13 Apache Web Server Security and Hardening Tips

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Use our Hosting referral link if you planning to start your blog ($3.82/month).
  4. Support us via PayPal donate - Make a Donation
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Tarunika Shrivastava

I am a linux server admin and love to play with Linux and all other distributions of it. I am working as System Engineer with a Web Hosting Company.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

63 Responses

  1. Banka Bilgi says:

    Thanks for the article, it really has been a useful article.

  2. Mohammed says:

    Its now not in apache2.conf . Please look for /etc/apache2/conf-available/security.conf

  3. JOBIN JOESPH says:

    thanks for this amazing tutorial . IT REALLY HELPFULL!!

  4. MR. Garcia says:

    Thanks for this great tutorial, it really helped me! :)

    Just correct the path of apache configuration please. it is:



    • Ravi Saive says:


      Thanks for finding this article useful, yes that was a typo, corrected the apache configuration file location in the writeup..

  5. Sanjay says:

    Can you please tell me if I want to change all my configuration are not set in httpd.conf, I want to save these anywhere else, how it can be possible.

    • Ravi Saive says:


      Take the backup of apache configuration file using following command before making any changes to the file.

      # cp /etc/httpd/conf.d/httpd.conf cp /etc/httpd/conf.d/httpd.conf_org
      # cp /etc/apache2/apache.conf /etc/apache2/apache.conf_org
  6. Vishwash says:

    Very well written tarunika. Thank you :)

  7. Karthik says:


    When i added ServerTokens Prod and ServerSignature off and restarted it but still i can see server information.

    I am using Apache 2.4 and CentOS 7.

    • Morgan says:


      sudo etc/init.d/apache2 force-reload

    • Michel Breevoort says:

      Put it at the end of the conf file worked for me.
      Started at the beginning of the conf file did not work… tried to force reload, no result. At the end of the conf file the versions disappeared.

  8. Thank you so much for this. I really helps me to make my server performance and security better

  9. Mehmet Keçeci says:

    yum –> dnf (new command)

  10. Earthwalker says:

    Thank you so much! Really helpful!

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 202,035
  2. 9,267
  3. 38,621

Are you subscribed?