Apache Security Configuration suggestions

Apache Security Configuration suggestions

Apache Security Configuration suggestions are as follows:
1. Try to install the new version of Apache
2. disable unnecessary modules, find the loadModule line of httpd. conf, and comment out unnecessary modules #.
3. Set the owner of the bin, conf, and logs directories of Apache to root with the permission of 755.
4. run Apache as a dedicated user and configure httpd. conf
User www-data
Group www-data
5. Disable directory indexing and disable server SSI inclusion

<Directory /var/www/html>    Options -Indexes -Includes</Directory> 

6. overload of directory configuration files is prohibited.
<Directory/>
AllowOverride None
</Directory>
7. only access to the specified directory is allowed. Disable access to the root directory, and then grant the access permission to the directories that require user access.
 

<Directory />       Order deny,allow       Deny from all</Directory><Directory "/var/www/www.example.com">       Order allow,deny       Allow from all

</Directory>
8. Hide features without displaying Web Server types and versions
ServerSignature Off
ServerTokens Prod
9. Directory Access restrictions. You can set important directories to only allow access by specific IP addresses.

<Directory "/var/www/www.example.com/admin">    order deny,allow    deny from all    allow from 10.1.0.0/16</Directory>