Apache Hardening

This guide covers the main parameters to harden Apache and PHP: apache2.conf, security.conf, and php.ini.

Installation

apt install apache2
apt install libapache2-mod-php php-mysql

1. apache2.conf

Timeout 60
KeepAlive Off
KeepAliveRequests 75
KeepAliveTimeout 3

2. security.conf

ServerTokens Prod
ServerSignature Off
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"

3. php.ini — Session Security

session.cookie_lifetime  = 0
session.use_cookies      = 1
session.use_only_cookies = 1
session.use_strict_mode  = 1
session.cookie_httponly  = On
session.cookie_secure    = On
session.gc_maxlifetime   = 1440
session.use_trans_sid    = 0
session.cache_limiter    = nocache
session.hash_function    = 1