Securing Apache In Ubuntu Server 12.04

Securing Apache can be different if you have custom modules running,  for this quick note/tutorial I am going to assume that it is a fresh install of Apache or a lamp stack (sudo apt-get install lamp-server^)…


bash in… (sudo bash)

as root:

  • Change default apache web root, vim /etc/apache2/sites-available
  • Change default ServerSignature Settings to “Off”, vim /etc/apache2/conf.d/security
  • Change default ServerTokens Settings to “Prod”, vim /etc/apache2/conf.d/security


I am sure you can do a lot more to “secure” your apache installation, but this is a good start, it will hide your server information from port scanners and scripts trying to detect what your server version is. This makes it much harder to exploit your box, it’s hard to exploit something you have no idea what its running.
You can also make your default directory your home directory if you wish to encrypt your files. If you want more security I would consider tools to encrypt the entire partition/drive, you can find out more about full disk encryption for uOS Server 12.04 here.