How To Secure and Hardening Apache Web Server On Ubuntu 20.04

We can secure and configure apache web server security hardening on ubuntu 20.04. Let’s see, how to secure the apache2 server on ubuntu. you need to secure your Apache web server to protect the server. so

There’re lots of vulnerabilities available on the apache server. we need to solve them and secure the server as much as we can. We’ve tried to cover almost known vulnerabilities to protect. so

Prerequisite: so

  • You must have the latest Apache server installed.
  • You must know how to inspect the website on the browser.
  • We need to have a backup copy of apache2.conf and security.conf file.

Check Out: How To Install and Configure ModSecurity On Ubuntu 20.04

How To Secure and Hardening Apache Web Server On Ubuntu 20.04

First of all, you should aware of how to inspect the website on the browser. I will show you how to do that. so

1. Hide Apache Version and Operating System:

Open your website on the browser and then press “ctrl+shift+i“. This will open the “Inspect window“.

apache server hardening ubuntu

As you can see the server Apache 2.4 and OS is ubuntu at the right side tab. To hide this information, we need to add these two parameters in the /etc/apache2/conf-enabled/security.conf file.

ServerTokens Prod
ServerSignature Off

When you added these two parameters in the file then save the file and reload the apache service.

sudo systemctl reload apache2

Check Out: How To Install and Configure Fail2ban On Ubuntu 20.04

2. Disable the Directory Listing:

Now, we need to disable the directory listing in our wp-includes folder. Be default, the directory listing in the webroot is enabled. We need to disable it.

ubuntu apache secure

By default, Apache is configured to follow symlinks which are not recommendable. So, we need to disable it by replacing the below code. 

Options -Indexes -FollowSymLinks

secure apache ubuntu

Then reload the apache service and check the URL again. you will get forbidden permission denied. The below URL depends on your WordPress webroot path.

http://IPordomain_name/wp-includes

apache server hardening secure on ubuntu

3. Secure Apache using mod_security and mod_evasive modules:

Mod_Security: it acts as the firewall for your web application or website. you can configure the mod security on ubuntu 20.04. you need to install mod security using the below command and reload the apache service.

sudo apt install libapache2-mod-security2
sudo systemctl reload apache2

Check Out: Create Routing Table On AWS Cloud Using CLI On Windows

Mod_evasive: This helps us to protect against DDOS and HTTP brute force attacks. It detects the attaches whenever So many requests coming on the server per second then it blocks the IP address for temporary if the new request still coming.

sudo apt install libapache2-mod-evasive
sudo systemctl reload apache2

4. Disable Trace HTTP Request:

By default, HTTP Trace is enabled that allows Cross-site tracing. The hacker can easily steal the cookie’s information using this method. when we disable HTTP trace request makes the mod_proxy and core server returns the ” 405- a method not allowed” error to the client.

Disable it using the below parameter in the /etc/apache2/conf-enabled/security.conf file and reload the apache service.

TraceEnable Off

5. Hiding Etag: This tag keeps vital information and needs to disable. you can add the below parameter in this vim /etc/apache2/conf-enabled/security.conf file and reload the service.

FileETag none

Check Out: How To View The Content of Compressed Files On Linux

6. Secure Apache from XSS attacks: Make sure you have enabled XSS header in your ubuntu apache server using the below header in the vim /etc/apache2/conf-enabled/security.conf file and reload the apache service.

Before applying this header, you need to enable the mod_header in the apache server using the below command then add the header in the security.conf file. 

a2enmod headers
systemctl restart apache2
Header set X-XSS-Protection "1; mode=block"

Check if it’s enabled, you need to check it on the browser in the Network -> header section and look for “X-XSS Protection” as shown in the below figure.

7. Secure “HTTPOnly flag” To Secure Cookies:

You can easily protect your apache server from Cross-Site Scripting attacks by using the “HTTPOnly” and “Secure flags” for cookies.   You need to add the below line in vim /etc/apache2/conf-enabled/security.conf file and reload the apache service.

Use the below line for apache 2.4.

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

Use the below line for the apache version lower than 2.4.

Header set Set-Cookie HttpOnly;Secure

Check Out: How To Install PHPMyAdmin For Accessing Database On CentOS 7

8. Turn off Server Side Includes and CGI Execution: This is recommended to disable SSI and CGI when it’s not required. you can add the following lines in the /etc/apache2/apache2.conf file and reload the service. 

<Directory /var/www/>
     Options -Indexes -FollowSymLinks -Includes -ExecCGI
     AllowOverride None
     Require all granted
</Directory>

For a particular directory, use the below command. Suppose /var/www/html/directory then add the below code. 

 Options  -Includes -ExecCGI

9. Protect from Clickjacking Attack:

This is also known as UI redress attack. It means forcing a user to click on which the attacker wants him to click to perform the desired malicious activity. To protect, such an attack we need to add the below header in the /etc/apache2/conf-enabled/security.conf file and save the file.

Header always append X-Frame-Options: "sameorigin"

That’s it. secure and hardening apache apache2

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

2 thoughts on “How To Secure and Hardening Apache Web Server On Ubuntu 20.04”

Leave a comment