When it comes to setting up a web server, one area that it's vital you don't overlook in the current environment is security. Cybercriminals are becoming more innovative all the time and constantly developing new ways of compromising websites. For instance, figures from Kaspersky reveal the firm detects an average of 200,000 new threats every day, so it's clear that if you don't have the latest up-to-date protections, you'll be leaving yourself vulnerable.
But installing anti-malware solutions is only the first step in keeping your servers secure, as there are many more steps you can take to protect your systems and confidential information. If you're running your website on Apache HTTP Server, there are a few simple security tips you should be considering. It was observed by information provider the Hosting News that this is far and away the most popular web server software, so offered a few basic tips for keeping your server secure.
Disable directory indexing
The site explained that if directory indexing is enabled, any visitor to your site can view the contents of directories that don't have default pages. This can be a serious security risk, so preventing these from being visible is one of the simplest steps you can take to make your site secure
Disable Apache Signature
Under the default settings, Apache sends information about itself to the client, which may include details such as the name of the application, version number and in some cases even the operating system, all of which an attacker can use to find vulnerabilities. Switching off ServerSignature and ServerTokens prevents this and makes life more difficult for criminals.
Install an application firewall
While you should already have network firewalls in place to protect your internal systems, having an application firewall that is designed to secure your web applications is a must. This sits between your server and the internet to stop hackers exploiting your scripts.
These tips were noted to be just some of the simplest things you should be doing to protect your web server and should be viewed as a start, rather than a comprehensive solution. But once you've got the basics set up, you'll be well-placed to ensure all your systems are protected from attack.