Securing Apache

To make apache more secure and hide information that can make your site vulnerable you can add the following lines to your httpd.conf

#Disable Trace
TraceEnable Off

#Hide server info
ServerSignature Off
ServerTokens Prod

#Remove Drupal Headers
<IfModule mod_headers.c>
     Header unset X-Generator
     Header unset X-Drupal-Cache
     Header unset X-Powered-By
</IfModule>

#X-Xss-Protection
Header always set X-Xss-Protection "1; mode=block"

#X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"

#X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN

Share this post