Guide to securing apache
I stumbled upon a helpful guide to securing an apache server via Reddit’s /r/netsec subreddit. Without further ado, here’s a link to the guide:
The guide covers the simplest changes, like reducing ServerTokens output and eliminating indexes, all the way up through configuring mod_security and using the SpiderLabs GitHub repository to add additional rules.
If you’d like a more in-depth post about installing mod_security, I’d recommend this one from Tecmint.
Oh, and as always, don’t forget about SELinux. :)
UPDATE: Thanks to @matrixtek for mentioning Mozilla’s recommendations specific to TLS.