Securing Apache2 and how to secure your apache config
Securing Apache2 and how to secure your apache config
Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf
Securing Apache2 and how to secure your apache config
Posted on 2019-07-01 by Peter Bassill in category Guides.
Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf:
ServerTokens FullServerSignature OnTraceEnable OffFileETag None<# Do Header stuffHeader unset Pragma>Header unset ETagHeader always set x-xss-protection "1; mode=block"Header always append X-Frame-Options SAMEORIGINHeader always set X-Content-Type-Options nosniffHeader set Referrer-Policy "no-referrer"Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" SSLCipherSuite HIGH:!MEDIUM:!RSA:!aNULL:!MD5:!SEED:!IDEA SSLProtocol ALL -TLSv1.1 -TLSv1 -SSLv2 -SSLv3 SSLHonorCipherOrder On SecServerSignature "web" Include /usr/share/modsecurity-crs/*.conf Include /usr/share/modsecurity-crs/activated_rules/*.conf
Get in Touch
Kindly fill the form and we will get back to you.
