Securing the web server

In this recipe, we will learn some steps for securing web server installation.

Getting ready

You will need access to a root account or an account with sudo privileges.

You may need to have a web server stack installed and running.

How to do it…

Follow these steps to secure the web server:

  1. Disable any unwanted modules. You can check all enabled modules with the following command:
    $ a2query -m
  2. Disable modules with the following command:
    $ sudo a2dismod status
  3. Hide the web server's identity. For Apache, edit /etc/apache2/conf-available/security.conf and set the following values:
    ServerSignature Off
ServerTokens Prod
  4. You may want to check other options under security.conf.
  5. Next, disable the Apache server status page:
    $ sudo a2dismod ...

Get Ubuntu Server Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial