Update 2010-10-25: I’ve added “TraceEnable Off” to the configuration (which is not the default on Debian).
If you run an Apache 2 web server on a production system, it is always a good idea to make some easy configuration changes in /etc/apache2/conf.d/security to increase the server’s security:
# Disable access, directory indexing and .htaccess files by default
Options -Indexes
AllowOverride None
Order Deny,Allow
Deny from all
# Disable system information be included in the HTTP responses
ServerTokens Prod
# Disable system information to be included in server-generated pages
ServerSignature Off
# Disable HTTP TRACE requests
TraceEnable Off
The directory directive could break the compatibility with your current configuration. In detail, you have override the directive for all of your configured virtual hosts to enable access to the resources in the document root path, like:
[...]
Order allow,deny
Allow from all
One response to “Debian/Ubuntu: Basic Apache 2 security”
Thanks a lot !