...
Here are some of the basic hardening steps I take today .by default,
| Note |
|---|
As with any security notes, I will write a disclaimer that there are more advanced ways to secure Apache. You can go as far as compiling your own custom version but that's out of scope for now. |
...
Will flush this out some more ...
Disable Etag Header
Etag (entity tag) was introduced to help improve caching. However, besides not being very effective in an enterprise clusters environments), it also provides sensitive information like inode number, multipart MIME boundary and child processes. It allows hackers to uniquely identify a particular server.
Unless you have a compelling reason you may,
- Disable etag - rely on the default Expire or Cach-Control header information.
- Minimally disable INode
... to fill out
Turn off Default Website
...
...