• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

By Abhishek Ghosh June 5, 2017 9:58 pm Updated on June 5, 2017

Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

Advertisement

In previous guide, we written how to get started with a blank server, configure Apache for HSTS and how to configure IPTables. This guide is applicable for cloud, dedicated & virtual dedicated server. Here is a detailed guide on how to harden Apache2 server’s security on Ubuntu 16.04 LTS.

Harden Apache2 Server's Security Ubuntu 16.04 LTS

 

Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

 

The default settings file of Apache is located at :

Vim
1
/etc/apache2/apache2.conf

And Apache2 security file located at :

Advertisement

---

Vim
1
/etc/apache2/conf-available/security.conf

We can test configuration by running :

Vim
1
apachectl -t

Restart Apache2 webserver by :

Vim
1
systemctl restart apache2

Open :

Vim
1
nano /etc/apache2/conf-available/security.conf

Find these verbs and change then like written below, if some entry not present, add it :

Vim
1
2
3
4
5
6
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Header unset ETag
Header always unset X-Powered-By
FileETag None

It will take some time to find the settings and modify. Save the file. Run apachectl -t and run :

Vim
1
systemctl restart apache2

Why we did the above changes? To hide Apache Version and operating system identity which are available from error pages like 404. When we get 404, the web page displays the version of Apache web server installed on your server with the name of operating system name. Sometimes the information about Apache modules also become obvious. The above changes will not show up the informations.

Second part is installing and activating two modules – mod_security and mod_evasive. Of course you need to know the way to check which Apache modules are enabled. This is possible by running this command when Apache is running :

Vim
1
apachectl -M

Or :

Vim
1
a2query -m

When Apache is not running. There are other ways like creating a PHP info file or a PHP file with the content :

Vim
1
2
3
<?php
print_r(apache_get_modules());
?>

and loading on browser. There is a separate Apache module named mov_info, which is not enabled by default for security. We need not to enable that module. Run a search on apt :

Vim
1
apt-cache search mod-security2

You’ll get the information :

Vim
1
libapache2-mod-security2 - Tighten web applications security for Apache

You can install with :

Vim
1
apt install libapache2-mod-security2

This is the homepage of that module :

Vim
1
http://www.modsecurity.org

Read documents later. There is a supplied sample file :

Vim
1
cat /etc/modsecurity/modsecurity.conf-recommended

Simply rename the file :

Vim
1
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

Create the blank log file :

Vim
1
/var/log/apache2/modsec_audit.log

After some time, run cat :

Vim
1
cat /var/log/apache2/modsec_audit.log

Web software like WordPress needs to have plugin or settings correct for this module. You’ll also get logs of the intrusions stopped by WordPress plugin IP Geo block. You should check the manual, the common config for virtual host is like this :

Vim
1
2
3
4
5
6
7
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml application/octet-stream
SecDataDir /tmp
</IfModule>

The module mod_evasive is for preventing DDoS. We can install by :

Vim
1
apt install libapache2-mod-evasive

If you installed Apache in our way, mod_evasive will be active by default. If you run :

Vim
1
a2enmod evasive

The configuration file is here :

Vim
1
/etc/apache2/mods-enabled/evasive.conf

Making the settings like this will work fine :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
 
    #DOSEmailNotify      you@yourdomain.com
    DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/mod_evasive"
</IfModule>

Create the directories and give permission :

Vim
1
2
mkdir /var/log/mod_evasive
chown www-data /var/log/mod_evasive

Open :

Vim
1
nano /etc/apache2/apache2.conf

Near end of file add these to whitelist own server :

Vim
1
2
DOSWhitelist 127.0.0.1
DOSWhitelist 127.0.0.*

Restart Apache :

Vim
1
systemctl restart apache2

This blog is official website of the above module :

Vim
1
https://www.zdziarski.com/blog/

Now, if PHP is running, then open PHP file :

Vim
1
nano /etc/php/7.0/apache2/php.ini

Make sure the directives are present and like this :

Vim
1
2
3
4
5
6
7
8
9
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
display_errors = Off
track_errors = Off
html_errors = Off
magic_quotes_gpc = Off
mail.add_x_header = Off
session.name = NEWSESSID

Restart Apache :

Vim
1
systemctl restart apache2

We can set directory browsing off from virtual hosts with Options -Indexes like settings :

Vim
1
2
3
<Directory /var/www/html>
Options -Indexes -FollowSymLinks -ExecCGI -Includes
</Directory>

And from Apache main config file :

Vim
1
2
    AllowOverride None
    Require all granted

However, it is not recommended to override Apache’s default behaviour from Apache’s main config file, instead adding and empty index.html or index.php in the directories is another way.

Tagged With apache 2 hardening , paperuri:(b6d7508c4948ec9ba4682f7ccd2ab8bf) , apache2 ubuntu hardening , harden apache ubuntu , hardening apache web server ubuntu 16 04 , ubuntu 16 04 apache hardening , how to harden apache 2 4 on ubuntu 16 o4 LTS , hardening apache on ubuntu16 04 , apache2 hardening on ubntu16 04 , apache server security in ubuntu server

This Article Has Been Shared 765 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)

  • Cloud Software or Own Purchased Software on Own Server

    Cloud Software or Own Purchased Software on Own Server, which method is best suited for successful collaboration in business in uncomplicated data exchange.

  • OpenNebula : Open Source Cloud Management Platform

    OpenNebula is an Open Source Cloud Management Platform which provides cloud toolkit for managing specifically the distributed data center infrastructures.

  • Checklist for Secure Cloud Computing

    Checklist for secure Cloud Computing preliminary answers and support the decision makers in reviewing the many traded on the market solutions for collaboration.

  • HTML5, WordPress and Cloud : What We Learnt From Redesign

    HTML5, WordPress and Cloud – with new redesign,not complete yet at the time of publishing this post we learnt important points with this old blog with 5K posts.

  • What is PaaS (Platform as a Service) : Video Guide

    What is PaaS or Platform as a Service has been explained through this video guide in simple English to make it easier to any level of reader.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Cutting Out The Coding: Serverless Computing In Action May 24, 2022
  • Types of Blackjack Variants: Discover the Different Versions of the Game May 23, 2022
  • How Cloud, Robotics And Sensor Technologies Are Changing The Business Landscape May 23, 2022
  • Modernizing Your Business With a Hybrid Cloud Strategy May 22, 2022
  • Big Data in Sports May 20, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Harden Apache2 Server’s Security (Ubuntu 16.04 LTS)," in The Customize Windows, June 5, 2017, May 25, 2022, https://thecustomizewindows.com/2017/06/harden-apache2-servers-security-ubuntu-16-04-lts/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy