close welcome page
cd /etc/httpd/conf.d/
sudo mv welcome.conf welcome.conf.org
iconsフォルダ無効化
cd /etc/httpd/conf.d/
sudo mv autoindex.conf autoindex.conf.org
# check if error
sudo httpd -t
sudo systemctl restart httpd
# confrim http://サイトのURL/icons/README changed to be not found
TLS1.0 と TLS1.1 を無効にし、TLS1.2 のみ利用する設定
# confirm ciphers
openssl ciphers -v
sudo emacs /etc/httpd/conf.d/ssl.conf
---
# edit as below
# SSLProtocol all -SSLv2
# SLProtocol -all +TLSv1.3 +TLSv1.2
SSLProtocol -all +TLSv1.2
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCipherSuite HIGH:MEDIUM:!aNULL:eNULL:!MD5:!SEED:!IDEA:!3DES:!RC4:!ADH:!DH
# SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305
# Perfect Forward Security
SSLSessionTickets off
SSLHonorCipherOrder on
# turnoff compression
SSLCompression off
---
# restart sshd
sudo systemctl restart sshd
Apache 環境変数を変更
emacs /etc/sysconfig/httpd
---
export OPEN_NO_DEFAULT_ZLIB=1
---
ディレクトリ内容一覧表示off、バージョン表示offなど
sudo emacs /etc/httpd/conf/httpd.conf
---
# modified_as bellow
# index off
# Options Indexes FollowSymLinks
Options FollowSymLinks
# Apacheバージョン表示の無効化
ServerTokens ProductOnly
ServerSignature off
# HTTP TRACE of
TraceEnable off
# X-Frame-Optionsヘッダ
Header append X-FRAME-OPTIONS "SAMEORIGIN"
# set 404
ErrorDocument 404 /missing.html
---
# restart httpd
sudo systemctl restart httpd