In this post I will be showing you how to make your Apache server a bit more secure using some common methods. If you have any questions feel free to ask in the comments below.
The first thing we will be doing is disabling server tokens/signatures. This is actually a very easy thing to do and is recommended because it helps hide the OS version as-well as what version of Apache you are running.
For Ubuntu/Debian based systems simply run the following commands:
echo "### DISABLE TOKENS/SIGNATURES ServerSignature Off ServerTokens Prod" >> /etc/apache2/apache2.conf # Add entries into Apache config
service apache2 restart # Restart Apache
For CentOS/RHEL/Fedora based systems run the following commands instead:
echo "### DISABLE TOKENS/SIGNATURES ServerSignature Off ServerTokens Prod" >> /etc/httpd/conf/httpd.conf # Add entries into Apache config
service httpd restart # Restart Apache
Install and Enable mod_security
The next thing we will do is Install and enable the mod_security module for Apache, this helps secure our server against brute force attacks as-well as acting like a firewall to block common exploits. For more information please click here.
Ubuntu/Debian based systems can install mod_security by running the following:
sudo apt-get install libapache2-modsecurity sudo service apache2 restart # Restart Apache, it will be enabled by default
CentOS/RHEL/Fedora based systems can install mod_security by running the following instead:
sudo yum install mod_security && sudo service httpd restart
Install and Enable mod_evasive
You may also want to install mod_evasive as it will help to stop some DOS and DDOS attacks, while it probably won’t stop everything it can still be useful and is worth installing.
Ubuntu/Debian based systems can install mod_evasive by running:
sudo apt-get install libapache2-mod-evasive && sudo service apache2 restart
CentOS/RHEL/Fedora based systems can install mod_evasive by running:
sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm sudo yum install yum-plugin-protectbase.noarch sudo yum install mod_evasive sudo service httpd restart
Last but not least if you haven’t done so already you may want to generate an SSL certificate so that traffic between your Apache server and users will be encrypted. I hope you enjoyed this quick and simple guide, please don’t forget to like/share/comment. Thanks! =)