Hiding Apache Data and Implementing Safeguards

45 minutes
  • 4 Learning Objectives

About this Hands-on Lab

The objective of this lab is to implement a series of safeguards to the existing Apache instance. In particular, you will need to implement DOS and DDOS protection in terms of the Apache configuration. You will also need to implement clickjacking attack protection, add cross-site scripting protection, prevent server-side includes, specify allowed request methods, disable HTTP 1.0 protocol, prevent the following of symbolic links, and make sure you do not volunteer server information via server banner and ETag. Keep in mind that firewalld is already running, SSH is port 61613, Apache is already running on port 80, SELinux is in enforcing mode, and the frontend and backend are both up and running.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Implement DOS/DDOS Protection, Clickjacking Attack Protection, and Cross-Site Scripting Protection
  1. Open the main configuration file for editing.

  2. Set the flag for the cookies to be secure, enable cross-site scripting protection, and prevent i-framing and embedding the website somewhere else.

  3. Implement DOS and DDOS protection and mitigation mechanisms.

Prevent Server Side Includes and Specify Allowed Request Methods
  1. Append code to prevent includes to the directory.

  2. Insert option limits to prevent server-side includes and indexes.

Disable HTTP 1.0 Protocol and Prevent the Following of Symbolic Links
  1. Insert code to disable HTTP 1.0 protocol and only use HTTP 1.1 protocol.

  2. Prevent following of symbolic links.

Do Not Volunteer Server Information via Server Banner and Etag, and Restart the Web Server to Apply the Changes
  1. Limit the amount of information that the server provides.

  2. Save and close to apply the changes.

  3. Restart the system, check the status of the server, and verify access to the web server in a different browser window.

Additional Resources

The initial SSH Port is 61613, and that is the port you will use to initially connect to server via SSH.

Apache is configured in such a way that it shares quite a bit of information about itself and the system on which it is running by default. Why is this? One of the biggest reasons is for ease of communication.

However, for security reasons, we need to prevent all volunteering of information via server signature and ETag. Furthermore, there is no reason why we should allow for HTTP 1.0 protocol to be used at all, and we will need to implement som DOS/DDOS protection mechanisms. This is done to harden the default configuration of the Apache web server.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?