Category: Apache
Set Apache ExtendedStatus Off to improve performance
Reference: https://www.monitis.com/blog/25-apache-performance-tuning-tips/ Set ExtendedStatus Off – Although very useful, the ExtendedStatus will produce several system calls for each request to gather statistics. Better to utilize for a set time period in order to benchmark, then turn back off. In /etc/httpd/conf/httpd.conf Then restart Apache
Server Configuration and Tuning for Optimal Server Performance
Here is a summary of server configuration for optimal server performance, site speed, and security for a single ecommerce site dedicated server with 16GB RAM. File locations are based on cPanel EA4 Apache 2.4 Event MPM PHP 7.4 PHP-FPM MariaDB 10.3 All configuration values are defined and tuned based on our actual website usages. E.g….
Block XML-RPC Attacks using .htaccess
Place this code inside the .htaccess file:
Optimized .htacces for Cache-Control / Expires / Security
Below codes will optimized website performance and security with: Gzip Compression Strict-Transport-Security unset ETag set X-Content-Type-Options “nosniff“ Cache-Control for Images (1 month) and CSS/JS with (1 week) Expires for Images (1 month) and CSS/JS with (1 week) If you are using cPanel, putting these config in pre_main_2.conf is preferred which will apply these to all…
Obsoleted SecFilterEngine and SecFilterScanPOST Code in .htaccess
Problem Below code is presented in original ISC .htacess file which is already obsoleted in Apache2 and ModSecurity2 Solution Remove below code completely from .htaccess
Enforce HTTPS with Strict Transport Security (HSTS)
Problem Some websites are conceived to only work in HTTPS. In that case, the webmaster sometimes keeps its HTTP version functional with an HTTPS redirection. But this mechanism is not safe and the web site can be the victim of a MITM attack Solution To avoid this, you can indicate browsers that the web site…