Keep It Current
This is the key point to secure
any server and machine on the
web is to up to date, make sure
that you are running the latest
version and make to patch all
the software's running on your
server. The best practise is to
subscribe to theApache HTTP
Server Announcements List
where you apache community
share the new version and
security update.
Hide The Apache Version
Number
As apache is very common on
web master that is why
security researcher research on
the security of apache and
there are different websites
that will announce and post the
exploit for different version of
apache, if a hacker knows
about your apache server than
he/she might be find any
exploit and your server might
be compromised so it is good to
hide your software version.
To hide the information, add
the following two apache
directives in Apache
configuration file /etc/apache2/
apache2.conf
ServerTokens ProductOnly
ServerSignature Off
Now you need to restart your
web server using the following
command
#/etc/init.d/apache2 restart
Now the output for apache
header looks like below
Protecting System Settings
You have to secure your
.htaccess files because
it contain all the security
information of your server. In
server config file put
AllowOverride
None
Turn Off Server Side Includes
Goto the option than Directory
tag set option to either none or
-includes
Options -Includes
Turn Off CGI Execution
If you are not using CGI than it is recommended to turn it off, Goto the
option than Directory tag set option to either none or -ExecCGI
Options -ExecCGI
Limit Access To Certain Files
Your visitor(s) should not
allowed to visit the server files,
you can limit their access by
changing in .htaccess file
Order deny,allow
Deny from all
by this command users will not allowed to go on SQL side files.