curl https://exampleconfig.com/api/v1/config/original/332668933023a463046fa90d9b057193?hint=security.conf
wget -O security.conf https://exampleconfig.com/api/v1/config/original/332668933023a463046fa90d9b057193?hint=security.conf
# Changing the following options will not really affect the security of the # server, but might make attacks slightly more difficult in some cases. # # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minimal | Minor | Major | Prod # where Full conveys the most information, and Prod the least. #ServerTokens Minimal ServerTokens OS #ServerTokens Full # # Optionally add a line containing the server version and virtual host # name to server-generated pages (internal error documents, FTP directory # listings, mod_status and mod_info output etc., but not CGI generated # documents or custom error documents). # Set to "EMail" to also include a mailto: link to the ServerAdmin. # Set to one of: On | Off | EMail #ServerSignature Off ServerSignature On # # Allow TRACE method # # Set to "extended" to also reflect the request body (only for testing and # diagnostic purposes). # # Set to one of: On | Off | extended TraceEnable Off #TraceEnable On # # Forbid access to version control directories # # If you use version control systems in your document root, you should # probably deny access to their directories. # # Examples: # #RedirectMatch 404 /\.git #RedirectMatch 404 /\.svn # # Setting this header will prevent MSIE from interpreting files as something # else than declared by the content type in the HTTP headers. # Requires mod_headers to be enabled. # #Header set X-Content-Type-Options: "nosniff" # # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set Content-Security-Policy "frame-ancestors 'self';"
sudo apk add apache2
sudo apt update && sudo apt install apache2
sudo yum install httpd
sudo apt update && sudo apt install apache2
Use this original configuration file when you need to restore Apache HTTP Server to its default state after misconfiguration, during fresh installations, or as a baseline for customization. It's particularly useful for troubleshooting when your current config isn't working properly.
Download this file and replace your current configuration at /etc/apache2/conf-available/security.conf
. Make sure to backup your existing configuration first, then restart the Apache HTTP Server service to apply the changes.
This is the factory-default configuration that ships with Apache HTTP Server on Ubuntu 24.04 LTS (Noble Numbat). While it provides a secure baseline, you should review and customize security settings based on your specific production requirements and compliance needs.
This configuration is specifically from Ubuntu 24.04 LTS (Noble Numbat). Different operating systems and versions may have slightly different default settings, security patches, or feature availability. Check the compatibility section above for other OS versions.
Yes, this original configuration is excellent for troubleshooting. Compare it with your current settings to identify modifications that might be causing issues, or temporarily replace your config with this one to isolate problems.