How to secure apache server on ubuntu

Blog By Aug 29, 2023 No Comments

There are several steps you can take to secure an Apache server running on Ubuntu:

Enable mod_security

Mod Security is an open source web application firewall (WAF) module for Apache. It can help detect and prevent attacks like SQL injection, cross-site scripting (XSS), path traversal, etc.

To install and enable Mod Security on Ubuntu, run:

sudo apt install libapache2-mod-security
sudo a2enmod security2
sudo service apache2 restart

You’ll then need to configure Mod Security rules to define what attacks to detect and block.

Restrict file permissions

Make sure the files and folders owned by Apache have restricted permissions:

sudo chown -R www-data:www-data /var/www
sudo chmod -R 755 /var/www 

The www-data user is the default Apache user on Ubuntu. Only give read/write access to files that Apache needs to modify.

Disable directory browsing

Directory browsing allows people to view the files in a folder if no index file is present. This can expose sensitive files, so it’s best to disable it:

sudo a2dismod autoindex
sudo service apache2 restart

## Use HTTPS

Always serve your website over HTTPS to encrypt traffic and protect against MITM attacks. On Ubuntu, you can enable HTTPS using Let's Encrypt:

sudo apt install letsencrypt
sudo letsencrypt –apache

Follow the prompts to configure a domain name and certificate. Apache will then automatically redirect HTTP requests to HTTPS.

## Limit Apache modules

Only enable Apache modules that are required. Disable unused modules to reduce the attack surface:

sudo a2dismod status
sudo a2dismod info
sudo a2dismod userdir
sudo service apache2 restart

You can also use apache2ctl -M to list all loaded modules and disable any that are unnecessary.

Hope this helps! Let me know if you have any other questions.


I'm Abhay Singh, an Architect with 9 Years of It experience. AWS Certified Solutions Architect.

No Comments

Leave a comment

Your email address will not be published. Required fields are marked *