From APACHE 2.2 Site for Windows Security Technical Implementation Guide
Part of WG250
A major tool in exploring the web site use, attempted use, unusual conditions and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and Web
Locate the Apache httpd.conf file. If unable to locate the file, perform a search of the system to find the location of the file. Open the httpd.conf file with an editor such as Notepad, and search for the following uncommented directives: ErrorLog & CustomLog Navigate to the location of the file specified after each enabled ErrorLog & CustomLog directive and verify the permissions assigned to these files. Right click on the file to be examined. Select Properties > Select the “Security” tab. Permissions greater than Read & Execute should be allowed for only the account assigned to the Apache server service, and the Auditors Group. If the SA, Web Manager or users other than the Auditors group have greater than read access to the log files, this is a finding. If anyone other than the Auditors, Administrators, Web Managers, or the account assigned to the Apache server service has access to the log files, this is a finding.
Remove the unauthorized permissions from the applicable accounts.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer