Installing and Securing Apache

1 min read Web Security Fundamentals

Installing and Securing Apache

When installing Apache, start with a minimal configuration and add only required modules. For Ubuntu/Debian:

sudo apt install apache2
sudo systemctl stop apache2  # Stop before configuring

# Disable unnecessary modules
sudo a2dismod autoindex status info userdir

# Enable security modules
sudo a2enmod ssl headers rewrite security2

Configure Apache security settings in /etc/apache2/conf-enabled/security.conf:

# Hide Apache version
ServerTokens Prod
ServerSignature Off

# Prevent clickjacking
Header always append X-Frame-Options SAMEORIGIN

# Prevent MIME type sniffing
Header always set X-Content-Type-Options nosniff

# Enable XSS protection
Header always set X-XSS-Protection "1; mode=block"

# Disable TRACE method
TraceEnable Off

# Set secure file permissions
<Directory />
    Options None
    AllowOverride None
    Require all denied
</Directory>

# Timeout settings
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5