Note: Server system: Ubuntu 20.04 , different systems may have different configuration file paths
Enable .htaccess and prohibit directory traversal
1. Open the configuration file /etc/apache2/apache2.conf
2. Find the place as shown:
3. Enable .htaccess: Change AllowOverride None to AllowOverride All
4. Disable directory traversal: Add before Indexes in the Options line On-, add + before FollowSymLinks
5. Restart Apache2service apache2 restart
Enable HSTS
1. Terminal execute command to enable headers
a2enmod headersEnable related modules
a2enmod ssla2ensite default-ssl.conf2. Add a line under <VirtualHost *.80> in /etc/apache2/sites-available/000-default.conf
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"If you want to modify port 443, go to /etc/apache2/sites-available/default-ssl.conf , similar operations
3. Configure SSL certificates, open /etc/apache2/sites-available/default-ssl.conf found
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pemandSSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.keywere later replaced with your own path to resolve the domain name of the SSL certificate, the former is a certificate (* .pem) file, which is close Key file (*.key)
4. Restart Apache2service apache2 restart
Close SSL2.0, SSL3.0, TLS1.0
1. Open /etc/apache2/mods-available/ssl.conf
2. Find SSLProtocol all -SSLv3 and comment it out
3. Add a new lineSSLProtocol ALL -SSLv2 -SSLv3 -TLSv14. Restart Apache2
service apache2 restart
Use FS encryption suite first
1. Open /etc/apache2/apache2.conf and add a line
SSLHonorCipherOrder on2. Restart Apache2
service apache2 restart
Turn on Rewrite
a2enmod rewrite
Website SSL/TLS Security Evaluation
Note: The security is improved, the compatibility with old browsers is poor, and those browsers may not be able to open web pages