[Owncloud] OC on apache with hardened security?
Arman Khalatyan
arm2arm at gmail.com
Tue Feb 5 21:48:48 UTC 2013
Hi,
Are there some general suggestions on hardening the apache sever with OC?
I will suggest to put somewhere on main OC documentation some general
suggestion on hardware and installation setup.
For example I use HA-CentOS with drbd on 2 nodes with corosync.
Please give your hints here, so for starting there some of mine hints:
0) use HTTPS instead of HTTP
in virtual host config:
1) ServerSignature Off
2) ServerTokens Prod
3) TraceEnable off
4) Disable WebDAV(OC has own-sabredav ) and remove all other unused
apache modules.
5)mod_security
Thanks, Arman.
More information about the Owncloud
mailing list