Things to be considered before configuring apache server.

1.Hiding Apache version and OS information:

Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command

vim /etc/httpd/conf/httpd.conf

>Go to the above directory

ServerSignature Off

>Off the default signature

service httpd restart

>restart the server to take effect the changes

2.Disable Directory Listing

If /var/www/ don’t have the index file then webserver shows the document root directory

This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.

<Directory /var/www/html>

Options -Indexes


3.Restricting Access to files outside the root directory

Configure the file like given below:


Options None

AllowOverride None

Order deny,allow

Deny from all


This will not allow user to access outside the web root directory


To view the current iptables configuration

iptables -L

How to block all connections from a specific IP Address.

iptables -A INPUT -s (ip address) -j DROP

e.g.: iptables -A INPUT -s -j DROP

How to block all of the IP Addresses in the network range.

Standard method: iptables -A INPUT -s -j DROP


Netmask method: iptables -A INPUT -s -j DROP

How to block SSH connections from any IP address.

iptables -A INPUT -p tcp --dport ssh -j DROP

How to block SSH connections from a specific IP Address.

iptables -A INPUT -p tcp --dport ssh -s -j DROP

For tcp protocol use -p tcp

& for udp protocol use -p udp

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes

For Ubuntu:

sudo /sbin/iptables-save

Red Hat / CentOS:

/sbin/service iptables save


/etc/init.d/iptables save

To clear all the currently configured rules:

iptables -F

© 2014 HaKTuts. All rights reserved.