Securing Apache Web Server

Here is some of my advice on what would provide a more secure Apache server:

  • Patch your server and try to keep it as up to date as possible.
  • Remove all sample scripts of add-on modules (mod_php, mod_cgi, mod_perl, etc.).
  • If running PHP, CGI, and other script languages, consider using suEXEC, a wrapper program called by Apache to allow it to call scripts from a different user ID than the one it uses for Apache.
  • Don’t allow uploads of any scripts into your web server by untrusted parties.
  • Read about all vulnerabilities of any open-source projects that you install, such as PHPBB forums, for example.
  • Don’t run the web server as root. Create a user with minimal rights to run the web server.
  • Modify the response token for your web server. It’s harder for an attacker to bring it down when he or she doesn’t know what web server you are running.

Leave a Reply

Your email address will not be published. Required fields are marked *