This is one of the basic secuirty hardening and first steps, by default server will show the OS information and Apache version in the footer whenever a page not found or any other requests replies.
One of the first steps when you start securing your Apache server is to disable the directory browsing, you don't want anyone to browse your file and know the structure.
Other Apache Hardening Tutorials:
1- Secure Apache Web Server - Use SSLScan and Disable Ciphers:
goo.gl/mb7pYz
2- Apache Secure Tutorial: Hide HTTP Header and Disable Directory Listing:
goo.gl/VqcLrG
3- Apache Hardening Tutorial: Disable HTTP Trace / Cross Site Method
goo.gl/KJnbDS
Disable Server Response Header
vi /etc/httpd/conf/httpd.conf
Add
ServerTokens Prod
Save
Restart Apache
service httpd restart "RHEL/CentOS 6 and earlier versions"
systemctl restart httpd "RHEL/CentOS 7 and earlier versions"
Disable Apache Trailing Footer
vi /etc/httpd/conf/httpd.conf
Add
ServerSignature Off
Save
Restart Apache
service httpd restart "RHEL/CentOS 6 and earlier versions"
systemctl restart httpd "RHEL/CentOS 7 and earlier versions"
n this example i will disable browsing for /var/www/html/dotsway folder.
vi /etc/httpd/conf/httpd.com
Add below to the directory part
Options -Indexes
Save
Restart Apache
service httpd restart
OR
systemctl restart httpd
1 июн 2017
