构建安全的e-commerce服务器(3)

王朝厨房·作者佚名 2007-01-02

摘要：暂无

面是一些要检查的安全设置：

SSL：

在httpd.conf中打开SSL

Port 80

Listen 80

Listen 443

SSLSessionCache dbm:/usr/local/apache/ logs/ssl_scache

SSLSessionCacheTimeout 1200

# For increased performance use "SSLMutex sem" instead of the line below

SSLMutex file:/usr/local/apache/logs/ssl_mutex

SSLLog /usr/local/apache/logs/ssl_engine_log

# change the log level default from "info" to "warn"

SSLLogLevel warn

SSLOptions +OptRenegotiate

打开虚拟主机的SSL支持：

# Within the ...

SSLEngine on

# Replace with certificate file name

SSLCertificateFile /usr/local/apache/conf/ssl.

cert/

# Replace with key file name

SSLKeyFile /usr/local/apache/conf/ssl.key/

SSLVerifyClient none

定制SSL的LOG格式：

LogFormat clfa "%h %l %u %t \"%r\" %>s %b\ %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%{SSL_CLIENT_S_DN_CN}x\""

CustomLog /usr/local/apache/logs/access_log clfa

被保护的目录：

SSLCipherSuite HIGH: MEDIUM

AuthType Digest

AuthName "Beta code testing"

AuthDigestDomain /test/ http://test.my.dom/beta/

AuthDigestFile /usr/local/apache/conf/

digest_pw

Require valid-user