Securing apache

Some notes on securing apache..

A few key points

  • Disable access to .
  • Disable banner
  • disabled PHP functions

Disable access to .
https://stackoverflow.com/questions/4352737/apache-configuration-regex-to-disable-access-to-files-directories-beginning-wit


Order allow,deny
Deny from all


Order allow,deny
Deny from all


Order allow,deny
Deny from all

Disable banner
http://www.ducea.com/2006/06/15/apache-tips-tricks-hide-apache-software-version/

Usually found in /etc/apache/conf-enabled/security.conf

Disable PHP functions
https://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source