close welcome page
cd /etc/httpd/conf.d/
sudo mv welcome.conf welcome.conf.org
iconsフォルダ無効化
cd /etc/httpd/conf.d/
sudo mv autoindex.conf autoindex.conf.org
#check if error
sudo httpd -t
sudo systemctl restart httpd
#confrim http://サイトのURL/icons/README changed to be not found
TLS1.0 と TLS1.1 を無効にし、TLS1.2 のみ利用する設定
#confirm ciphers
openssl ciphers -v
sudo emacs /etc/httpd/conf.d/ssl.conf
---
#edit as below
#SSLProtocol all -SSLv2
#SLProtocol -all +TLSv1.3 +TLSv1.2
SSLProtocol -all +TLSv1.2
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCipherSuite HIGH:MEDIUM:!aNULL:eNULL:!MD5:!SEED:!IDEA:!3DES:!RC4:!ADH:!DH
#SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305
#Perfect Forward Security
SSLSessionTickets off
SSLHonorCipherOrder on
#turnoff compression
SSLCompression off
---
#restart sshd
sudo systemctl restart sshd
Apache 環境変数を変更
emacs /etc/sysconfig/httpd
---
export OPEN_NO_DEFAULT_ZLIB=1
---
ディレクトリ内容一覧表示off、バージョン表示offなど
sudo emacs /etc/httpd/conf/httpd.conf
---
# modified_as bellow
# index off
# Options Indexes FollowSymLinks
Options FollowSymLinks
# Apacheバージョン表示の無効化
ServerTokens ProductOnly
ServerSignature off
#HTTP TRACE of
TraceEnable off
#X-Frame-Optionsヘッダ
Header append X-FRAME-OPTIONS "SAMEORIGIN"
#set 404
ErrorDocument 404 /missing.html
---
#restart httpd
sudo systemctl restart httpd