers
    • expose_php = Off

Enable Perl/CGI

  • Even after configuring my apache server for perl/cgi... I would sometimes get the pl/cgi scripts executed via perl, but my browser was downloading a text file of results instead of rendering it in the browser! I tried this configuration from this old site and it worked! For some reason, my Directory commands are not working.
  Alias /perl/ /home/stas/modperl/
  PerlModule Apache::Registry
  <Location /perl/>
      SetHandler perl-script
      PerlHandler Apache::Registry
      Options +ExecCGI
      PerlSendHeader On
      allow from all
howto/apache.txt · Last modified: 2006/08/18 13:21 by
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki