• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

By Abhishek Ghosh June 5, 2017 9:58 pm Updated on June 5, 2017

Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

Advertisement

In previous guide, we written how to get started with a blank server, configure Apache for HSTS and how to configure IPTables. This guide is applicable for cloud, dedicated & virtual dedicated server. Here is a detailed guide on how to harden Apache2 server’s security on Ubuntu 16.04 LTS.

Harden Apache2 Server's Security Ubuntu 16.04 LTS

 

Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

 

The default settings file of Apache is located at :

Vim
1
/etc/apache2/apache2.conf

And Apache2 security file located at :

Advertisement

---

Vim
1
/etc/apache2/conf-available/security.conf

We can test configuration by running :

Vim
1
apachectl -t

Restart Apache2 webserver by :

Vim
1
systemctl restart apache2

Open :

Vim
1
nano /etc/apache2/conf-available/security.conf

Find these verbs and change then like written below, if some entry not present, add it :

Vim
1
2
3
4
5
6
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header unset ETag
Header always unset X-Powered-By
FileETag None

It will take some time to find the settings and modify. Save the file. Run apachectl -t and run :

Vim
1
systemctl restart apache2

Why we did the above changes? To hide Apache Version and operating system identity which are available from error pages like 404. When we get 404, the web page displays the version of Apache web server installed on your server with the name of operating system name. Sometimes the information about Apache modules also become obvious. The above changes will not show up the informations.

Second part is installing and activating two modules – mod_security and mod_evasive. Of course you need to know the way to check which Apache modules are enabled. This is possible by running this command when Apache is running :

Vim
1
apachectl -M

Or :

Vim
1
a2query -m

When Apache is not running. There are other ways like creating a PHP info file or a PHP file with the content :

Vim
1
2
3
<?php
print_r(apache_get_modules());
?>

and loading on browser. There is a separate Apache module named mov_info, which is not enabled by default for security. We need not to enable that module. Run a search on apt :

Vim
1
apt-cache search mod-security2

You’ll get the information :

Vim
1
libapache2-mod-security2 - Tighten web applications security for Apache

You can install with :

Vim
1
apt install libapache2-mod-security2

This is the homepage of that module :

Vim
1
http://www.modsecurity.org

Read documents later. There is a supplied sample file :

Vim
1
cat /etc/modsecurity/modsecurity.conf-recommended

Simply rename the file :

Vim
1
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Create the blank log file :

Vim
1
/var/log/apache2/modsec_audit.log

After some time, run cat :

Vim
1
cat /var/log/apache2/modsec_audit.log

Web software like WordPress needs to have plugin or settings correct for this module. You’ll also get logs of the intrusions stopped by WordPress plugin IP Geo block. You should check the manual, the common config for virtual host is like this :

Vim
1
2
3
4
5
6
7
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream
SecDataDir /tmp
</IfModule>

The module mod_evasive is for preventing DDoS. We can install by :

Vim
1
apt install libapache2-mod-evasive

If you installed Apache in our way, mod_evasive will be active by default. If you run :

Vim
1
a2enmod evasive

The configuration file is here :

Vim
1
/etc/apache2/mods-enabled/evasive.conf

Making the settings like this will work fine :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
 
    #DOSEmailNotify      you@yourdomain.com
    DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/mod_evasive"
</IfModule>

Create the directories and give permission :

Vim
1
2
mkdir /var/log/mod_evasive
chown www-data /var/log/mod_evasive

Open :

Vim
1
nano /etc/apache2/apache2.conf

Near end of file add these to whitelist own server :

Vim
1
2
DOSWhitelist 127.0.0.1
DOSWhitelist 127.0.0.*

Restart Apache :

Vim
1
systemctl restart apache2

This blog is official website of the above module :

Vim
1
https://www.zdziarski.com/blog/

Now, if PHP is running, then open PHP file :

Vim
1
nano /etc/php/7.0/apache2/php.ini

Make sure the directives are present and like this :

Vim
1
2
3
4
5
6
7
8
9
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
display_errors = Off
track_errors = Off
html_errors = Off
magic_quotes_gpc = Off
mail.add_x_header = Off
session.name = NEWSESSID

Restart Apache :

Vim
1
systemctl restart apache2

We can set directory browsing off from virtual hosts with Options -Indexes like settings :

Vim
1
2
3
<Directory /var/www/html>
Options -Indexes -FollowSymLinks -ExecCGI -Includes
</Directory>

And from Apache main config file :

Vim
1
2
    AllowOverride None
    Require all granted

However, it is not recommended to override Apache’s default behaviour from Apache’s main config file, instead adding and empty index.html or index.php in the directories is another way.

Tagged With apache 2 hardening , paperuri:(b6d7508c4948ec9ba4682f7ccd2ab8bf) , apache2 ubuntu hardening , harden apache ubuntu , hardening apache web server ubuntu 16 04 , ubuntu 16 04 apache hardening , how to harden apache 2 4 on ubuntu 16 o4 LTS , hardening apache on ubuntu16 04 , apache2 hardening on ubntu16 04 , apache server security in ubuntu server

This Article Has Been Shared 492 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

  • What is ModSecurity? Why Should We Use ModSecurity

    ModSecurity is an open-source web application firewall. It is available as a module for the Apache Server, and also Microsoft IIS and Nginx web server. It provides a rule configuration language (SecRules) for real-time monitoring, logging, and filtering of HTTP communications. ModSecurity is probably most commonly used to add protection against general vulnerabilities using the […]

  • How to Install and Configure ModSecurity for WordPress

    In an earlier article, we published an introduction on mod security. While there are many good reasons to use mod security, this module adds complexity to any WordPress installation. This guide is based on the official directions for WordPress to create a window so that a WordPress user can edit any post, and upload media. […]

  • Set Up mod_security And fail2ban To Create Anti-Spam Filter

    Here is How To Set Up mod_security And fail2ban To Create Anti-Spam Filter For Web Software Auch as WordPress, Forum Software.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us
Page Visits Alerts

Recent Posts

  • How Can I Take Better Pictures With My Samsung Galaxy S23 Ultra?May 30, 2023
  • What is Document Object Model (DOM)May 30, 2023
  • Configure WordPress to Send Emails Using mSMTPMay 29, 2023
  • Easily Set Up Email with SMTP on Ubuntu ServerMay 29, 2023
  • How to Install and Configure mod_evasive on Ubuntu for WordPressMay 28, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)," in The Customize Windows, June 5, 2017, May 31, 2023, https://thecustomizewindows.com/2017/06/harden-apache2-servers-security-ubuntu-16-04-lts/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT