Secure Configuration of the Apache Web
Apache Server Version 1.3.3 on Red Hat Linux
Rev 1.12 – 24 Apr. 2001
Revisions by Trent Pitsenbarger, National Security Agency
© 1999 The MITRE Corporation
Center for Integrated Intelligence Systems
MITRE Department Approval:
Marion C. Michaud
Information Warfare and Secure
MITRE Project Approval:
Julie L. Connolly
Project Leader, 0799N030-WB
• Apache module names are given in italics.
• Apache directive names are given in bold.
• Parameters to Apache directives are given in bold italics.
• 	 Configuration files and information returned by the command line are expressed in
courier new font.
• Text entered in the command line is expressed in bold courier new font.
• Abstract configuration information is given in italic courier new font.
• 	 Words that the authors wish to emphasize, but which otherwise have no specific
meanings, are underlined.
• The rest of the document is written in normal Times New Roman font.
! 	Do not attempt to implement any of the settings in this guide without first
testing in a non-operational environment.
! 	This document is only a guide containing recommended security settings. It is not
meant to replace well-structured policy or sound judgment. Furthermore this guide
does not address site-specific configuration issues. Care must be taken when
implementing this guide to address local operational and policy concerns.
! 	SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
EXPRESSLY DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,