by

Apache Web Server Version



The web server has a crucial role in web-based applications. Since most of us leave it to the default configuration, it can leak sensitive data regarding the web server.

The official name is Apache HTTP Server, and it’s maintained and developed by the Apache Software Foundation. It allows website owners to serve content on the web — hence the name “web server.” It’s one of the oldest and most reliable web servers, with the first version released more than 20 years ago, in 1995. The Apache HTTP server is the most widely-used web server in the world. It provides many powerful features including dynamically loadable modules, robust media support, and extensive integration with other popular software. In this guide, we’ll explain how to install an Apache web server on your Ubuntu 20.04 server. Navigate to your XAMPP folder, enter your Apache folder, enter your bin folder, right click on httpd.exe. The tabs on the top will be General/ Compatibility/ Details/ Previous Versions, we want the Details tab and there it will list the File version and Product version.

There are numerous web servers in the market. Apache is one of the most popular and widely used out of all of them. Because of this popularity, it is also most vulnerable to cyber-attacks.

By applying numerous configuration tweaks we can make Apache withstand malicious attacks up to a limit. Following are some Apache web server hardening tips that you can incorporate to improve security.

Hiding Server Version Banner

One of the first things to be taken care of is hiding the server version banner.

The default apache configuration will expose the server version. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of the server.

We can easily fix server version disclosure by following the below steps:

Open apache.conf

Add the following directives to configuration

Save the configuration and restart Apache

Even better, we can change the server name to anything else in the server header. In order to achieve this, you need to enable the mod_security module. Then add the following directives to the configuration.

Save the configuration and restart Apache

Disable Directory Listing

By Apache’s default configuration, If your web server root directory doesn’t contain index.html, the user can see all files and subdirectories listed in the web root.

To disable directory listing we need to set the Option directive value as None or -Indexes in the apache configuration file.

Example

Restart apache2

Use mod_security Module

mod_security works as a firewall for web applications.

It can also be used for real-time web application monitoring and logging. You can install mod_security from your default package installer.

Installation - debian/ubuntu

Installation - RHEL/CentOS/Fedora

Use mod_evasive Module

mod_evasive provides effective actions against Distributed Denial of Service (DDoS/DoS) attack or brute force attack

Its capabilities also extend to work with ipchains, firewalls, routers, and more. mod_evasive reports events via email and syslog facilities.

mod_evasive has a prerequisite. Install the prerequisite by running the following command.

Debian/Ubuntu

Pre-requisites

RHEL/CentOS/Fedora

Installation

Debian/Ubuntu

RHEL/CentOS/Fedora

Configuring mod_evasive

Open mod_evasive configuration file in any text editor. you can find the configuration file in the following path:

Debian/Ubuntu

RHEL/CentOS/Fedora

Find the following lines and uncomment them.

Replace DOSEmailNotify mail@yourdomain.com with your email address to get a notification on events. Email notifications only work if there’s a functional mail server running on the server.

Save the configuration and restart apache. Now, mod_evasive is in effect.

Hiding ETag Header

The ETag header involves quite a significant number of sensitive details regarding your server. It’s interesting that for PCI-compliance it is required to hide the Etag header.

To achieve this, add the following directive to apache configuration.

Disable CGI and SSI

SSIs are directives present on web applications used to feed an HTML page with dynamic contents.

They are also capable of opening your website up to a certain number of security issues if left unchecked. The same case happens for the CGI scripts. So as to prevent hackers from injecting malicious scripts in your code. Restrict CGI and SSI by adding the following directives to apache configuration:

Setting the HTTP Limits

Setting up some HTTP limits can defend against DDoS (Distributed denial of service) attack, it is really easy if you know the sort of actions to look out for.

DDoS always tends to happen by hitting repeatedly on your server with very large requests.

The following include some limits you make need to configure:

Enable XSS Protection Header

Cross-site scripting (XSS) is a common vulnerability found in web applications. X-XSS-Protection header can prevent some level of XSS (cross-site-scripting) attacks.

The parameters are:

Add the following entry to your Apache configuration to enable XSS Protection Header.

Restart apache.

