in This Tutorial you will Learn " How To Secure and Harden Your Apache Web Server On Rocky Linux 8.5 "
Apache is one of the most widely-used and popular web servers. It is also one of the most secure web servers available.
Apache is a popular web server used by millions of websites all over the world. As a result, they are often prey to security vulnerabilities and attacks. It is important to secure your Apache server against malicious attacks.
_________________________________________________________________________________________
Server - Os: Rocky Linux 8.5 64Bit | IP -192.168.1.20 | Hostname - www.primaryhost.com
_________________________________________________________________________________________
cat /etc/system-release ; httpd -v
_________________________________________________________________________________________
1. Hide Apache Server Name
gedit /etc/httpd/conf/httpd.conf &>/dev/null
ServerSignature Off
ServerTokens Prod
apachectl configtest
_________________________________________________________________________________________
2. Turn Off Directory Listing
gedit /etc/httpd/conf/httpd.conf &>/dev/null
<Directory /var/www/html/>
Options -Indexes
AllowOverride None
Require all granted
</Directory>
apachectl configtest
________________________________________________________________________________________
3. Disable Unnecessary Modules-
grep LoadModule /etc/httpd/conf.modules.d/00-base.conf
gedit /etc/httpd/conf.modules.d/00-base.conf &>/dev/null
#LoadModule info_module modules/mod_info.so
#LoadModule userdir_module modules/mod_userdir.so
_________________________________________________________________________________________
4.Disable Symlinks-
gedit /etc/httpd/conf/httpd.conf &>/dev/null
Options -Indexes -FollowSymLinks
apachectl configtest
_________________________________________________________________________________________
5. Disable SSI & CGI Execution
gedit /etc/httpd/conf/httpd.conf &>/dev/null
Options -Indexes -FollowSymLinks -ExecCGI -Includes
apachectl configtest
_________________________________________________________________________________________
6. Protect from Clickjacking
gedit /etc/httpd/conf/httpd.conf &>/dev/null
Header append X-FRAME-OPTIONS "SAMEORIGIN"
apachectl configtest
_________________________________________________________________________________________
7. Disable ETags
gedit /etc/httpd/conf/httpd.conf &>/dev/null
FileETag None
apachectl configtest
_________________________________________________________________________________________
8. Protect from XSS attacks.
gedit /etc/httpd/conf/httpd.conf &>/dev/null
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>
apachectl configtest
_________________________________________________________________________________________
systemctl daemon-reload ; systemctl restart httpd ; systemctl status httpd
_________________________________________________________________________________________
Wednesday, April 27, 2022
How To Harden Apache Web Server on Rocky Linux 8.5
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment