Help us understand the problem. What is going on with this article?

apacheで攻撃者に有用な情報を与えない対策

More than 3 years have passed since last update.

nginxの場合は Nginx導入時、サクッと対応しておくと良いかもしれない - Qiita

確認
curl -I http://url〜

Apacheのバージョンを出力させない

httpd.conf
- ServerTokens Full
+ ServerTokens Prod
  • ServerSignature OffはProdの場合不要。
curl localhost/aaa
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 <html><head>
 <title>404 Not Found</title>
 </head><body>
 <h1>Not Found</h1>
 <p>The requested URL /aaa was not found on this server.</p>
 <hr>
+<address>Apache/2.4.7 (Ubuntu) Server at localhost Port 80</address>
 </body></html>

PHPのバージョンを出力させない

php.ini
- expose_php = On
+ expose_php = Off

Apacheのwelcomeページを表示させない

cd /etc/httpd/conf.d/
mv welcome.conf welcome.conf.org

以下は今はしなくても良さそう。

IE6初期以前のBasic認証セキュリティ向上

telnet dummy.hoge.jp 80
  • OPTIONS / HTTP/1.0を入力しEnter2回。

Allow: GET,HEAD,POST,OPTIONS,TRACE

TRACEを無効にするには以下

httpd.conf
+ TraceEnable Off
tukiyo3
好き:レトロ風ゲーム、宗教音楽
https://tukiyo.github.io
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away