« Previous 1 2 3 4

Harden your Apache web server

Batten the Hatches

Conclusions

Sophisticated configuration, timely updates, and well-thought-out security concepts cannot be implemented in the blink of an eye; instead, they require the admin's constant attention. If you follow all the tips in this article on securing your web server, you will not have to worry too much – the floodgates will be leak-tight.

Infos

  1. Announce mailing list: http://httpd.apache.org/lists.html#http-announce
  2. Apache Core functions: https://httpd.apache.org/docs/2.4/en/mod/core.html
  3. Upgrading to 2.4 from 2.2: https://httpd.apache.org/docs/2.4/upgrading.html
  4. Mozilla HTTP Observatory: https://observatory.mozilla.org/
  5. Mozilla SSL Configuration Generator: https://ssl-config.mozilla.org
  6. TLS Checklist Inspector: http://tls-check.de
  7. SSL Labs: https://www.ssllabs.com
  8. German cryptographic guidelines: https://www.bsi.bund.de/EN/Topics/Cryptography/CryptoGuidelines/crypto_guidelines_node.html
  9. Core Rules protections: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-(FAQ)#what-attacks-do-the-core-rules-protect-against

The Author

Christoph Mitasch studied computer and media security at the School of Informatics, Communications, and Media, University of Applied Sciences, FH Upper Austria (Hagenberg), and has worked for Thomas-Krenn AG for 15 years.

« Previous 1 2 3 4

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • © auremar, 123RF.com
    Life cycle management with Foreman and Puppet
    Virtual machines seem to be ideal for spare capacity. They are easy to create and remove – if only all those time-consuming administrative tasks like assigning IP addresses, setting up backups, and monitoring were more manageable. Having the right tools can help.
    more »
  • pnphoto, 123RF
    Setting up SSL connections on Apache 2
    To spoil the day for lurking data thieves, Apache administrators only need three additional directives – and a handful of commands.
    more »
  • Lua for Apache

    Lua is a small, lean, and fast scripting language – ideal for working with web servers. Version 2.4 of the Apache web server is the first to offer a matching module that has a few quirks – and pitfalls, if you dig more deeply.

    more »
  • Lead Image © Soloviova Liudmyla, 123RF.com
    Activate HTTP/2 on web servers
    HTTP/2 offers reduced website load times and other performance benefits, along with the promise of server push.
    more »
  • Lead Image © alexwhite, 123RF.com
    Many approaches help secure a web server
    We submit an Apache web server to the Qualys SSL Server Test and look at how to protect against data theft with a combination of TLS by way of Let's Encrypt, SELinux or AppArmor, a firewall, and restraining your web server's verbosity.
    more »
comments powered by Disqus