Skip to main content

Server Security - Apache Web Server Hardening

Whenever any request is made from client to server then it sends some headers from server to client or vice versa. So when we receive server response we get some headers that give some extra information about the server.

This information or headers sometimes becomes vulnerable for hackers to break your server and get into it. In order to stop unauthorized access we secure our server.

So in this article “Server Security – Apache Web Server Hardening” I will secure the apache server by removing the server details from response headers. This comes under the Banner Grabbing Attack.

In the Banner Grabbing method, Hacker tries to identify the target system OS or server name and version to penetrate into the system.

To understand this look at the image below.

Server Vulnerability
Server Details

If you will look at the image you will find out, In server response headers we are actually getting the lots of details.

We are getting the following items:

1. Server Name and Version (Apache & 2.4.43)
2. OS Name (Win64)
3. Web Language Name and Version (PHP & 7.3.17 )

The above information is big enough to carry out attacks on your server.

Prevention:

So in order to prevent this attack the best way is to remove this sensitive information from response headers. To do this you have to make changes in httpd.conf file. This file basically the configuration file of your server.

You may find httpd.conf file on following location

Ubuntu – /etc/apache2
Cent OS – /etc/httpd/conf
Windows – wamp/apache2/conf/

Steps:

  1. Open httpd.conf file
  2. Then search for “ServerTokens” and set its value to Prod. If it does not exist then add it at the end of the file.
  3. Save the file.
  4. Restart the server.
Final Result

Note: In an earlier Apache version before 2.0.44, you have to set the “ServerSignature” value to On in order to achieve the same.

Version < 2.0.44

ServerSignature Off
ServerTokens Prod

Version > 2.0.44

ServerTokens Prod

Server Tokens Directive

Server Token has 5 Possible values

ServerTokens Prod[uctOnly]

Server sends (e.g.): Server: Apache

ServerTokens Major

Server sends (e.g.): Server: Apache/2

ServerTokens Minor

Server sends (e.g.): Server: Apache/2.0

ServerTokens Min[imal]

Server sends (e.g.): Server: Apache/2.0.41

ServerTokens OS

Server sends (e.g.): Server: Apache/2.0.41 (Unix)

ServerTokens Full (or not specified)

Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Server Signature Directive

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

Now after version, 2.0.44 ServerToken directive can control both

Suggested Read: Play Playstation 3 Games on PC

Labels:

Comments

Post a Comment

Popular posts from this blog

Automation - Update Naukri Profile Using Selenium

Recently one of my friend came to me with a problem. He is looking out for new job but he feels quite boring to update  his profile on daily basis. As some people says updating profile in the morning gives you more calls as it keeps the newly updated profile on top (Although i don’t know whether naukri works this way or not 😀 ). As i was more interested to solve his problem.  After listening his problem i came to solution that instead of updating it manually lets make this job automatic. And it is quite interesting how we can automate our daily boring task with automation. Another day i came with the solution . And the solution was to make it automatic using selenium (Those who are not aware about selenium do check this link) In short, Selenium is a Testing automation Framework. And it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should) also be automated as well....
Post a Comment
Read more

OpenCV - Image Filters

Hello Guys, In this tutorial, I will discuss the color map in OpenCV. Color Map is used to show different color temperatures. And this can also be used to generate some cool image filters.  OpenCV comes with thirteen built-in color maps. So in this tutorial, I will show you how to use color maps.  Let’s get started List of Color Maps COLORMAP_AUTUMN COLORMAP_BONE COLORMAP_JET COLORMAP_WINTER COLORMAP_RAINBOW COLORMAP_OCEAN COLORMAP_SUMMER COLORMAP_SPRING COLORMAP_COOL COLORMAP_HSV COLORMAP_PINK COLORMAP_HOT COLORMAP_PARULA To apply color map first we need to convert an image to grayscale. So I will use  img = cv.imread("nature.jpg",cv.IMREAD_GRAYSCALE) If you are not aware of this function then please check my previous tutorial  http://techievaibhav.in/2019/01/10/reading-an-image-using-opencv/ To apply color maps, OpenCV comes with a function called applyColorMap() . This function takes two parameters. Gray Scale image Color Map Autumn Bone Cool Hot HSV Jet Ocean Parula Pink ...
Post a Comment
Read more

Android - Show A Dialog From Service

In this article, I will be discussing how you can create a dialog from service. As we all know that service in android does not have any UI and it is intended for long-running background tasks. But sometimes it is required to show some information to the user when your app is running in the background. Today I will show you how you can implement this type of functionality in your application. Before starting the tutorial let me tell you about the special permission that we are going to use. Permission AndroidManifest.xml<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/> This permission allows the app to use the system level window. AndroidManifest.xml <?xml version="1.0" encoding="utf-8"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.app.dialogfromservice"> <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/> <appl...
Post a Comment
Read more