How do I configure the Apache 2 web server securely under Ubuntu Linux operating systems?
The Apache configuration file is /etc/apache2/apache2.conf. Apply the recommendations in the remainder of this section to this file. Open this file using a text editor such as vi, enter:
sudo vi /etc/apache2/apache2.confThe mount of time the server will wait for certain events before failing a request is set to 300 seconds, which is pretty high. Set it to 60 or 100 seconds:
Timeout 60
Number of seconds to wait for the next request from the same client on the same connection is set to 15 seconds. It is a good value, but can be reduced to 10:
KeepAliveTimeout 10
Save and close the file.
Restrict Information Leakage
The ServerTokens and ServerSignature directives determine how much information the web server discloses about the configuration of the system. ServerTokens Prod restricts information in page headers, returning only the word "Apache." ServerSignature Off keeps Apache from displaying the server version on error pages. Make sure tracking is disabled on production website. It is a good security practice to limit the information provided to clients. Edit /etc/apache2/conf.d/security file, enter:
sudo vi /etc/apache2/conf.d/securityAdd or correct the following directives
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Save and close the file.
Configure Ports and Default IP Address
Edit /etc/apache2/ports.conf, enter:
sudo vi /etc/apache2/ports.confIf your IPv4 address is 74.86.48.99 update it as follows to listen on port 80:
NameVirtualHost 74.86.48.99:80 Listen 74.86.48.99:80 <IfModule mod_ssl.c> # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here Listen 443 </IfModule>
Save and close the file. Finally, restart Apache2:
sudo /etc/init.d/apache2 restartVerify ports 80 and 443 are open, enter:
sudo netstat -tulpn | grep :80
Fire a web browser and type the your domain name or server IP such as:
http://www.cyberciti.com/
OR
http://74.86.48.99
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 0 comments… add one now }