When should I use this security.conf?
Use it to restore a missing default, confirm what shipped, or diff against your current Apache HTTP Server config.
Apache HTTP Server /etc/apache2/conf-available/security.conf
Original
📋 Ubuntu 24.04 LTS (Noble Numbat)
58 lines
Works On
Viewing:
Ubuntu 24.04 LTS (Noble Numbat)
Same on:
Debian 13 (Trixie)
Other versions:
Details
- Size
- 58 lines
- MD5
- 332668933023a463046fa90d9b057193
- SHA256
- 86296f2324bcc27790a80c863886fffd10d7a48b28587151e541f38136055b8b
/etc/apache2/conf-available/security.conf
# Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. #ServerTokens Minimal ServerTokens OS #ServerTokens Full # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail #ServerSignature Off ServerSignature On # # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended TraceEnable Off #TraceEnable On # # Forbid access to version control directories # # If you use version control systems in your document root, you should # probably deny access to their directories. # # Examples: # #RedirectMatch 404 /\.git #RedirectMatch 404 /\.svn # # Setting this header will prevent MSIE from interpreting files as something # else than declared by the content type in the HTTP headers. # Requires mod_headers to be enabled. # #Header set X-Content-Type-Options: "nosniff" # # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set Content-Security-Policy "frame-ancestors 'self';"
Copy & Paste
curl:
curl https://exampleconfig.com/api/v1/config/original/332668933023a463046fa90d9b057193?hint=security.conf
wget:
wget -O security.conf https://exampleconfig.com/api/v1/config/original/332668933023a463046fa90d9b057193?hint=security.conf
For AI Agents
<prompt><role>DevOps agent</role><source url='https://exampleconfig.com/api/v1/config/original/332668933023a463046fa90d9b057193?hint=security.conf' /><config><app>Apache HTTP Server</app><os>Ubuntu 24.04 LTS (Noble Numbat)</os><location>/etc/apache2/conf-available/security.conf</location><lines>58</lines><md5>332668933023a463046fa90d9b057193</md5><sha256>86296f2324bcc27790a80c863886fffd10d7a48b28587151e541f38136055b8b</sha256></config></prompt>
Paste into Claude, ChatGPT, or any AI assistant.
Install Apache HTTP Server
Alpine Linux
sudo apk add apache2
Debian
sudo apt update && sudo apt install apache2
Red Hat Enterprise Linux
sudo yum install httpd
Ubuntu
sudo apt update && sudo apt install apache2
File Location
FAQ
How do I restore Apache HTTP Server defaults?
Download the file, back up the current one in /etc/apache2/conf-available/security.conf, replace it, then reload or restart Apache HTTP Server.
Is security.conf safe for production?
It is the vendor default for Ubuntu 24.04 LTS (Noble Numbat). Treat it as a baseline and review security and performance settings before production use.
How does this differ from other OS versions?
Defaults vary by distro and version. This copy matches Ubuntu 24.04 LTS (Noble Numbat).
Can I use this for Apache HTTP Server troubleshooting?
Yes. Diff it against yours to find drift, then restore only the sections you need.
