Skip to main content

Server Security - Apache Web Server Hardening

Whenever any request is made from client to server then it sends some headers from server to client or vice versa. So when we receive server response we get some headers that give some extra information about the server.

This information or headers sometimes becomes vulnerable for hackers to break your server and get into it. In order to stop unauthorized access we secure our server.

So in this article “Server Security – Apache Web Server Hardening” I will secure the apache server by removing the server details from response headers. This comes under the Banner Grabbing Attack.

In the Banner Grabbing method, Hacker tries to identify the target system OS or server name and version to penetrate into the system.

To understand this look at the image below.

Server Vulnerability
Server Details

If you will look at the image you will find out, In server response headers we are actually getting the lots of details.

We are getting the following items:

1. Server Name and Version (Apache & 2.4.43)
2. OS Name (Win64)
3. Web Language Name and Version (PHP & 7.3.17 )

The above information is big enough to carry out attacks on your server.

Prevention:

So in order to prevent this attack the best way is to remove this sensitive information from response headers. To do this you have to make changes in httpd.conf file. This file basically the configuration file of your server.

You may find httpd.conf file on following location

Ubuntu – /etc/apache2
Cent OS – /etc/httpd/conf
Windows – wamp/apache2/conf/

Steps:

  1. Open httpd.conf file
  2. Then search for “ServerTokens” and set its value to Prod. If it does not exist then add it at the end of the file.
  3. Save the file.
  4. Restart the server.
Final Result

Note: In an earlier Apache version before 2.0.44, you have to set the “ServerSignature” value to On in order to achieve the same.

Version < 2.0.44

ServerSignature Off
ServerTokens Prod

Version > 2.0.44

ServerTokens Prod

Server Tokens Directive

Server Token has 5 Possible values

ServerTokens Prod[uctOnly]

Server sends (e.g.): Server: Apache

ServerTokens Major

Server sends (e.g.): Server: Apache/2

ServerTokens Minor

Server sends (e.g.): Server: Apache/2.0

ServerTokens Min[imal]

Server sends (e.g.): Server: Apache/2.0.41

ServerTokens OS

Server sends (e.g.): Server: Apache/2.0.41 (Unix)

ServerTokens Full (or not specified)

Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Server Signature Directive

The ServerSignature appears on the bottom of pages generated by apache such as 404 pages, directory listings, etc.

Now after version, 2.0.44 ServerToken directive can control both

Suggested Read: Play Playstation 3 Games on PC

Labels:

Comments

Post a Comment

Popular posts from this blog

Automation - Update Naukri Profile Using Selenium

Recently one of my friend came to me with a problem. He is looking out for new job but he feels quite boring to update  his profile on daily basis. As some people says updating profile in the morning gives you more calls as it keeps the newly updated profile on top (Although i don’t know whether naukri works this way or not 😀 ). As i was more interested to solve his problem.  After listening his problem i came to solution that instead of updating it manually lets make this job automatic. And it is quite interesting how we can automate our daily boring task with automation. Another day i came with the solution . And the solution was to make it automatic using selenium (Those who are not aware about selenium do check this link) In short, Selenium is a Testing automation Framework. And it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should) also be automated as well....
Post a Comment
Read more

OpenCV - Drawing a Circle with python

In this tutorial, I will show you how to draw a circle in OpenCV. OpenCV comes with lots of built-in functions that make our life easier especially when we are working on image processing .  And there is a function called circle in OpenCV which is used to draw a circle. This function takes following parameters: 1. Image : Takes an image object 2. Center : Center point coordinates 3. Radius : Radius of the circle 4. Color : Takes color in BGR format 5. Thickness : By default set to 1 (optional) 6. Line Type : By default set to 8-connected.It can also be  LINE_AA  or  4-connected  (Optional) 7. Shift:  Shifts fractional bits in the point coordinates of center and radius (Optional) Especially when we are creating closed shapes. Thickness plays an important role. Here if the negative thickness is passed in this function or any other function which creates a closed shape(rectangle, polygon, etc). Then it creates a filled shape (filled with color). Negative Thickness Filled Circle Positive ...
Post a Comment
Read more

PS3 - Dragon Ball Z Battle Of Z - RPCS3 Setting

Hi GuyZ, Today, I am going to show you, how to play PS3 games on PC using the RPCS3 Emulator. It is very easy to set up and play PS3 Games. I got to know about this emulator some time ago and I thought I should give it a try . Initially I was not sure that whether it would work or not. But at last, it worked. I found it very easy to set up and play PS3 games . Although this emulator is still in the development stage so you may encounter some errors. I haven’t got any errors. In this tutorial, I am using the PS3 PKG file. This emulator also supports dumping ps3 disc and ISO Images. Prerequisites: RPCS3 Emulator PS3 Update File Microsoft Visual C++ 2019 Redistributable PS3 .pkg and Rap File Important Tip Before downloading any game make sure it comes under the playable section of rpcs3 compatibility. To check which game you can play using RPCS3 click HERE. Games that are showing in the Playable Section are actually the games that are in running state and can be played using RPCS3 E...
Post a Comment
Read more