Apache Hardening for DevSecOps

Table of contents

1. Disable directory listing
2. Enable server signature
3. Disable server signature
4. Change server header
5. Disable server header
6. Enable HTTPS
7. Disable HTTP TRACE method
8. Set secure HTTP response headers

List of some best practices to harden Apache for DevSecOps

Disable directory listing

Options -Indexes

Enable server signature

ServerSignature On

Disable server signature

ServerSignature Off

Change server header

ServerTokens Prod

Disable server header

ServerTokens Prod and ServerSignature Off

Enable HTTPS

Install SSL certificate and configure Apache to use it

Disable HTTP TRACE method

TraceEnable off

Set secure HTTP response headers

Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set Content-Security-Policy "default-src 'self'"