There are several steps you can take to secure an Apache server running on Ubuntu:
Enable mod_security
Mod Security is an open source web application firewall (WAF) module for Apache. It can help detect and prevent attacks like SQL injection, cross-site scripting (XSS), path traversal, etc.
To install and enable Mod Security on Ubuntu, run:
sudo apt install libapache2-mod-security
sudo a2enmod security2
sudo service apache2 restartYou’ll then need to configure Mod Security rules to define what attacks to detect and block.
Restrict file permissions
Make sure the files and folders owned by Apache have restricted permissions:
sudo chown -R www-data:www-data /var/www
sudo chmod -R 755 /var/www The www-data user is the default Apache user on Ubuntu. Only give read/write access to files that Apache needs to modify.
Disable directory browsing
Directory browsing allows people to view the files in a folder if no index file is present. This can expose sensitive files, so it’s best to disable it:
“`bash
sudo a2dismod autoindex
sudo service apache2 restart
## Use HTTPS
Always serve your website over HTTPS to encrypt traffic and protect against MITM attacks. On Ubuntu, you can enable HTTPS using Let's Encrypt:bash
sudo apt install letsencrypt
sudo letsencrypt –apache
Follow the prompts to configure a domain name and certificate. Apache will then automatically redirect HTTP requests to HTTPS.
## Limit Apache modules
Only enable Apache modules that are required. Disable unused modules to reduce the attack surface:bash
sudo a2dismod status
sudo a2dismod info
sudo a2dismod userdir
sudo service apache2 restart
“`
You can also use apache2ctl -M to list all loaded modules and disable any that are unnecessary.
Hope this helps! Let me know if you have any other questions.
No Comments