Apache Security


Minimal server info
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
ServerTokens Prod
Lower timeout

The default values (CentOS: 120, Gentoo: 300) are high, and can be reduced to help mitigate a denial of service, unintentional or otherwise.

# Timeout: The number of seconds before receives and sends time out.
Timeout 45
Disable trace behavior
# TraceEnable
# This directive overrides the behavior of TRACE for both the core server and
# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616,
# which disallows any request body to accompany the request. TraceEnable off
# causes the core server and mod_proxy to return a 405 (Method not allowed)
# error to the client.
# For security reasons this is turned off by default. (bug #240680)
TraceEnable off
Disable server signature
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
ServerSignature Off
Disable range headers
RequestHeader unset Range

Note that this may break certain clients - such as those used for e-Readers and progressive/http-streaming video.

Furthermore to ignore the Netscape Navigator 2-3 and MSIE 3 specific legacy header - add:

RequestHeader unset Request-Range
Disable FileEtag
FileEtag None
Ignore client requests with indexes
IndexOptions IgnoreClient
Message digests

Adds an integrity check useful for proxies and clients. This will only work with files sent by mod_core (static files like HTML, images, downloads) and not any modules (PHP).

ContentDigest On