Best Practices: Apache Web Server
- Only enable ports 80 and 443. Along with port 22, only enable the Web server ports. It's a Web server, so it should serve the Web only.
- Don't allow unnecessary users to log in. Take steps to ensure that content isn't tampered with. Push updates to the server over a secure connection or even re-synchronize your content automatically.
- Disable execution of Common Gateway Interface (CGI) programs (or scripts) on static content machines. When there is no reason to execute CGI-type programs, disable the ability to do so. Removing this layer will not only protect the server, it may help performance.
- Consider using chroot to start the Web server. If the Web server user is compromised prevent any other access to the server with the use of chroot.
Additional services running on your system may require special attention. If you have questions or concerns about specific security issues, contact firstname.lastname@example.org for assistance.
Last updated: January 06, 2015