Apache Secure Tutorial: Hide HTTP Header and Disable Directory Listing
This is one of the basic secuirty hardening and first steps, by default server will show the OS information and Apache version in the footer whenever a page not found or any other requests replies.
One of the first steps when you start securing your Apache server is to disable the directory browsing, you don’t want anyone to browse your file and know the structure.
Other Apache Hardening Tutorials:
1- Secure Apache Web Server – Use SSLScan and Disable Ciphers:
https://goo.gl/mb7pYz
2- Apache Secure Tutorial: Hide HTTP Header and Disable Directory Listing:
https://goo.gl/VqcLrG
3- Apache Hardening Tutorial: Disable HTTP Trace / Cross Site Method
https://goo.gl/KJnbDS
Disable Server Response Header
vi /etc/httpd/conf/httpd.conf
Add
ServerTokens Prod
Save
Restart Apache
service httpd restart “RHEL/CentOS 6 and earlier versions”
systemctl restart httpd “RHEL/CentOS 7 and earlier versions”
Disable Apache Trailing Footer
vi /etc/httpd/conf/httpd.conf
Add
ServerSignature Off
Save
Restart Apache
service httpd restart “RHEL/CentOS 6 and earlier versions”
systemctl restart httpd “RHEL/CentOS 7 and earlier versions”
n this example i will disable browsing for /var/www/html/dotsway folder.
vi /etc/httpd/conf/httpd.com
Add below to the directory part
Options -Indexes
Save
Restart Apache
service httpd restart
OR
systemctl restart httpd
by dotsway
linux http server
does this works with subdirectories?
Man you just saved me, I owe you a beer.
Is this possible to restrict a specific requests, for example i have to restrict url ends with wsdl.
How can i disable a specific file in the folder
The Apache Series is so far my favourite, very useful information, thanks for sharing