Apache Security
Trace Back :
Testing if Trace back is enabled :
telnet localhost 80 TRACE / HTTP / 1.0
If you get any response back trace is enabled.
Disabling Trace Back :
vi /etc/httpd/conf/httpd.conf TraceEnable off
or , use an htaccess or rewrite rule :
RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F]
Hide Apache Software Version :
vi /etc/httpd/conf/httpd.conf ServerTokens ProductOnly ServerSignature Off
Disable SSL Protocol V2 :
SSLProtocol all -SSLv2
Check if SSL V2 is supported :
openssl s_client -connect
Disable Weak Ciphers :
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM