Hide Apache server version/information,
ServerSignature Off
ServerTokens Prod
Show custom error messages, do for common or well known error codes,
ErrorDocument 400 /myerrorpage.html
ErrorDocument 401 /myerrorpage.html
ErrorDocument 403 /myerrorpage.html
ErrorDocument 404 /myerrorpage.html
ErrorDocument 405 /myerrorpage.html
ErrorDocument 500 /myerrorpage.html
Allow only known versions of HTTP protocol,
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/(0\.9|1\.[01])$
RewriteRule .* - [F]
Reduce the timeout in Apache
Default is 300 seconds (5 minutes), safe to reduce this to 60 seconds. Also, KeepAlive should be on but also reduce its timeout.
Timeout 60
KeepAlive On
KeepAliveTimeout 25
Hide the PHP version
Find the php.ini file and look for,
expose_php=ON
change it to,
expose_php=Off
Protect from Cross Site Scripting
<IfModule mod_headers.c>
Header set X-XSS-Protection: "1; mode=block"
</IfModule>
No comments:
Post a Comment