Things to be considered before configuring apache server.
1.Hiding Apache version and OS information:
Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command
vim /etc/httpd/conf/httpd.conf
>Go to the above directory
ServerSignature Off
>Off the default signature
service httpd restart
>restart the server to take effect the changes
2.Disable Directory Listing
If /var/www/ don’t have the index file then webserver shows the document root directory
This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.
<Directory /var/www/html>
Options -Indexes
</Directory>
3.Restricting Access to files outside the root directory
Configure the file like given below:
<Directory/>
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
This will not allow user to access outside the web root directory
HOW TO INSERT RESTRICTION.
To view the current iptables configuration
iptables -L
How to block all connections from a specific IP Address.
iptables -A INPUT -s (ip address) -j DROP
e.g.: iptables -A INPUT -s 192.168.1.22 -j DROP
How to block all of the IP Addresses in the 192.168.1.1/24 network range.
Standard method: iptables -A INPUT -s 192.168.1.1/24 -j DROP
OR
Netmask method: iptables -A INPUT -s 192.168.1.1/255.255.255.0 -j DROP
How to block SSH connections from any IP address.
iptables -A INPUT -p tcp --dport ssh -j DROP
How to block SSH connections from a specific IP Address.
iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP
For tcp protocol use -p tcp
& for udp protocol use -p udp
The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes