Apache Hardening

Running a web server is straightforward, but keeping it secure is where the real challenge lies. Apache configuration is key to securing and maintaining your web server. Fine-tuning and adjusting its settings allows you to restrict network behaviour and protect your server from various types of attacks.

Hardening Apache is a smart decision, and it’s not overly complicated to implement. A security analyst can guide you on what to look out for and how to safeguard your server effectively.

It’s important to note that while Apache plays a critical role in server security, it is not responsible for input sanitisation. For example, consider SQL Injection attacks, where a user might attempt to log in using commands like 'OR 1=1--'. These attacks target the application itself, not the server. However, Apache can help mitigate such attacks to some extent when paired with modules like mod_security, which can filter and block malicious requests before they reach your application.

As with all areas of cybersecurity, the topic is vast and goes far beyond input sanitisation. While some basic checks can be performed at the HTML or application level, hardening Apache allows you to focus on securing the server itself, reducing the risk of exploits and providing a safer environment for your web applications.

Remember, Apache’s primary role is to deliver your website across a network, and its security features are meant to protect the server and its communication—not replace proper application-level defences.

1. Keep Apache Updated Always run the latest version to fix security issues:

          sudo apt update && sudo apt upgrade
          

2. Hide Server Info Stop Apache from showing its version and OS details: Edit security.conf and add:

          ServerSignature Off
          ServerTokens Prod
          

3. Use HTTPS (SSL/TLS) Encrypt traffic with a free Let’s Encrypt certificate:

          sudo apt install certbot python3-certbot-apache
          sudo certbot --apache
          

4. Disable Directory Listing Prevent visitors from browsing your folders: Add this to your site config:

          Options -Indexes
          

5. Add Basic Security Headers Protect against common web attacks:

          Header always set X-Frame-Options "SAMEORIGIN"
          Header always set X-Content-Type-Options "nosniff"
          Header always set X-XSS-Protection "1; mode=block"
          

✅ Result: Your Apache server is encrypted, hides sensitive info, and resists common attacks — all with just a few simple commands.