Things to be considered before configuring apache server.



1.Hiding Apache version and OS information:



Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command

vim /etc/httpd/conf/httpd.conf


>Go to the above directory



ServerSignature Off


>Off the default signature



service httpd restart


>restart the server to take effect the changes




2.Disable Directory Listing



If /var/www/ don’t have the index file then webserver shows the document root directory


This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.


<Directory /var/www/html>

Options -Indexes





3.Restricting Access to files outside the root directory



Configure the file like given below:



Options None

AllowOverride None

Order deny,allow

Deny from all



This will not allow user to access outside the web root directory







To view the current iptables configuration

iptables -L



How to block all connections from a specific IP Address.


iptables -A INPUT -s (ip address) -j DROP

e.g.: iptables -A INPUT -s -j DROP



How to block all of the IP Addresses in the network range.


Standard method: iptables -A INPUT -s -j DROP


Netmask method: iptables -A INPUT -s -j DROP




How to block SSH connections from any IP address.


iptables -A INPUT -p tcp --dport ssh -j DROP


How to block SSH connections from a specific IP Address.


iptables -A INPUT -p tcp --dport ssh -s -j DROP

For tcp protocol use -p tcp

& for udp protocol use -p udp



The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes



For Ubuntu:

sudo /sbin/iptables-save



Red Hat / CentOS:

/sbin/service iptables save


/etc/init.d/iptables save



To clear all the currently configured rules:

iptables -F