Wireless Army
This is a blog / tips and tricks website for web developers and security researchers.
follow us in feedly


7 Ways to make your apache server more secure
by admin
 at 2017-04-08 23:54:00.

1 hide Apache Version and OS

Apache will show its version with the OS installed in your server. By hiding it, hackers can’t know if your server is exploitable with an specific exploit or not, therefor less susceptible to attacks.

Add the following lines to /etc/apache2/conf-available/security.conf

ServerSignature Off 
ServerTokens Prod

Also if you are using php change the expose_php = Off in /etc/php5/apache2/php.ini

2 Disable Directory Listing

<Directory /var/www/html>
    Options -Indexes

</Directory>

3 update apache Regularly

apt-get update && apt-get upgrade –y

4 use the security module

apt-get install libapache2-modsecurity
a2enmod security2

5 Limit Request Size

By default, Apache has no limit on the total size of the HTTP request. To not be a victim of Denial of service attacks. We can Limit the requests size of an Apache directive “LimitRequestBody” with the directory tag. (The following is in bytes for 2.5mb)

 <Directory "/var/www/myweb1/user_uploads">
   LimitRequestBody 2621440
</Directory>

6 Enable Apache Logging

Before fixing anything you need to find out what’s broken and it’s where having a log file matters

You may want to add something like this to your default.conf virtual host

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

7 use ssl certification

The only reason we care about ssl is so we don’t have to worry about mitm attack

You can buy one online (most common)

Or you can build your own (tutorial here)

Or you can use letsencrypt (tutorial here)

 

After all those changes you might want to restart apache to let changes take place

Service apache2 restart