Secure Apache HTTPD Web Server Configuration for Oracle Solaris 11 / SunOS 5.11 - See http://supratim-sanyal.blogspot.com/2017/05/fun-with-oracle-solaris-113-sunos-511.html

httpd.conf (Solaris 11.3 Apache 2.2.31)

# -----
# /etc/apache2/2.2/httpd.conf
# SANYALnet Solaris 11.3 SunOS 5.11 Apache 2.2 http server config
# Hardened per https://geekflare.com/apache-web-server-hardening-security
# 
# From "Fun with Oracle Solaris 11.3 SunOS 5.11 on 64-bit Intel x86 - SNMP, NTP, FTP, Web, SMB Servers and more with NTFS support"
# http://supratim-sanyal.blogspot.com/2017/05/fun-with-oracle-solaris-113-sunos-511.html
#
# Supratim Sanyal, May 31, 2017; supratim at riseup dot net
# -----
ServerRoot "/usr/apache2/2.2"
Listen 80
ServerTokens Prod
ServerSignature Off
FileETag None
TraceEnable off
Header set X-XSS-Protection "1; mode=block"
Timeout 15
<IfDefine 64bit>
Include /etc/apache2/2.2/conf.d/modules-64.load
</IfDefine>
<IfDefine !64bit>
Include /etc/apache2/2.2/conf.d/modules-32.load
</IfDefine>
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User webservd
Group webservd
</IfModule>
</IfModule>
<IfModule headers_module>
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
</IfModule>
ServerAdmin [email protected]
ServerName 127.0.0.1
DocumentRoot "/var/apache2/2.2/htdocs"
<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
    <LimitExcept GET POST HEAD>
        deny from all
    </LimitExcept>
</Directory>
<Directory "/var/apache2/2.2/htdocs">
    Options -Indexes FollowSymLinks -ExecCGI -Includes
    DirectoryIndex index.html
    AllowOverride None
    Order allow,deny
    Allow from all
    RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
    <Files ?*>
        Options -ExecCGI
        SetHandler default-handler
        RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
    </Files>
    <LimitExcept GET POST HEAD>
        deny from all
    </LimitExcept>
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>
ErrorLog "/var/apache2/2.2/logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "/var/apache2/2.2/logs/access_log" common
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/apache2/2.2/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/var/apache2/2.2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Deny from all
    <LimitExcept GET POST HEAD>
        deny from all
    </LimitExcept>
</Directory>
DefaultType text/plain
<IfModule mime_module>
    TypesConfig /etc/apache2/2.2/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/vnd.pkg5.info .p5i
</IfModule>
Include /etc/apache2/2.2/conf.d/*.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>