How to secure apache server on ubuntu

There are several steps you can take to secure an Apache server running on Ubuntu:

Enable mod_security

Mod Security is an open source web application firewall (WAF) module for Apache. It can help detect and prevent attacks like SQL injection, cross-site scripting (XSS), path traversal, etc.

To install and enable Mod Security on Ubuntu, run:

sudo apt install libapache2-mod-security
sudo a2enmod security2
sudo service apache2 restart

You’ll then need to configure Mod Security rules to define what attacks to detect and block.

Restrict file permissions

Make sure the files and folders owned by Apache have restricted permissions:

sudo chown -R www-data:www-data /var/www
sudo chmod -R 755 /var/www 

The www-data user is the default Apache user on Ubuntu. Only give read/write access to files that Apache needs to modify.

Disable directory browsing

Directory browsing allows people to view the files in a folder if no index file is present. This can expose sensitive files, so it’s best to disable it:

“`bash
sudo a2dismod autoindex
sudo service apache2 restart

## Use HTTPS

Always serve your website over HTTPS to encrypt traffic and protect against MITM attacks. On Ubuntu, you can enable HTTPS using Let's Encrypt:

bash
sudo apt install letsencrypt
sudo letsencrypt –apache

Follow the prompts to configure a domain name and certificate. Apache will then automatically redirect HTTP requests to HTTPS.

## Limit Apache modules

Only enable Apache modules that are required. Disable unused modules to reduce the attack surface:

bash
sudo a2dismod status
sudo a2dismod info
sudo a2dismod userdir
sudo service apache2 restart
“`

ALSO READ  Which cloud certifications typically result in the highest salaries?

You can also use apache2ctl -M to list all loaded modules and disable any that are unnecessary.

Hope this helps! Let me know if you have any other questions.

Abhay Singh

I'm Abhay Singh, an Architect with 9 Years of It experience. AWS Certified Solutions Architect.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *