major.io words of wisdom from a systems engineer

Guide to securing apache

I stumbled upon a helpful guide to securing an apache server via Reddit’s /r/netsec subreddit. Without further ado, here’s a link to the guide:

The guide covers the simplest changes, like reducing ServerTokens output and eliminating indexes, all the way up through configuring mod_security and using the SpiderLabs GitHub repository to add additional rules.

If you’d like a more in-depth post about installing mod_security, I’d recommend this one from Tecmint.

Oh, and as always, don’t forget about SELinux. :)

UPDATE: Thanks to @matrixtek for mentioning Mozilla’s recommendations specific to TLS.