Wednesday, August 3, 2011

Secure Apache2

Im fortunate that, in the past, I've been audited for PCI Compliancy and gained extended experience in server hardening.

One of the key things I see that most don't do is a simple Apache config change to help secure ones self.

vim /etc/apache2/conf.d/security 
and add

ServerTokens Prod
ServerSignature Off
TraceEnable Off
/etc/init.d/apache2 restart

No comments:

Post a Comment