How to secure apache server on ubuntu

How to secure apache server on ubuntu

Autopublished from RSS Original article

There are several steps you can take to secure an Apache server running on Ubuntu:

Enable mod_security

Mod Security is an open source web application firewall (WAF) module for Apache. It can help detect and prevent attacks like SQL injection, cross-site scripting (XSS), path traversal, etc.

To install and enable Mod Security on Ubuntu, run:

sudo apt install libapache2-mod-security sudo a2enmod security2 sudo service apache2 restart

You’ll then need to configure Mod Security rules to define what attacks to detect and block.

Restrict file permissions

Make sure the files and folders owned by Apache have restricted permissions:

sudo chown -R www-data:www-data /var/www sudo chmod -R 755 /var/www

The www-data user is the default Apache user on Ubuntu. Only give read/write access to files that Apache needs to modify.

Disable directory browsing

Directory browsing allows people to view the files in a folder if no index file is present. This can expose sensitive files, so it’s best to disable it:

“`bash
sudo a2dismod autoindex
sudo service apache2 restart

Use HTTPS

Always serve your website over HTTPS to encrypt traffic and protect against MITM attacks. On Ubuntu, you can enable HTTPS using Let's Encrypt:

bash
sudo apt install letsencrypt
sudo letsencrypt –apache

Follow the prompts to configure a domain name and certificate. Apache will then automatically redirect HTTP requests to HTTPS.

Limit Apache modules

Only enable Apache modules that are required. Disable unused modules to reduce the attack surface:

bash
sudo a2dismod status
sudo a2dismod info
sudo a2dismod userdir
sudo service apache2 restart
“`

You can also use apache2ctl -M to list all loaded modules and disable any that are unnecessary.

Hope this helps! Let me know if you have any other questions.

Did you find this article valuable?

Support Abhay Singh by becoming a sponsor. Any amount is appreciated!