Apache server security settings

Securing your web server is very important, which means allowing others to view only some of the information and protecting the data and limiting access.

These are common things to enhance the security of your Apache web server. (Recommended learning: Apache Server)

1. Hide Apache version and operating system information. Apache displays its version and operating system name incorrectly, as shown below Screen shot shown.

#Hackers can use this information to launch attacks using exposed vulnerabilities in specific versions of servers or operating systems. To prevent Apache webserver from displaying this information, we can modify the server signature option provided in the apache configuration file. By default it is on, set it to off.

vim /etc/httpd/conf/httpd.conf<br/>

The modification is:

ServerSignature Off<br/>ServerTokens Prod<br/>

We also set up "ServerTokens Prod", which tells the web server to only return apache and prohibits operating system major and minor versions . After modifying the configuration file, the Apache web server must be restarted/reloaded for it to take effect.

service httpd restart<br/>

After modifying and restarting the Apache server, you should see similar results -

2. Disable directory listing

If there is no index file in the document root directory (such as: index.html, index.php, index.html, etc.), then by default, the apache web server will display all the contents of the document root directory.

This feature can be turned off for a specific directory through the options directive provided in the Apache configuration file.

<Directory /var/www/html><br/>    Options -Indexes<br/></Directory><br/>

3. Disable unnecessary modules

It is best to disable all unused unnecessary modules, you can See the list of enabled modules in the apache configuration file -

[root@amsterdam ~]#httpd –M<br/>perl_module (shared)<br/>php5_module (shared)<br/>proxy_ajp_module (shared)<br/>python_module (shared)<br/>ssl_module (shared)<br/>

Many of the listed modules can be disabled like mod_imap, mod_include, mod_info, mod_userdir, mod_autoindex as they are hardly used by any production Used by web server.

vi /etc/httpd/conf/httpd.conf<br/>

Then comment out -

#LoadModule auth_digest_module modules/mod_auth_digest.so<br/>

After commenting the module, save the file. Use the following command to restart the apache service.

/etc/init.d/httpd restart/<br/>

4. Use mod_evasive to counter DoS attacks

If you want to protect your web server from DoS (i.e. Denial of Service), you must enable the module mod_evasive. It is a third-party module that detects DoS attacks and prevents them from causing damage far beyond the course of their operation.

5. Limit request size

Apache does not have any limit on the total size of http requests that may lead to a DoS attack. The request size of the Apache directive LimitRequestBody can be limited using directory tags.

Depending on the requirements, this value can be set from 0 to 2GB (i.e. 2147483647 bytes).

<Directory "/var/www/html/uploads"><br/>   LimitRequestBody 512000<br/></Directory><br/>

The above is the detailed content of Apache server security settings. For more information, please follow other related articles on the PHP Chinese website!