Back to Posts

Optimize Apache httpd

Posted in Linux & Sysadmin

Advance your Pentesting Skills at Slayer Labs! Networks Engineered to Exploit.
- Windows/UNIX - Domains/Subnets - Access/Post/Lateral - Low Cost VPN Ranges -


Quick Steps to Optimize & Secure Apache


Below are a few basic steps to secure and optimize your Apache webserver. Most recommendations are for optimizing a basic VPS with minimal footprint.

Note - If htop utility isn’t installed ony your Linux machine, I’d definitely recommend it.

Remove Unnecessary Apache modules to save Memory

By default, Apache loads a variety of different modules. Many of these modules may be un-needed for the scope of your webserver, and will eat up quite a bit of memory.

You can check what modules are loaded by default..

httpd -M
# or...
apache2ctl -M


This will decrease the attack surface on the off chance an existing default module becomes a security risk - such as the Shellshock exploit and mod_cgi.

If you’re running just WordPress on your Apache server, then the below modules will suffice.

mod_alias
mod_authz_host
mod_deflate
mod_dir
mod_expires
mod_headers
mod_mime
mod_rewrite
mod_log_config
mod_autoindex
mod_negotiation
mod_setenvif


To disable out of scope modules, comment out the mods (.so files) in:

/var/httpd/modules
#or
/usr/lib64/https/modules


Restart Apache and you should notice a reduction in memory uses. _

MPM Prefork Mod

If you’re running a minimal VPS with traffic that’s not extremely heavy, then the default Apache Prefork module settings should definitely be altered.

These settings will totally depend on the system resources, traffic, etc. It’s not like subnetting, so there’s no definitive answer. Tweaking it to find out what runs best for your server is the way to go.

You’ll find the necessary lines in the httpd.config file - the example below is for a minimal low memory VPS.

StartServers           2
MinSpareServers        2 
MaxSpareServers        6 
ServerLimit           20
MaxClients            20
MaxRequestsPerChild    60
ListenBacklog        100


Remember to save the config file and restart Apache.

KeepAlive

Both KeepAlive and Timeout are also located in the apache config file.

Reducing your KeepAlive to something less than the default 15 may help Apache performance (or to zero). Server processes waiting for an idle user can eat up resources if you have a steady flow of visitors. Think of how long you may go to a page and click next, or back, etc. The user (is hopefully) digesting the content on your pages and will remain idle for a bit aka no need for that KeepAlive process to be eating resources.

If you have a ton of spare resources and you’d like to make user experience better, you can increase this value.

Custom Cyber Ranges >>

https://slayerlabs.com

Read Next

ModSecurity