Security Settings for Apache Web Server.

Overview

In this article I would like to summarized the security settings that can be shared for Apache settings and their items.

Example settings:

[root@server vagrant]# cat /etc/httpd/conf.d/security.conf
ServerTokens Prod  #version information
Header unset "X-Powered-By"
RequestHeader unset Proxy #httpoxy Countermeasure
Header append X-Frame-Options SAMEORIGIN #Clickjacking Countermeasure
Header set X-XSS-Protection "1; mode=block" #XSS Countermeasur
Header set X-Content-Type-Options nosniff 
TraceEnable Off #XST Countermeasure
<Directory /var/www/html>
AllowOverride All
Options -Indexes #Prohibit file list output
<IfVersion < 2.3> # Apache 2.2 or earlier countermeasures
ServerSignature Off #Hide version information
FileETag MTime Size # ETag inode information Hidden
    </IfVersion>
</Directory>
<Directory "/var/www/cgi-bin">
    <IfVersion < 2.3>
        ServerSignature Off
        FileETag MTime Size
    </IfVersion>
</Directory>