6 Effective Tips To Secure A Apache Web Server

Apache HTTP Server commonly known as Apache web server is running since 1999 but in 2009 it became the first web server software to surpass the 100 million web site milestone.
It is a power and flexible HTTP server and it provides many features like DBMS (Database Management System), Content negotiation and Virtual host etc. It is an open source and developed by an open source community, apache is available for various operating system including Windows, Linux,MAC, Solaris and FreeBSD etc.
Well the aim of this article is not about to introduce you with apache, the main purpose of this article is to discuss the security variants in apache server. Below are the some effective tips to secure a apache server.  
Keep It Current
This is the key point to secure any server and machine on the web is to up to date, make sure that you are running the latest version and make to patch all the software’s running on your server. The best practise is to subscribe to the Apache HTTP Server Announcements List where you apache community share the new version and security update.
Hide The Apache Version Number
As apache is very common on web master that is why security researcher research on the security of apache and there are different websites that will announce and post the exploit for different version of apache, if a hacker knows about your apache server than he/she might be find any exploit and your server might be compromised so it is good to hide your software version.    


To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below

Protecting System Settings

You have to secure your .htaccess files because it contain all the security information of your server. In server config file put  

<Directory />
AllowOverride None
</Directory>

Turn Off Server Side Includes 
Goto the option than Directory tag set option to either none or -includes
Options -Includes
 
Turn Off CGI Execution  
If you are not using CGI than it is recommended to turn it off, Goto the  
option than Directory tag  set option to either none or -ExecCGI
Options -ExecCGI
Limit Access To Certain Files 
Your visitor(s) should not allowed to visit the server files, you can limit their access by changing in .htaccess file
<FilesMatch ".(.*sql|.*~)$">
  Order deny,allow
  Deny from all
</FilesMatch> 
by this command users will not allowed to go on SQL side files. 
Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...