6 Effective Tips To Secure A Apache Web Server

Apache HTTP Server commonly known as Apache web server is running since 1999 but in 2009 it became the first web server software to surpass the 100 million web site milestone.
It is a power and flexible HTTP server and it provides many features like DBMS (Database Management System), Content negotiation and Virtual host etc. It is an open source and developed by an open source community, apache is available for various operating system including Windows, Linux,MAC, Solaris and FreeBSD etc.
Well the aim of this article is not about to introduce you with apache, the main purpose of this article is to discuss the security variants in apache server. Below are the some effective tips to secure a apache server.  
Keep It Current
This is the key point to secure any server and machine on the web is to up to date, make sure that you are running the latest version and make to patch all the software’s running on your server. The best practise is to subscribe to the Apache HTTP Server Announcements List where you apache community share the new version and security update.
Hide The Apache Version Number
As apache is very common on web master that is why security researcher research on the security of apache and there are different websites that will announce and post the exploit for different version of apache, if a hacker knows about your apache server than he/she might be find any exploit and your server might be compromised so it is good to hide your software version.    


To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below

Protecting System Settings

You have to secure your .htaccess files because it contain all the security information of your server. In server config file put  

<Directory />
AllowOverride None
</Directory>

Turn Off Server Side Includes 
Goto the option than Directory tag set option to either none or -includes
Options -Includes
 
Turn Off CGI Execution  
If you are not using CGI than it is recommended to turn it off, Goto the  
option than Directory tag  set option to either none or -ExecCGI
Options -ExecCGI
Limit Access To Certain Files 
Your visitor(s) should not allowed to visit the server files, you can limit their access by changing in .htaccess file
<FilesMatch ".(.*sql|.*~)$">
  Order deny,allow
  Deny from all
</FilesMatch> 
by this command users will not allowed to go on SQL side files. 
Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...