Apache Hardening Linux

Web Server is  crucial part of any web-based applications.Apache Web Server is often placed at the edge of the network hence it becomes one of the most vulnerable services to attack. Having default configuration supply many sensitive information which may help hacker to prepare for an attack the web server.
The majority of web application attacks are through XSS, Info Leakage, Session Management and PHP Injection attacks which is due to weak programming code and failure to sanitize web application infrastructure.

Steps for the same:

Disabling Apache Version and OS Identity:

Open the httpd configuration file and place below lines as mentioned.

# vi /etc/httpd/conf/httpd.conf

#####Server Banner######  

ServerSignature Off                                                 

ServerTokens Prod

Disabling Document Root Directory Content List:

To disable the content of document root directory listing(Index pages), please place the place the below rules in httpd configuration file

# vi /etc/httpd/conf/httpd.conf

                                      

Upgrade the Apache Server regularly  to newer version:

Upgrade the apache web servers regularly,because every time new versions of software releasing in the market due to security vulnerabilities.

# yum update httpd

# rpm -Uvh httpd-xx.xx-xxx.rpm

Disable Trace Requests:

This is needed to disable the trace request and add the below lines in the httpd configuration file.

# vi /etc/httpd/conf/httpd.conf

########Disable Trace Requests########

TraceEnable off

Security Fixes:

We need to add some rewrite engines rules in order to secure our productions web servers. Below lines needs to be added in the httpd configuration file.

# vi /etc/httpd/conf/httpd.conf

######Security Fixes######  

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

After doing the changes, you need to restart the apache server as follows.

# Service httpd restart   

or 

# /etc/init.d/httpd restart