Lab Information
We are working on hardening Apache web server on all app servers. As a part of this process we want to add some of the Apache response headers for security purpose. We are testing the settings one by one on all app servers. As per details mentioned below enable these headers for Apache:
Install httpd package on App Server 1 using yum and configure it to run on 3002 port, make sure to start its service.
Create an index.html file under Apache's default document root i.e /var/www/html and add below given content in it.
Welcome to the xFusionCorp Industries!
Configure Apache to enable below mentioned headers:
X-XSS-Protection header with value 1; mode=block
X-Frame-Options header with value SAMEORIGIN
X-Content-Type-Options header with value nosniff
Note: You can test using curl on the given app server as LBR URL will not work for this task.
Lab Solutions
π§ Part 1: Lab Step-by-Step Guidelines
1οΈβ£ Login to App Server 1
ssh tony@stapp01
# Password - Ir0nM@n
sudo -i
2οΈβ£ Install Apache (httpd)
yum install -y httpd
3οΈβ£ Change Apache port to 3002
Edit config:
vi /etc/httpd/conf/httpd.conf
Find:
Listen 80
Change to:
Listen 3002
4οΈβ£ Create index.html
echo "Welcome to the xFusionCorp Industries!" > /var/www/html/index.html
5οΈβ£ Enable required headers
Edit Apache config again:
vi /etc/httpd/conf/httpd.conf
π Add these lines at the end of file:
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
6οΈβ£ Start Apache
systemctl restart httpd
7οΈβ£ Enable Apache
systemctl enable httpd
8οΈβ£ Verify service
systemctl status httpd
9οΈβ£ Test using curl
curl -I http://localhost:3002
π You should see:
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
π§ Part 2: Simple Step-by-Step Explanation (Beginner Friendly)
What you are doing
You are securing Apache by adding HTTP headers.
What is happening
When a browser requests your website:
Client β Apache β Response + Headers
Headers tell the browser how to behave securely.
Explanation of each header
1οΈβ£ X-XSS-Protection
1; mode=block
π Protects against:
Cross-Site Scripting (XSS attacks)
2οΈβ£ X-Frame-Options
SAMEORIGIN
π Prevents:
Clickjacking attacks
Only allows site to be framed by itself.
3οΈβ£ X-Content-Type-Options
nosniff
π Stops browser from:
Guessing file types
Prevents malicious file execution.
Why change port to 3002?
Default: 80
Lab requirement: 3002
So Apache listens on:
http://localhost:3002
Final flow
Browser β Apache (3002)
β
HTML page + Security Headers
Key takeaway
Hardening = making server safer by controlling behavior
---
##### **Resources & Next Steps**
##### π¦ Full Code Repository: [KodeKloud Learning Labs](https://github.com/thukhakyawe/100-Days-Of-DevOps-KodeKloud-Challenges-Solutions)
##### π More Deep Dives: [Whispering Cloud Insights](https://thukhakyawe.hashnode.dev/) - Read other technical articles
##### π¬ Join Discussion: [DEV Community](https://dev.to/thukhakyawe_cloud) - Share your thoughts and questions
##### πΌ Let's Connect: [LinkedIn](https://www.linkedin.com/in/thukhakyawe/) - I'd love to connect with you
---
##### **Credits**
##### β’ All labs are from: [KodeKloud](https://kodekloud.com/)
##### β’ I sincerely appreciate your provision of these valuable resources.
---
Top comments (0)