Last but not the least, always keep your web server updated.

identify vulnerabilities before hackers exploit them.
Apache Web Server Version
Comments
Please enable JavaScript to view the comments powered by Disqus.

Categories

Client Side URL RedirectHSTSCookies AttributesIBMSQL injectioninjectionTime Based Blind SQL InjectionSSLInjectionCRLFContent Security PolicyCSRFCORSInformation Leakagestatus codeSRImetadataX-XSS-ProtectionowaspClickjackingXSSHtaccessCookiesDirectory traversalDOM XSSRFISQL InjectionBlind SQL InjectionXML InjectionblogWeb ServerTLSWordPressweb securitySMBCyber attacksAIWeb serverWordpressDATA SECURITYDOMECTF2020Container securityCMS SecurityData SecurityCode ExecutionContent security policy

Apache is a popular open-source, cross-platform web server that is, by the numbers, the most popular web server in existence. It’s actively maintained by the Apache Software Foundation.

Apache Web Server Latest Version

Some high-profile companies using Apache include Cisco, IBM, Salesforce, General Electric, Adobe, VMware, Xerox, LinkedIn, Facebook, Hewlett-Packard, AT&T, Siemens, eBay, and many more (source).

In addition to its popularity, it’s also one of the oldest web servers, with its first release all the way back in 1995. Many cPanel hosts utilize Apache today. Like other web servers, Apache powers the behind-the-scenes aspects of serving your website’s files to visitors.

Because Apache doesn’t perform as well in some benchmarks, especially for static websites or websites with high traffic, Kinsta uses the NGINX web server instead of Apache. Though NGINX hasn’t been around for as long as Apache, it’s quickly grown in popularity and market share since its launch in 2004.

How Does Apache Work? Web Server Basics Explained

While there’s a lot of complexity underpinning how a web server functions, the basic job of all web servers is to accept requests from clients (e.g. a visitor’s web browser) and then send the response to that request (e.g. the components of the page that a visitor wants to see).

The Apache web server has modules which add more functions to its software, such as MPM (for handling multi-processing modes) or mod_ssl for enabling SSL v3 and TLS support (suggested reading: TLS vs SSL). Some common features seen in Apache include:

  • IPv6
  • FTP
  • Perl, Lua, and PHP
  • Bandwidth throttling
  • WebDAV
  • Load balancing
  • URL rewriting
  • Session tracking
  • Geolocation based on IP address

While a web server is an essential part of any website, it’s important to note that casual WordPress users are unlikely to interact with their web server directly most of the time.

Apache vs Nginx Usage Stats

When you look at every single website on the Internet, Apache is the most popular web server. It powers 47% of the websites with a known web server, according to W3Techs.

However, Apache’s usage greatly drops when you start looking at the web’s most highly trafficked sites. Apache only powers:

  • 27.1% of the 100,000 most popular sites
  • 21.5% of the 10,000 most popular sites
  • 16.2% of the 1,000 most popular sites

This drop-off likely stems, at least in part, from Apache’s lower benchmarks for high traffic websites.

Conversely, NGINX, the web server that Kinsta uses, is used by a majority of high-traffic sites, powering:

  • 56.1% of the 100,000 most popular sites
  • 63.2% of the 10,000 most popular sites
  • 57% of the 1,000 most popular sites

Apache Httpd Versions

If you check the Google Search trends since 2004, you can see this trend play out where Apache’s popularity (as a search term) is decreasing while NGINX’s is creeping up.

How To Check Which Web Server You’re Using

Apache Web Server Latest Version

If you want to see whether you’re using Apache or NGINX, you can often (but not always) look at your site’s HTTP header.

Latest Version Of Apache

To view your site’s HTTP header, you can:

  • Use the Network tab of Chrome Developer Tools
  • Use a tool like Pingdom or GTmetrix

Apache HTTP header

Apache Web Server Tutorial

This method may not work if you’re using a service like Cloudflare, though.

Apache and the Apache feather logo are trademarks of The Apache Software Foundation.

If you enjoyed this tutorial, then you’ll love our support. All Kinsta’s hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans