Basic Apache Web Server Security

A basic security setup for your Apache webserver.

If there is the possibility of configuring Apache on the server-side, perhaps in your Virtual Machine, or on a

Basic Apache Web Server Security


In the Ubuntu console type:

~:$ cd /etc/apache2/conf.d 
~:$ sudo vi security

In other environments, you can add the following lines to httpd.conf

~:$ sudo vi /etc/apache2/httpd.conf

Add the following code

ServerTokens Prod
ServerSignature Off
TraceEnable Off

Check if the configuration returns no errors.

~:$ sudo apache2ctl configtest

Reload the web server configuration.

~:$ sudo service apache2 reload

Test the changes with the following command:

curl -I http://nomedominio/
HTTP/1.1 200 OK
Date: Wed, 09 Dec 2015 17:57:36 GMT
Server: Apache
Cache-Control: max-age=3600
Expires: Wed, 09 Dec 2015 18:57:36 GMT
Content-Type: text/html; charset=UTF-8