Tag: Apache

Apache2 Server Signature

Blake

The following tutorial will provide you with the steps required to disable server information on folder list pages and any of the error pages. The following screenshot shows what I am talking about.

Server Info

I will be showing how I did this on Ubuntu Server 14.04.4 LTS.

This information can provide a hacker with the versions of software installed on your server. Depending on your configuration, PHP information is shared as well. Lets go ahead and get this secured.

First we want to open the apache2.conf in our favorite text editor.

sudo nano /etc/apache2/apache2.conf

Next, we will add a few lines to the end of the config.

ServerSignature Off
ServerTokens Prod

We will now want to restart Apache.

sudo service apache2 restart

On a folder page or error code page you will see the version information is now gone. Unfortunately PHP still sends version information in the page header. To turn that off we need to edit one more config.

sudo nano /etc/php5/apache2/php.ini

Change the expose_php from “On” to “Off”. You will need to find the line in the php.ini file.

expose_php = Off

We can now save the file and restart Apache.

sudo service apache2 restart

We are done! Version numbers will no longer be view-able.
If you have any questions, please use the comments bellow!

Apache VirtualHosts

Blake

The following tutorial will explain how to configure one Apache server to resolve for multiple domain names. We assume you already have install Apache on you Linux based server. Check your distribution for where the configuration files are stored. For this example I am using Ubuntu 12.04.1 LTS.

Make sure you have the DNS A records pointing to the external IP of your server.
We will setup the following domains:

  • example1.com
  • example2.ca

First step is to create separate directory’s for each website. Apaches default web folder is /var/www so we will make the folders in there.

cd /var/www
mkdir example1.com
mkdir example2.ca

Now that the directory’s are made you can upload the sites into each of them.

Next step is to make some configuration files for each of the websites. For that we are going to switch to the /etc/apache2/sites-enabled and create a new file. You can use another text editor if you wish.

cd /etc/apache2/sites-enabled
nano example1.com

Inside this file, you will want to insert the following config.

<VirtualHost *:80>
        ServerAdmin webmaster@example1.com
        ServerName example1.com
        ServerAlias www.example1.com

        DocumentRoot /var/www/example1.com

        <Directory /var/www/example1.com>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/example1.com-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/example1.com-access_log.log common

</VirtualHost>

You could keep the logs in there default directory, but I like to know if one site has an issue that others are not. In this configuration we have not included CGI for security reasons.

The next configuration file is simple. Just need to replace example1.com with example2.ca.

<VirtualHost *:80>
        ServerAdmin webmaster@example2.ca
        ServerName example2.ca
        ServerAlias www.example2.ca

        DocumentRoot /var/www/example2.ca

        <Directory /var/www/example2.ca>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/example2.ca-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/example2.ca-access_log.log common

</VirtualHost>

After you have created all your configs, it’s time to restart Apache.

sudo service apache2 reload

That is it. You have now configured multiple domains on Apache.