logo

Under developement

Apache Armor

This Ansible role provides an easy way to harden your Apache webserver.

You can apply it as is immediately, as the default settings are good enough to start. Tailor the hardening process to your needs by enabling further options.

Should I harden my webserver ?

Yes. Check by yourself at observatory.mozilla.org.

Requirements

To launch this role, you will need :

Usage

The role edits a temporary copy of you configuration file, then backup and overwrite your original configuration file if changes were made.

You can start by testing your webserver configuration on observatory.mozilla.org.

Install Ansible, then create the following apache_hardening.yaml playbook :

- name: Hardening playbook
  hosts:
    production:
      ansible_host: www.example.org
      #ansible_user: user
      #ansible_password: user_pass

  become: yes

  roles:
    - Apache-Armor

You should have the following arborescence :

tree

Finally, launch your playbook with :

ansible-playbook apache_hardening.yaml

Now you can check your webserver again and enjoy the improvement 😎.

Actions

Setting Apache value Armor value Applied Description
Etag test none yes Gives info on running server. In production, there is no reason to give this information.
Cookie : Secure attribute   secure yes Setting the Secure attribute on cookies will prevent them from being sent over insecure HTTP.
Cookie : HttpOnly attribute   httponly yes HttpOnly cookies are inaccessible from JavaScript, preventing cross-site scripting (XSS) attacks from stealing session cookies.
Cookie : SameSite attribute   samesite yes The SameSite attribute prevents your cookies from being sent cross-site, protecting against CSRF attacks.