Secure Apache2 and PHP on Ubuntu 16.04

Create /etc/apache2/sites-available/000-security.conf

$ sudo vi /etc/apache2/sites-available/000-security.conf
# Secure apache website

# Disable Trace HTTP Request
TraceEnable off

# Disable Signature
ServerSignature Off

# Disable Banner
ServerTokens Prod

# If enabled ssl (sudo a2enmod ssl)
# Use only TLS, Disable SSLv2, SSLv3
# SSLProtocol -ALL +TLSv1

# Disable Null and Weak Ciphers

# Disable Directory Listing
Options all -Indexes

# If enabled headers (sudo a2enmod headers)
# Disable x-powered by
Header always unset X-Powered-By
$ sudo a2ensite 000-security.conf

On ubuntu 16.04. The default php settings is good. Please make sure settings in php.ini



expose_php = Off
display_errors = Off


Leave a Reply

Your email address will not be published. Required fields are marked *