Hello team - My task got failed after following the below steps. Could you please check and advise ?
During a recent security audit, the application security team of xFusionCorp Industries found security issues with the Apache web server on Nautilus App Server 2 server in Stratos DC. They have listed several security issues that need to be fixed on this server. Please apply the security settings below:
a. On Nautilus App Server 2 it was identified that the Apache web server is exposing the version number. Ensure this server has the appropriate settings to hide the version number of the Apache web server.
b. There is a website hosted under /var/www/html/beta on App Server 2. It was detected that the directory /beta lists all of its contents while browsing the URL. Disable the directory browser listing in Apache config.
c. Also make sure to restart the Apache service after making the changes.
Steps:
curl -I http://172.16.238.11:8080 → showed Apache version.
sudo systemctl start httpd
sudo systemctl status httpd
Added below 2 lines end of config file : /etc/httpd/conf/httpd.conf
ServerTokens Prod
ServerSignature Off
Modified httpd.conf config file as below
<Directory “/var/www/html”>
Options -Indexes
AllowOverride None
Require all granted
sudo systemctl restart httpd
checked apache version with command curl -I http://172.16.238.11:8080 and I don’t see the version details. However it says
- directory listing is not disable on apache server on App Server 2. Could you please check and advise if I miss anything ? Thank you. @Inderpreet @rahul456 @Ayman