Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Make Your Apache Server A Bit More Secure

In this post I will be showing you how to make your Apache server a bit more secure using some common methods. If you have any questions feel free to ask in the comments below.

Server Tokens/Signatures

The first thing we will be doing is disabling server tokens/signatures. This is actually a very easy thing to do and is recommended because it helps hide the OS version as-well as what version of Apache you are running.

For Ubuntu/Debian based systems simply run the following commands:

echo "### DISABLE TOKENS/SIGNATURES
ServerSignature Off
ServerTokens Prod" >> /etc/apache2/apache2.conf # Add entries into Apache config
service apache2 restart # Restart Apache

For CentOS/RHEL/Fedora based systems run the following commands instead:

echo "### DISABLE TOKENS/SIGNATURES
ServerSignature Off
ServerTokens Prod" >> /etc/httpd/conf/httpd.conf # Add entries into Apache config
service httpd restart # Restart Apache

Install and Enable mod_security

The next thing we will do is Install and enable the mod_security module for Apache, this helps secure our server against brute force attacks as-well as acting like a firewall to block common exploits. For more information please click here.

Ubuntu/Debian based systems can install mod_security by running the following:

sudo apt-get install libapache2-modsecurity
sudo service apache2 restart # Restart Apache, it will be enabled by default

CentOS/RHEL/Fedora based systems can install mod_security by running the following instead:

sudo yum install mod_security && sudo service httpd restart

Install and Enable mod_evasive

You may also want to install mod_evasive as it will help to stop some DOS and DDOS attacks, while it probably won’t stop everything it can still be useful and is worth installing.

Ubuntu/Debian based systems can install mod_evasive by running:

sudo apt-get install libapache2-mod-evasive && sudo service apache2 restart

CentOS/RHEL/Fedora based systems can install mod_evasive by running:

sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
sudo yum install yum-plugin-protectbase.noarch
sudo yum install mod_evasive
sudo service httpd restart

Last but not least if you haven’t done so already you may want to generate an SSL certificate so that traffic between your Apache server and users will be encrypted. I hope you enjoyed this quick and simple guide, please don’t forget to like/share/comment. Thanks! =)



This post first appeared on Teach Me Linux, please read the originial post: here

Share the post

Make Your Apache Server A Bit More Secure

×

Subscribe to Teach Me Linux

Get updates delivered right to your inbox!

Thank you for your subscription

×