Tag Archives: apache2

The anti-clickjacking X-Frame-Options header is not present.

If you have this for your site after scanning:

The anti-clickjacking X-Frame-Options header is not present.

Go to apache httpd.conf and add to the bottom of the file

Header always append X-Frame-Options SAMEORIGIN

After restart the apache server

FOR UBUNTU 20.04:

First enable mod headers and restart apache2

a2enmod headers systemctl restart apache2

go to /etc/apache2/conf-enabled/security.conf:

pico /etc/apache2/conf-enabled/security.conf

find

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # #Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

Uncomment Header set X-Frame-Options: “sameorigin” to look like this:

# # Setting this header will prevent other sites from embedding pages from this # site as frames. This defends against clickjacking attacks. # Requires mod_headers to be enabled. # Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

And restart apache2 again:

systemctl restart apache2

How to enable apache2 cache to speed up your website on ubuntu

First enable the mods:

sudo a2enmod file_cache sudo a2enmod headers sudo a2enmod expires
Code language: Bash (bash)

Then edit the virtual host:

pico /etc/apache2/sites-enabled/000-default.conf
Code language: Bash (bash)

And add ifmodule between virtual host:

<VirtualHost *:80> ServerName www.webleit.info ServerAdmin admin@webleit.info DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined #Include conf-available/serve-cgi-bin.conf <IfModule mod_expires.c> # Turn on the module. ExpiresActive on # Set the default expiry times. ExpiresDefault "access plus 2 days" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType text/css "access plus 1 month" ExpiresByType text/javascript "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType text/x-javascript "access plus 1 month" ExpiresByType application/x-shockwave-flash "access plus 1 month" ExpiresByType text/css "now plus 1 month" ExpiresByType image/ico "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType text/html "access plus 600 seconds" </IfModule> </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Code language: Apache (apache)

Then restart the apache service:

service apache2 restart
Code language: Bash (bash)

How to enable mod_rewrite on ubuntu web server?

Mod_rewrite enables your links to be user friendly. For example webleit.info/post.php?id=121 is going to be converted to webleit.info/How-to-enable-mod_rewrite-on-ubuntu-web-server/. And that is better for users and search engines. So how do we do that? First we enable mod rewrite:

sudo a2enmod rewrite
Code language: Bash (bash)

Then we have to edit our apache configuration:

sudo pico /etc/apache2/sites-available/000-default.conf
Code language: Bash (bash)

And we add to the file:

<IfModule mod_ssl.c> <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin sonik.blast@gmail.com ServerName webleit.info ServerAlias www.webleit.info DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/webleit.info/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/webleit.info/privkey.pem <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule>
Code language: Bash (bash)

And finally the restart of the apache web server:

service apache2 restart
Code language: Bash (bash)