The following tips are things you can do to make your apache server more secure.
Before you begin to follow the tips below, locate your apache’s configuration files first. Common places for apache’s configuration files are: /etc/apache2/apache2.conf, /etc/apache2/httpd.conf and /etc/apache2/sites-enabled/000-default.
Before you make any changes, MAKE BACKUP COPIES OF YOUR FILES.
Here we go:
1. Install latest security updates
2. Run Apache under its own user and group. Ex. apache:apache
3. Restrict Access outside the document root(directory /var/www/ varies)
<Directory /> Order Deny,Allow Deny from all Options None AllowOverride None </Directory> <Directory /var/www/> Order Allow,Deny Allow from all </Directory>
4. Turn Off: CGI execution, Directory Browsing, Server side includes, Symbolic links
<Directory /var/www/> Order Allow,Deny Allow from all Options -Indexes -Includes -FollowSymLinks -ExecCGI </Directory>
5. Turn Off .htaccess support if you don’t need it
6. Disable any unused modules
7. Limit Timeout value
Locate and change the line Timeout 300 to Timeout something_smaller_than_300
ex Timeout 50
8. Limit request size
add directive LimitRequestBody with a size of your choise. Default is unlimited!
9. Install mod_security module
10. Hide Apache’s version number