CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

6 Effective Tips To Secure A Apache Web Server

Table of Contents

Apache HTTP Server commonly known as Apache web server is running since 1999 but in 2009 it became the first web server software to surpass the 100 million web site milestone.
It is a power and flexible HTTP server and it provides many features like DBMS (Database Management System), Content negotiation and Virtual host etc. It is an open source and developed by an open source community, apache is available for various operating system including Windows, Linux,MAC, Solaris and FreeBSD etc.
Well the aim of this article is not about to introduce you with apache, the main purpose of this article is to discuss the security variants in apache server. Below are the some effective tips to secure a apache server.  
Keep It Current
This is the key point to secure any server and machine on the web is to up to date, make sure that you are running the latest version and make to patch all the software’s running on your server. The best practise is to subscribe to the Apache HTTP Server Announcements List where you apache community share the new version and security update.
Hide The Apache Version Number
As apache is very common on web master that is why security researcher research on the security of apache and there are different websites that will announce and post the exploit for different version of apache, if a hacker knows about your apache server than he/she might be find any exploit and your server might be compromised so it is good to hide your software version.    


To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your web server using the following command
#/etc/init.d/apache2 restart
Now the output for apache header looks like below

Protecting System Settings

You have to secure your .htaccess files because it contain all the security information of your server. In server config file put  

<Directory />
AllowOverride None
</Directory>

Turn Off Server Side Includes 
Goto the option than Directory tag set option to either none or -includes
Options -Includes
 
Turn Off CGI Execution  
If you are not using CGI than it is recommended to turn it off, Goto the  
option than Directory tag  set option to either none or -ExecCGI
Options -ExecCGI
Limit Access To Certain Files 
Your visitor(s) should not allowed to visit the server files, you can limit their access by changing in .htaccess file
<FilesMatch ".(.*sql|.*~)$">
  Order deny,allow
  Deny from all
</FilesMatch> 
by this command users will not allowed to go on SQL side files.
Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

What Proxies Are For

When you cannot access certain sites or hide your identity, you need a tool for that. For example, the USA proxies are in demand among

March 24, 2022

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training