Apache Howto - Hardening Apache

Apache Howto - Hardening Apache

Posted by Peter Bassill on 18/12/2018

In my last post I gave you an insight into how I perfect SSL security. In this post I am going to run through how I harden a production apache instance.ModulesThe first thing is to enable the following modules
security2
rewrite
headers
This can be done with the simple command:a2enmod security2 rewrite headersConfiguration FilesThis is the security.cong file from /etc/apache2/conf-available:ServerTokens FullServerSignature OnTraceEnable OffFileETag None# Do Header stuffHeader unset PragmaHeader unset ETag<IfModule mod_ssl.c> SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder On SSLCompression off</IfModule><IfModule security2_module> SecServerSignature "AtariST" Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/activated_rules/*.conf</IfModule>

Contact us



  • Worklab, Europort, Gibraltar

  • +350 540 73836

  • hello@wearehedgehog.com