IP Forwarding

In order to use a linux host as a router/firewall, you first need to enable IP Forwarding:

# sysctl -w net.ipv4.ip_forward=1

To make the change permanent insert or edit the following line in edit /etc/sysctl.conf:

net.ipv4.ip_forward = 1

[Apache] Basic tips for security

The Debian’s default apache.conf is quite good, but there is some parameters i like to redefine in order to improve security a little:

Disable apache signature

ServerSignature Off
ServerTokens Prod

Disable HTTP trace request

TraceEnable Off

Disable Unnecessary Modules

Look for lines that begin with LoadModule. To disable the module just comment them. Here are some modules that are typically enabled by default but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex.