A collection of example configurations and scripts to aid system administrators in hardening Apache web servers.
Apache, out of the box, is surprisingly insecure. Many best practices and security configurations have to be configured manually before rolling Apache out in a production environment. You may use this GitHub repository as a starting point towards securing your Apache instances.
We'll start with one of the most important changes, implementing ModSecurity with OWASP ModSecurity configurations.
Please read this for instructions.
Please read this for instructions.
Please read this for instructions.