We need to minimize the information we are sharing with everyone. Also, we need to look over what modules are running and interacting with what applications. The bulk of the work is really in this procedure. It does not just involve turning on or off modules; but instead heavy tweaking the modules behavior and function can really harden a system beyond a hackers reach from the Internet.
a2enmod (module name)
a2dismod (module name)
a2enmod ssl headers rewrite expires proxy proxy_fcgi proxy_http http2 cache cache_socache socache_shmcb php5
Do not forget to handle the IP defaulting to a web page if you disable the defaults. Do not use the Apache2 default page!
<Directory /> <--- Protect our system files - If you did not add this in the prior Step2b, you can add it globally here
Require all denied
We could put all of Security Header settings in this file, but I highly do not recommend it on a Server that hosts numerous sites!
expose_php = Off
Each process under event can contain multiple threads and each is capable of more than one task. This results in Apache having the lowest requirements when used with mpm_event.
We are using a configuration that requires us to address the higher load requirements.
Config for a dedicated Web application server. If this a Web server, email, DNS, and so forth, cut everything in half and MaxMemFree minimum of 4096 - Which is 4 megs and alter as necessary.
systemctl restart apache2