Change httpd.conf to set User and Group correctly.
vi httpd.conf User apache Group apache
After restarting apache, execute the ps -ef command and you will see that apache is running as “apache” user
3. Restrict access to the root directory
Set the following in the httpd.conf file to enhance the security of the root directory.
<Directory /> Options None Order deny,allow Deny from all </Directory>
4.Set proper permissions for the conf and bin directories
The bin and conf directories should only be viewed by authorized users. Creating a group and adding all users who are allowed to view/modify apache configuration files to this group is a good way to authorize.
If you don’t turn off directory browsing, users can see all the files (directories) in your root directory (or any subdirectories).
The Indexes option displays a list and subdirectories of available files in the browser. So Indexes should be disabled.
<Directory /> Options None Order allow,deny Allow from all </Directory>
<Directory /> Options -Indexes Order allow,deny Allow from all </Directory>
6. Restrict access to specific networks (or IP addresses)
If you need to allow only specific IP addresses or networks to access your website, proceed as follows:
Allow only specific networks to access your website, give the network address under the Allow command.
<Directory /site> Options None AllowOverride None Order deny,allow Deny from all Allow from 10.10.0.0/24 </Directory>
7. Remove unwanted DSO modules
If you load dynamic shared object modules into Apache, they should be in the httpd.conf file under the “LoadModule” directive.
Dynamic Shared Object (DSO) Support. The Apache HTTP Server is a modular program where the administrator can choose the functionality to include in the server by selecting a set of modules. Modules will be compiled as Dynamic Shared Objects (DSOs) that exist separately from the main httpd binary file.
Comment any unwanted “LoadModules” directives in httpd.conf.