Ketika Anda mengkonfigurasi infrastruktur web server dan pengembangannya, perhatian utama haruslah keamanan. Kita mungkin menghadapi konsekuensi serius di masa depan. Kita harus menerapkan keamanan ke berbagai arah. Dalam hal itu, Jika kita menjalankan aplikasi dengan server Apache, kita harus menerapkan tip keamanan ini di server tersebut.

Langkah 1 : Memeriksa HTTP Header

$ curl -I https://www.binadarma.ac.id
HTTP/1.1 200 OK
Date: Thu, 31 Oct 2019 00:55:06 GMT
Server: Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.5.30
Last-Modified: Wed, 30 Oct 2019 01:39:25 GMT
ETag: “27182-59616cd8627f1”
Accept-Ranges: bytes
Content-Length: 160130
Connection: keep-alive
Pragma: public
Cache-Control: max-age=3600, public
Content-Type: text/html; charset=UTF-8

Langkah 2 : Menyembunyikan Versi Apache
Jika menggunakan ssl masukkan pada /etc/apache2/sites-available/default-ssl.conf 
# nano /etc/apache2/site-available/default-ssl.conf 
<IfModule mod_ssl.c>
 SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
 SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 SSLHonorCipherOrder On
 Header always set X-Content-Type-Options nosniff
 Header always set X-Xss-Protection "1; mode=block"
 SSLCompression off
 SSLUseStapling on
 SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
 SSLSessionTickets Off
 ServerTokens Prod
 ServerSignature Off

Jika tidak menggunakan ssl masukkan dalam file /etc/apache/apache2.conf

Langkah 3 : Periksa kembali, sebagai contoh outpunya
$ curl -I  https://molaviarman.net
 HTTP/1.1 301 Moved Permanently
 Date: Thu, 31 Oct 2019 01:05:13 GMT
 Content-Type: text/html; charset=iso-8859-1
 Connection: keep-alive
 Set-Cookie: __cfduid=d09901d5a6c005c54a89d44bf6fe655c21572483913; expires=Fri, 30-Oct-20 01:05:13 GMT; path=/; domain=.molaviarman.net; HttpOnly
 Location: https://www.molaviarman.net
 CF-Cache-Status: DYNAMIC
 Server: cloudflare
 CF-RAY: 52e1b82c9e1fa9e8-SIN