🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Security & Hardening

Apache Configuration Analysis with Python: Check VirtualHosts, SSL, and Security (Free CLI Tool)

Dargslan | April 12, 2026 | 12 min read
Apache Configuration Analysis with Python: Check VirtualHosts, SSL, and Security (Free CLI Tool)

Why Apache Configuration Auditing Matters

Apache HTTP Server remains the most widely deployed web server, powering approximately 30% of all websites. Its flexibility comes with complexity — a typical Apache installation has dozens of configuration files spread across multiple directories, with VirtualHost definitions, module configurations, and security settings that interact in non-obvious ways.

Common Apache misconfigurations include exposing server version information (ServerTokens), enabling directory listing (Options Indexes), using outdated SSL/TLS protocols, missing security headers, and leaving the TRACE method enabled. These issues are easy to introduce and hard to detect manually across multiple VirtualHosts.

dargslan-apache-analyzer parses your entire Apache configuration tree — following Include and IncludeOptional directives — and checks every VirtualHost against security best practices.

Install dargslan-apache-analyzer

pip install dargslan-apache-analyzer

Zero dependencies. Auto-detects Apache configuration on Debian/Ubuntu and RHEL/CentOS systems.

CLI Usage

# Full analysis report
dargslan-apache report

# List all VirtualHosts
dargslan-apache vhosts

# Show loaded modules
dargslan-apache modules

# Security issues only
dargslan-apache issues

# Test configuration syntax
dargslan-apache test

# JSON output
dargslan-apache json

# Custom config path
dargslan-apache report -c /etc/httpd/conf/httpd.conf

Python API

from dargslan_apache_analyzer import ApacheAnalyzer

aa = ApacheAnalyzer()

# List VirtualHosts
for vhost in aa.get_vhosts():
    ssl = " [SSL]" if vhost["ssl"] else ""
    print(f"{vhost[\"server_name\"]}{ssl} -> {vhost[\"document_root\"]}")

# Security audit
issues = aa.check_security()
for i in issues:
    print(f"[{i[\"severity\"]}] {i[\"message\"]}")

# Loaded modules
modules = aa.get_loaded_modules()
print(f"Loaded modules: {len(modules)}")

# Config syntax test
result = aa.test_config()
print(f"Config valid: {result[\"valid\"]}")

Security Checks Performed

  • ServerTokens — Should be "Prod" to hide version information
  • ServerSignature — Should be "Off" to suppress version in error pages
  • TraceEnable — Should be "Off" to prevent cross-site tracing
  • Directory Listing — Options Indexes should not be enabled
  • SSL Protocols — SSLv3 and TLSv1.0 should be disabled
  • Security Headers — X-Frame-Options, X-Content-Type-Options, HSTS
  • Security Modules — mod_security, mod_headers, mod_ssl

Download the Apache Configuration Cheat Sheet

Get our Apache Configuration Cheat Sheet — covering security hardening, VirtualHosts, SSL best practices, and essential commands.

Related Tools

See all web server Python tools at dargslan.com. Our web security eBooks cover Apache, Nginx, and reverse proxy hardening.

Share this article:
Dargslan Editorial Team (Dargslan)
About the Author

Dargslan Editorial Team (Dargslan)

Collective of Software Developers, System Administrators, DevOps Engineers, and IT Authors

Dargslan is an independent technology publishing collective formed by experienced software developers, system administrators, and IT specialists.

The Dargslan editorial team works collaboratively to create practical, hands-on technology books focused on real-world use cases. Each publication is developed, reviewed, and...

Programming Languages Linux Administration Web Development Cybersecurity Networking
View all books

Related Articles

Stay Updated

Subscribe to our newsletter for the latest tutorials, tips, and exclusive offers.