This Ansible role provides an easy way to harden your Apache webserver.
You can apply it as is immediately, as the default settings are good enough to start. Tailor the hardening process to your needs by enabling further options.
Should I harden my webserver ?
Yes. Check by yourself at observatory.mozilla.org.
To launch this role, you will need :
- SSH access to your server (key-based authentication is better)
- root, or any user with sudo privilege 🙂
- Any major Linux distribution
The role edits a temporary copy of you configuration file, then backup and overwrite your original configuration file if changes were made.
You can start by testing your webserver configuration on observatory.mozilla.org.
Install Ansible, then create the following
apache_hardening.yaml playbook :
- name: Hardening playbook hosts: production: ansible_host: www.example.org #ansible_user: user #ansible_password: user_pass become: yes roles: - Apache-Armor
You should have the following arborescence :
Finally, launch your playbook with :
Now you can check your webserver again and enjoy the improvement 😎.
|Setting||Apache value||Armor value||Applied||Description|
|Etag||test||none||yes||Gives info on running server. In production, there is no reason to give this information.|
|Cookie : Secure attribute||secure||yes||Setting the
|Cookie : HttpOnly attribute||httponly||yes||
|Cookie : SameSite attribute||samesite||yes||The