1 hide Apache Version and OS
Apache will show its version with the OS installed in your server. By hiding it, hackers can’t know if your server is exploitable with an specific exploit or not, therefor less susceptible to attacks.
Add the following lines to /etc/apache2/conf-available/security.conf
ServerSignature Off
ServerTokens Prod
Also if you are using php change the expose_php = Off in /etc/php5/apache2/php.ini
2 Disable Directory Listing
<Directory /var/www/html> Options -Indexes</Directory>
3 update apache Regularly
apt-get update && apt-get upgrade –y
4 use the security module
apt-get install libapache2-modsecurity a2enmod security2
5 Limit Request Size
By default, Apache has no limit on the total size of the HTTP request. To not be a victim of Denial of service attacks. We can Limit the requests size of an Apache directive “LimitRequestBody” with the directory tag. (The following is in bytes for 2.5mb)
<Directory "/var/www/myweb1/user_uploads"> LimitRequestBody 2621440 </Directory>
6 Enable Apache Logging
Before fixing anything you need to find out what’s broken and it’s where having a log file matters
You may want to add something like this to your default.conf virtual host
ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined
7 use ssl certification
The only reason we care about ssl is so we don’t have to worry about mitm attack
You can buy one online (most common)
Or you can build your own (tutorial here)
Or you can use letsencrypt (tutorial here)
After all those changes you might want to restart apache to let changes take place
Service apache2 restart