To harden an Apache web server.
Edit your Apache configuration file
/etc/apache2/httpd.conf and add the following in the root level Directory directive:
<Directory /> AllowOverride None AllowOverrideList None Options None Require all denied </Directory>
[root@nowherelan]# systemctl reload httpd.service
AllowOverride directive is set to
AllowOverrideList is set to
.htaccess files are completely ignored. In this case, the server will not even attempt to read
.htaccess files in the filesystem.
Options directive controls which server features are available in a particular directory.
Options can be set to
None, in which case none of the extra features are enabled.
Require directive tests whether an authenticated user is authorized according to a particular authorization provider and the specified restrictions. With
Require all denied, access is denied unconditionally.
You will then want to enable certain abilities on a per-directory basis:
<Directory /var/www/html> Options +SymLinksIfOwnerMatch Require all granted </Directory>
Options +SymLinksIfOwnerMatch, the server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.
Require all granted, access is allowed unconditionally.
Verify that your web application still functions properly after making these changes.
My System Configuration
- CentOS 7
- Apache 2.4