Security hardening for Apache web server

1. Enable HTTPS (SSL)

It is highly recommended to use HTTPS (encrypted) communication rather than HTTP.

Check Enable HTTPS for MiaRec Web portal

2. Disable deprecated SSL/TLS protocols, allow TLS v1.2 only

It is recommended to disable SSL version 3.0 protocol, and force clients to use more secure TLS v1.2

Edit file /etc/httpd/conf.d/ssl.conf (for Centos 7), locate the SSLProtocol line, if its commented out with a #, remove the hash (#) symbol and change it to the following:

SSLProtocol TLSv1.2

Now to increase the security strength we can also disable the weaker ciphers, located the SSLCipherSuite line, uncomment it and make it:

SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA:!RC4:!3DES

3. Disable TRACE method

Add the following line to the end of file /etc/httpd/conf/httpd.conf:

TraceEnable off

4. Enable HTTP Strict Transport Security

Edit file /etc/httpd/conf.d/ssl.conf (for Centos 7), locate the line and add the following lines there:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

5. Reload Apache configuration

Centos 7:

service httpd reload