CentOS server – basic Apache settings

It is recommended to set up a few things before you go live with your web server.

Remove the welcome page

Open /etc/httpd/conf.d/welcome.conf file and comment all lines.

# This configuration file enables the default "Welcome"
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL.  To disable the Welcome page, comment
# out all the lines below.
#<LocationMatch "^/+$">
#    Options -Indexes
#    ErrorDocument 403 /error/noindex.html

Restart Apache with service httpd restart.

Basic httpd config

Open /etc/httpd/conf/httpd.conf and find the line

Options Indexes FollowSymLinks

inside <Directory “/var/www/html”> section. Add – before Indexes as shown below.

Options -Indexes FollowSymLinks

(If you leave this line as it was, your files and directory list inside /var/www/html dir will be shown to anyone)

Line “LogLevel warn” do not change while you’re testing your web apps. Later, when you want to fire up your server for production use, replace warn with crit.

For security reasons, it is good idea to remove the server signature. To achieve this, find the line ServerSignature On and replace the On with Off

ServerSignature Off

Also, if you want to hide the web server version, OS, etc,… Check the ServerTokens parameter. Default CentOS is ServerTokens OS
All available options are:

ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full

Leave a Reply

Your email address will not be published. Required fields are marked *