Monday, August 23, 2010

Tips for hardening apache on ubuntu for django deployment

There is good doco for deploying django on apache with mod_python or wsgi. Here are a couple of extra tips for Ubuntu. First, edit
and enable:
ServerTokens Prod
ServerSignature Off
TraceEnable Off
And in the apache config in your "Location /" directive with the other django stuff:
Options -Indexes -Includes -Multiviews SymLinksIfOwnerMatch
Take a look at Apache's security tips and it is also worth understanding how the Apache configuration directives (Directory, Location, etc.) work.

No comments: