It is recommended to set up a few things before you go live with your web server.
Remove the welcome page
Open /etc/httpd/conf.d/welcome.conf file and comment all lines.
# This configuration file enables the default "Welcome" # # This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL. To disable the Welcome page, comment # out all the lines below. # #<LocationMatch "^/+$"> # Options -Indexes # ErrorDocument 403 /error/noindex.html #</LocationMatch> |
Restart Apache with service httpd restart.
Basic httpd config
Open /etc/httpd/conf/httpd.conf and find the line
Options Indexes FollowSymLinks
inside <Directory “/var/www/html”> section. Add – before Indexes as shown below.
Options -Indexes FollowSymLinks |
(If you leave this line as it was, your files and directory list inside /var/www/html dir will be shown to anyone)
Line “LogLevel warn” do not change while you’re testing your web apps. Later, when you want to fire up your server for production use, replace warn with crit.
For security reasons, it is good idea to remove the server signature. To achieve this, find the line ServerSignature On and replace the On with Off
ServerSignature Off |
Also, if you want to hide the web server version, OS, etc,… Check the ServerTokens parameter. Default CentOS is ServerTokens OS
All available options are:
ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full |