Apache Security Configuration suggestions
Apache Security Configuration suggestions are as follows:
1. Try to install the new version of Apache
2. disable unnecessary modules, find the loadModule line of httpd. conf, and comment out unnecessary modules #.
3. Set the owner of the bin, conf, and logs directories of Apache to root with the permission of 755.
4. run Apache as a dedicated user and configure httpd. conf
User www-data
Group www-data
5. Disable directory indexing and disable server SSI inclusion
<Directory /var/www/html> Options -Indexes -Includes</Directory>
6. overload of directory configuration files is prohibited.
<Directory/>
AllowOverride None
</Directory>
7. only access to the specified directory is allowed. Disable access to the root directory, and then grant the access permission to the directories that require user access.
<Directory /> Order deny,allow Deny from all</Directory><Directory "/var/www/www.example.com"> Order allow,deny Allow from all
</Directory>
8. Hide features without displaying Web Server types and versions
ServerSignature Off
ServerTokens Prod
9. Directory Access restrictions. You can set important directories to only allow access by specific IP addresses.
<Directory "/var/www/www.example.com/admin"> order deny,allow deny from all allow from 10.1.0.0/16</Directory>