Tips
1.Hide apache version and OS identitty
vim /etc/httpd/httpd.conf
ServerSignature OffServerTokens Prod
2.Disable directory listing
webhost config file
<Directory /var/www/@@@>Options –Indexes</Directory>
3.Disable Unnecessary Modules
4.Use mod_security
5.Turn off Server Side Includes and CGI Execution
6.Limit Request Size
7.Use only TLS, Disable SSlv2, SSlV3, Disable ssl conpression
add in webhost config file
SSLProtocol TLSv1.2
SSLCompression off
8.Disable Weak chipers
add in webhost config file
SSLOptions +StrictRequire
SSLCipherSuite “HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128”
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!RSA+3DES:!aNULL:!MD5:!DSS:!SSLv2:!3DES:!ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS