zeldor.biz

Linux, programming and more

Secure Apache2

by 2 Comments

By default apache shows on each directory listing, error or non existing page etc. apache version, OS Version and some apache modules in the bottom of your site.

Attackers can use this information to their advantage when performing an attack.
I describe a little bit how to secure apache2, to prevent the showing of apache version and server strings.

1

vim /etc/apache2/conf.d/security

Configuration should be:

2
3
4

ServerTokens Prod
ServerSignature Off
TraceEnable Off

Restart apache:

1

/etc/init.d/apache2 restart

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Trackbacks

  1. […] (port 143 on host 78.47.220.107) – Disable server string of apache Apache/2.2.14 (Ubuntu), server should be quiet – Hide sensible php information (PHP/5.3.2-1ubuntu4.9) (expose_php), disable it – I […]

  2. […] closed (port 143 on host 78.47.220.107) – Disable server string of apache Apache/2.2.14 (Ubuntu), server should be quiet – Hide sensible php information (PHP/5.3.2-1ubuntu4.9) (expose_php), disable it – I dont know any […]

Leave a Reply

Your email address will not be published. Required fields are marked *