Apache Secure Configuration

Secure Server Configuration Code References Guide

Web Server Platform

Standard Configuration File

Apache .htaccess configuration

Scope of Security Audit

Configure secure Apache rules via .htaccess or httpd.conf to enforce SSL, prevent directory indexing, and implement security headers.

Secure Server Configuration Principles

Configuring security directives at the web server layer (Nginx, Apache, or Edge CDN) is the first line of defense against network hijacking and data leakage. Proper redirects eliminate security vulnerabilities like HTTP cleartext transport, and strict security headers mitigate client-side script vulnerability injections.

How to apply these configuration snippets

Redirect HTTP to HTTPS via RewriteEngine

Force SSL redirection on Apache dynamically.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Disable Directory Indexing & Enable Headers

Disable indexes and append standard security header parameters.

# Disable directory index listing
Options -Indexes

# Configure Security Headers
<IfModule mod_headers.c>
  Header set X-Frame-Options "DENY"
  Header set X-Content-Type-Options "nosniff"
  Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</IfModule>