How to Secure Apache Web Server on Linuxmint 18.03

Securing Apache Web Server on Linuxmint 18.03

Securing your web server is very important, it means allowing others to see only the intended information & protecting your data and restricting access.

Installation

Install the apache web server

linuxhelp ~ # apt-get install apache2 -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap liblua5.1-0
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  .
.
.
Enabling module negotiation.
Enabling module setenvif.
Enabling module filter.
Enabling module deflate.
Enabling module status.
Enabling conf charset.
Enabling conf localized-error-pages.
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for systemd (229-4ubuntu21) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...

Start and enable the apache service

linuxhelp ~ # systemctl start apache2
linuxhelp ~ # systemctl enable apache2
apache2.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable apache2

You can also verify by navigating to the Following URL http://domainname or ip adderss

Hiding Apache version and OS information:

Apache displays its version and the name of the operating system along with the error code to outside World so thats one of the security flaw and it must be hidden

Open the default apache configuration file & add the following line

linuxhelp ~ # vim /etc/apache2/apache2.conf 
ServerTokens Prod
ServerSignature Off

Restart the apache service.

linuxhelp ~ # systemctl restart apache2.service

Now access the Browser URL: http://domainname/g or ip address/g

Disable Directory Listing

If your document root directory does not have an index file, by default your apache web server will show all the content of the document root directory.

Switch to /var/www location then create some Directory and files

linuxhelp ~ # cd /var/www/
linuxhelp www # mkdir data html
linuxhelp www # touch f1 file

configure the virtual host. create test.conf file on following location.

linuxhelp www # vim /etc/apache2/sites-available/test.conf
<virtualhost *:80>
servername linuxhelp1.com
Documentroot /var/www/
<Directory /var/www/>
Allow from all
</Directory>
</virtualhost>

Enable the site access

linuxhelp www # a2ensite test.conf 
Enabling site test.
To activate the new configuration, you need to run:
service apache2 reload

restart the apache service

linuxhelp www # systemctl restart apache2.service

Now access the Browser

As you see the Directories are listed so open the configuration file, add the following line and save & quit the file

linuxhelp www # vim /etc/apache2/sites-available/test.conf
<virtualhost *:80>
servername linuxhelp1.com
Documentroot /var/www/
<Directory /var/www/>
Allow from all
Options -Indexes
</Directory>
</virtualhost>

restart the apache service

linuxhelp www # systemctl restart apache2.service

Now access the Browser

Limiting request size

Apache does not have any restriction on the total size of the http request that could lead to a DoS attack. You can limit the request size of an Apache directive “LimitRequestBody” with the directory tag. The value could be set anything from 0 to 2 GB (i.e. 2147483647 bytes) as per your requirement.

Open the apache default configuration file, here add the following line,

linuxhelp www # vim /etc/apache2/apache2.conf 
   LimitRequestBody 512000

restart the apache service

linuxhelp www # systemctl restart apache2.service

With this, the method to Secure Apache Web Server on Linuxmint 18.03 comes to an end

Tag : Apache Linux Mint Security
FAQ
Q
What is Web server ?
A
A Web server is a program that uses HTTP (Hypertext Transfer Protocol) to serve the files that form Web pages to users, in response to their requests, which are forwarded by their computers' HTTP clients. Dedicated computers and appliances may be referred to as Web servers as well.
Q
What is the use of Weblogic Server?
A
It manages system-level details so you can concentrate on business logic and presentation. WebLogic Server contains Java 2 Platform, Enterprise Edition (J2EE) technologies. J2EE is the standard platform for developing multitier enterprise applications based on the Java programming language.
Q
What is the difference between httpd and Apache?
A
httpd is the same as apache2. It depends on the OS you use. For example, in RHEL 6.2 it is called httpd and in Ubuntu, it is called apache2. The directives used in apache2 and httpd config files are slightly different, as well as the directory structure.
Q
What is Apache Web server and how it works?
A
Apache Web Server and its overall working in detail. Apache Web Server is an open source software that creates, deploys and manages the overall functioning of the web server. Apache can serve both dynamic as well as static contents.
Q
What is meant by .htaccess Files on Apache?
A
It is better to forbid the creation of .htaccess files as they are configured in the directory level and can override the security settings.