Make Your Apache Server A Bit More Secure

In this post I will be showing you how to make your Apache server a bit more secure (apache hardening) using some common methods. If you have any questions feel free to ask in the comments below.

Server Tokens/Signatures

The first thing we will be doing to harden apache is disabling server tokens/signatures. This is actually a very easy thing to do and is recommended because it helps hide the OS version as-well as what version of Apache you are running from pages such as 404 (file not found) errors.

To disable server tokens/signatures on Ubuntu or Debian based systems simply run the following commands:

echo "### DISABLE TOKENS/SIGNATURES
ServerSignature Off
ServerTokens Prod" >> /etc/apache2/apache2.conf # Add entries into Apache config
service apache2 restart # Restart Apache

To disable server tokens/signatures on Red Hat, CentOS, or Fedora based systems simply run the following commands instead:

echo "### DISABLE TOKENS/SIGNATURES
ServerSignature Off
ServerTokens Prod" >> /etc/httpd/conf/httpd.conf # Add entries into Apache config
service httpd restart # Restart Apache

 Install and Enable mod_security

The next thing we will do is install and enable the mod_security module for Apache, this helps secure our server against brute force attacks as-well as acting like a firewall to block common exploits. For more information please click here.

To install mod_security on Ubuntu or Debian based systems run the following:

sudo apt-get install libapache2-modsecurity
sudo service apache2 restart # Restart Apache, it will be enabled by default

To install mod_security on CentOS, Red Hat, and Fedora based systems run the following instead:

sudo yum install mod_security && sudo service httpd restart

 Install and Enable mod_evasive

You may also want to install mod_evasive as it will help to stop some DOS and DDOS attacks, while it probably won’t stop everything it can still be useful and is worth installing.

To install mod_evasive on Ubuntu or Debian based systems run the following instead:

sudo apt-get install libapache2-mod-evasive && sudo service apache2 restart

To install mod_evasive on CentOS, Red Hat, and Fedora based systems run the following instead:

sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
sudo yum install yum-plugin-protectbase.noarch
sudo yum install mod_evasive
sudo service httpd restart

Last but not least if you haven’t done so already you may want to generate a free SSL certificate so that traffic between your Apache server and users will be encrypted. I hope you enjoyed this quick and simple guide, please don’t forget to like/share/comment. Thanks! =)

Leave a Reply

Your email address will not be published. Required fields are marked *