Tutorial Comments FAQ Related Articles

How to Secure Apache Web Server on Linuxmint 18.03

5299

Securing Apache Web Server on Linuxmint 18.03

Securing your web server is very important, it means allowing others to see only the intended information & protecting your data and restricting access.

Installation

Install the apache web server

linuxhelp ~ # apt-get install apache2 -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap liblua5.1-0
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  .
.
.
Enabling module negotiation.
Enabling module setenvif.
Enabling module filter.
Enabling module deflate.
Enabling module status.
Enabling conf charset.
Enabling conf localized-error-pages.
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.
Processing triggers for libc-bin (2.23-0ubuntu9) ...
Processing triggers for systemd (229-4ubuntu21) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for ufw (0.35-0ubuntu2) ...

Start and enable the apache service

linuxhelp ~ # systemctl start apache2
linuxhelp ~ # systemctl enable apache2
apache2.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable apache2

You can also verify by navigating to the Following URL http://domainname or ip adderss

Hiding Apache version and OS information:

Apache displays its version and the name of the operating system along with the error code to outside World so thats one of the security flaw and it must be hidden

Open the default apache configuration file & add the following line

linuxhelp ~ # vim /etc/apache2/apache2.conf 
ServerTokens Prod
ServerSignature Off

Restart the apache service.

linuxhelp ~ # systemctl restart apache2.service

Now access the Browser URL: http://domainname/g or ip address/g

Disable Directory Listing

If your document root directory does not have an index file, by default your apache web server will show all the content of the document root directory.

Switch to /var/www location then create some Directory and files

linuxhelp ~ # cd /var/www/
linuxhelp www # mkdir data html
linuxhelp www # touch f1 file

configure the virtual host. create test.conf file on following location.

linuxhelp www # vim /etc/apache2/sites-available/test.conf
<virtualhost *:80>
servername linuxhelp1.com
Documentroot /var/www/
<Directory /var/www/>
Allow from all
</Directory>
</virtualhost>

Enable the site access

linuxhelp www # a2ensite test.conf 
Enabling site test.
To activate the new configuration, you need to run:
service apache2 reload

restart the apache service

linuxhelp www # systemctl restart apache2.service

Now access the Browser

As you see the Directories are listed so open the configuration file, add the following line and save & quit the file

linuxhelp www # vim /etc/apache2/sites-available/test.conf
<virtualhost *:80>
servername linuxhelp1.com
Documentroot /var/www/
<Directory /var/www/>
Allow from all
Options -Indexes
</Directory>
</virtualhost>

restart the apache service

linuxhelp www # systemctl restart apache2.service

Now access the Browser

Limiting request size

Apache does not have any restriction on the total size of the http request that could lead to a DoS attack. You can limit the request size of an Apache directive “LimitRequestBody” with the directory tag. The value could be set anything from 0 to 2 GB (i.e. 2147483647 bytes) as per your requirement.

Open the apache default configuration file, here add the following line,

linuxhelp www # vim /etc/apache2/apache2.conf 
   LimitRequestBody 512000

restart the apache service

linuxhelp www # systemctl restart apache2.service

With this, the method to Secure Apache Web Server on Linuxmint 18.03 comes to an end

Tags:

Author:

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

What is meant by .htaccess Files on Apache?

It is better to forbid the creation of .htaccess files as they are configured in the directory level and can override the security settings.

What is Apache Web server and how it works?

Apache Web Server and its overall working in detail. Apache Web Server is an open source software that creates, deploys and manages the overall functioning of the web server. Apache can serve both dynamic as well as static contents.

What is the difference between httpd and Apache?

httpd is the same as apache2. It depends on the OS you use. For example, in RHEL 6.2 it is called httpd and in Ubuntu, it is called apache2. The directives used in apache2 and httpd config files are slightly different, as well as the directory structure.

What is the use of Weblogic Server?

It manages system-level details so you can concentrate on business logic and presentation. WebLogic Server contains Java 2 Platform, Enterprise Edition (J2EE) technologies. J2EE is the standard platform for developing multitier enterprise applications based on the Java programming language.

What is Web server ?

A Web server is a program that uses HTTP (Hypertext Transfer Protocol) to serve the files that form Web pages to users, in response to their requests, which are forwarded by their computers' HTTP clients. Dedicated computers and appliances may be referred to as Web servers as well.

Related Forums in How to Secure Apache Web Server on Linuxmint 18.03

How To Completely Remove Apache package On CentOS 7.6

May 14, 2019

How to disable apache welcome page on Ubuntu

Dec 15, 2018

Apache2 : mod_proxy in opensuse

Jan 3, 2018

What is the difference between httpd and apache

Feb 18, 2017

Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/m/mysql-8.0/mysql-client-core-8.0_8.0.21-0ubuntu0.20.04.4_amd64.deb 404 Not Found

Dec 4, 2020

Unrecognized option: security In MongoDB 4.0.11 On CentOS 7.6

Aug 31, 2019

Complete beginner, install bluegriffon

Jul 1, 2020

How to install Apache GUI

Feb 24, 2017

Related News in How to Secure Apache Web Server on Linuxmint 18.03

A Newer and a Faster Window Manager for Tina (Linux Mint 19.2)

Apr 9, 2019

5 Best Secure and Private Web Browsers to Look Our For

Nov 24, 2018

Linux Mint 18.2 Ubuntu based Operating System is named Sonya

May 2, 2017

Refreshed Linux Mint Debian Edition (LMDE) 2 'Betsy' ISO images now available

Mar 14, 2017

The Best Linux Operating System is in the house: Mint 18.2

Aug 12, 2017

Linux Mint 18.1 released with smooth features and offers long-term support

Apr 11, 2017

RoboCyberWall created to block Linux Server Hacks

Oct 5, 2017

Attackers take advantage of Apache Struts vulnerabilities

Mar 17, 2017

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31040

Top Contributers

muhammadali

24500

Can you help Ganesh Konka ?

Zentya 6.1 http proxy configuration

please send link for creating zentyal 6.1 for http proxy and firewall as gateway.

Related Tutorials in How to Secure Apache Web Server on Linuxmint 18.03

Related Tutorials in How to Secure Apache Web Server on Linuxmint 18.03

Related Forums in How to Secure Apache Web Server on Linuxmint 18.03

Related Forums in How to Secure Apache Web Server on Linuxmint 18.03

Related News in How to Secure Apache Web Server on Linuxmint 18.03

Related News in How to Secure Apache Web Server on Linuxmint 18.03