...
| Note |
|---|
As with any security notes, I will write a disclaimer that there are more advanced ways to secure Apache. You can go as far as compiling your own custom version but that's out of scope for now. |
...
Edit etc/
...
apache2/conf
...
-available/security.conf
set ServerTokens Prod - This turns off all the extra header information sent by Apache. Primarily, it would let a client know what version of Apache is being used. The information could be used to look up vulnerabilities on the particular version of Apache you are running.
set ServerSignatures Off - Removes footer information from default apache pages. For example, page not found.
| Note |
|---|
Older versions of Apache use /etc/apache2/conf.d/security |
Restart Apache to take effect.
Optional Optimization
I found that you can save (according to htop about 3MB) of memory if the status apache module is disabled,
...