This project is under developement
This Ansible role provides an easy way to harden your Apache webserver.
You can apply it as is immediately, as the default settings are good enough to start. You can also tailor the hardening process to your needs by enabling further options.
Should I harden my webserver ?
Check by yourself at observatory.mozilla.org.
To launch this role, you will need :
- SSH access to your server (key-based authentication is better)
- root, or any user with sudo privilege 🙂
- Any major Linux distribution
The role edits a temporary copy of you configuration file, then backup and overwrite your original configuration file if changes were made.
You can start by testing your webserver configuration on observatory.mozilla.org.
Install Ansible, then create the following
apache_hardening.yaml playbook :
- name: Hardening playbook
You should have the following arborescence :
Finally, launch your playbook with :
Now you can check your webserver again and enjoy the improvement 😎.
|Gives info on running server. In production, there is no reason to give this information.
|Cookie : Secure attribute
Secure attribute on cookies will prevent them from being sent over insecure HTTP.
|Cookie : HttpOnly attribute
|Cookie : SameSite attribute
SameSite attribute prevents your cookies from being sent cross-site, protecting against CSRF attacks.