# Remove All Default Apache Content PURPOSE: Apache can ship with many default files that is not necessary for normal operation and can pose a security risk. Files can include executeable scripts, or other files with identifying information. Many web servers will ship with CGI programs to demonstrate the capabilities of it's software. These programs are not needed for normal operations and should be removed upon installing the web server. For Apache, 2 scripts to look for and remove are: - `printenv`: When executed this script will print all the CGI environmnet variables which could include configuration settings and other server details - `test-cgi`: This script will print information about the web server including directory paths and detail configuration settings. DEFAULT: Source builds of Apache ship with `printenv` and `test-cgi`, vendor copies of Apache may differ. If left misconfigured, an attacker can get sensitive server information from the `/icons/` directory. It is recommended to remove access to the directory by commenting out the `Alias` directive in `alias.conf` ``` #Alias /icons/ "/usr/share/apache2/icons/" # <Directory "/usr/share/apache2/icons"> # Options FollowSymlinks # AllowOverride None # Require all granted # </Directory> ```