Apache HTTP Server commonly known as Apache web server is running since 1999 but in 2009 it became the first web server software to surpass the 100 million web site milestone.
It is a power and flexible HTTP server and it provides many features like DBMS (Database Management System), Content negotiation and Virtual host etc. It is an open source and developed by an open source community, apache is available for various operating system including Windows, Linux,MAC, Solaris and FreeBSD etc.
Well the aim of this article is not about to introduce you with apache, the main purpose of this article is to discuss the security variants in apache server. Below are the some effective tips to secure a apache server.
Keep It Current
This is the key point to secure any server and machine on the web is to up to date, make sure that you are running the latest version and make to patch all the software’s running on your server. The best practise is to subscribe to the Apache HTTP Server Announcements List where you apache community share the new version and security update.
Hide The Apache Version Number
As apache is very common on web master that is why security researcher research on the security of apache and there are different websites that will announce and post the exploit for different version of apache, if a hacker knows about your apache server than he/she might be find any exploit and your server might be compromised so it is good to hide your software version.
To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
Now you need to restart your web server using the following command
Now the output for apache header looks like below
Protecting System Settings
You have to secure your .htaccess files because it contain all the security information of your server. In server config file put
Turn Off Server Side Includes
Goto the option than Directory tag set option to either none or -includes
Turn Off CGI Execution
If you are not using CGI than it is recommended to turn it off, Goto the
option than Directory tag set option to either none or -ExecCGI
Limit Access To Certain Files
Your visitor(s) should not allowed to visit the server files, you can limit their access by changing in .htaccess file
<FilesMatch ".(.*sql|.*~)$"> Order deny,allow Deny from all </FilesMatch>
by this command users will not allowed to go on SQL side files.