Apache Web Security and Hardening Tips

2 min readAug 15, 2020

Introduction

Apache web-server is most widely used and popular in the world. Because of that reason, it becomes the most vulnerable attack. We are going to show you Apache Web Server Security and Hardening Tips.
Because for an important part of the server our responsibility to secure our web server. We will also know about apache security headers.
Below is some process to secure our web server.

Apache Web Security and Hardening Tips

Hide Apache Version and OS Identity from Errors.

When you install Apache from package installers like yum, it displays the version of your Apache web server installed on your server with the OS name of your server in Errors. It also shows the knowledge about Apache modules installed in your server.

Therefore this makes hacker know what algorithm need to need to use for hack your server so we should hide our apache version so your server not visible to anyone.

In the above picture, you can see that Apache is showing its version with the OS installed in your server. This s a major security threat to your web server and your installed OS.

To disable the Apache version to not display this information to the world, we need to do some changes in the Apache configuration file.

# vim /etc/httpd/conf/httpd.conf  (RHEL/CentOS/Fedora)
# vim /etc/apache2/apache2/conf  (Debian/Ubuntu)

Add below syntax in the config file.

ServerSignature Off
ServerTokens Prod

Now restart apache service with below commands.

# service httpd restart  (RHEL/CentoOS/Fedora)
# service apache2 restart  (Debian/Ubuntu)

Disable Directory Listing

By default Apache list all the content of Document root directory. For Example please see the image below.

We can turn off directory listing by using the Options directive in the configuration file. For that, we need to make an entry in httpd.conf or apache2.conf file.

# vi /etc/httpd/conf/httpd.conf

Do below settings in the configuration file

<Directory /var/www/html>
Options -Indexes
</Directory>