PassioniInformaticaSicurezza

Guida: Hardening Apache — checklist di sicurezza

16/02/2026

Proteggere Apache in produzione

1. Nascondere informazioni

ServerTokens Prod
ServerSignature Off

2. Disabilitare directory listing

Options -Indexes

3. Bloccare file sensibili

<FilesMatch "\.(bak|old|sql|tar|gz|zip|log|ini|env|sh)$">
    Require all denied
</FilesMatch>

4. Security headers

Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"

5. Limiti richieste

LimitRequestBody 10485760
Timeout 60
KeepAliveTimeout 5

6. Disabilitare moduli inutili

a2dismod status info cgi autoindex
systemctl restart apache2

7. SSL/TLS moderno

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLSessionTickets off

8. Verifica

# Test da Kali
nikto -h https://target
nmap --script http-security-headers -p 443 target

Risultato: Apache blindato con superficie di attacco minimizzata e A+ su security headers.

← Guida: Analisi forense con Volatility e Autopsy Guida: IDS/IPS con Snort su Linux →
← Torna all'elenco