Web Hardening Tips

Uploaded by

Bakiyaraj Balasubramaniam

0% found this document useful (0 votes)

41 views2 pages

Copyright

Available Formats

TXT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

41 views2 pages

Web Hardening Tips

Uploaded by

Bakiyaraj Balasubramaniam

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 2

Search inside document

2.

remove traceroute
Add TraceEnable off in httpd.conf
3.Remove Server Version Banner
in httpd.conf
ServerTokens Prod
ServerSignature Off
restart service.
4.Implementation:
Ensure mod_headers.so is enabled in your httpd.conf
in httpd.conf
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Restart apache
5.Clickjacking Attack
Implementation:
Ensure mod_headers.so is enabled in your httpd.conf
in httpd.conf
Header always append X-Frame-Options SAMEORIGIN
Restart apache
6.Disable directory browser listing
in httpd.conf
Search for Directory and change Options directive to None or
<Directory /opt/apache/htdocs>
Options None
Order allow,deny
Allow from all
</Directory>
or
<Directory /opt/apache/htdocs>
Options -Indexes
Order allow,deny
Allow from all
</Directory>
Restart Apache
2.3. remove etag

Indexes

FileETag None
Restart Apache
Verification:
Open Firefox and access your application
Check HTTP response headers in firebug, you should not see Etag at all.
3.Authorization
3.1 Run Apache from non-privileged account
Create a user and group called apache
#groupadd apache
# useradd G apache apache
Change apache installation directory ownership to newly created non-privileged u
ser
# chown R apache:apache /opt/apache
in httpd.conf
Search for User & Group Directive and change as non-privileged account apache
Verification:
grep for running http process and ensure it s running with apache user
# ps ef |grep http
3.2 Protect binary and configuration directory permission
Go to $Web_Server directory
Change permission of bin and conf folder
# chmod

R 750 bin conf

3.3 System Settings Protection

Installation Guide - WAMP
Document9 pages
Installation Guide - WAMP
pass123word
No ratings yet
TAFJ Debugging Using DesignStudio
Document12 pages
TAFJ Debugging Using DesignStudio
akhtar
No ratings yet
Advanced WordPress Security
Document119 pages
Advanced WordPress Security
Ade Trisna
No ratings yet
Apache2 Virtual Hosts
Document6 pages
Apache2 Virtual Hosts
pantopita
No ratings yet
Some Tutorials in Computer Networking Hacking
From Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
No ratings yet
Apache Webserver Hardening Security Guide
Document26 pages
Apache Webserver Hardening Security Guide
andrevianadf
No ratings yet
How To Install A LAMP Stack On Ubuntu 18-Example
Document9 pages
How To Install A LAMP Stack On Ubuntu 18-Example
coyotesmith2
No ratings yet
Apache Web Server Hardening and Security Guide
Document22 pages
Apache Web Server Hardening and Security Guide
scrib_nok
No ratings yet
Apache Server Essentials Tutorial
Document27 pages
Apache Server Essentials Tutorial
Jagat
No ratings yet
Secure Apache Web Server - Practical Guide
Document41 pages
Secure Apache Web Server - Practical Guide
Kurniawan Setyo Nugroho
100% (1)
Apache Security Guide
Document27 pages
Apache Security Guide
Andrea Morano
No ratings yet
Zend Framework 2 Cookbook
From Everand
Zend Framework 2 Cookbook
Josephus Callaars
No ratings yet
Meteor: Full-Stack Web Application Development
From Everand
Meteor: Full-Stack Web Application Development
Fabian Vogelsteller
No ratings yet
Dev Sec Ops
Document86 pages
Dev Sec Ops
Anderson Lima
No ratings yet
Ap Ache Web Ser Ver Har Dening Ap Ache Web Ser Ver Har Dening & Secur Ity Guide & Secur Ity Guide
Document39 pages
Ap Ache Web Ser Ver Har Dening Ap Ache Web Ser Ver Har Dening & Secur Ity Guide & Secur Ity Guide
macroendrix
No ratings yet
A Practical Guide To Secure and Harden Apache HTTP Server
Document26 pages
A Practical Guide To Secure and Harden Apache HTTP Server
Styphinson Toms
No ratings yet
Install VueFileManager and Set Up Server Requirements
Document12 pages
Install VueFileManager and Set Up Server Requirements
Moe Moe Tun
No ratings yet
Configure Apache Web Server Lab Exercises
Document4 pages
Configure Apache Web Server Lab Exercises
rajeswarikannan
No ratings yet
Virtualdocumentroot /Var/Www/Multibloghost/%0: Allowoverride All
Document2 pages
Virtualdocumentroot /Var/Www/Multibloghost/%0: Allowoverride All
martins
No ratings yet
Apache Gardering Parte 4
Document4 pages
Apache Gardering Parte 4
nonenone
No ratings yet
How To Run Apache HTTPD in Cygwin
Document3 pages
How To Run Apache HTTPD in Cygwin
ARTHUR
No ratings yet
Prestashop Lamp
Document4 pages
Prestashop Lamp
31inuyasha
No ratings yet
Upgrading To 2.4 From 2.2 - Apache HTTP Server Version 2.4
Document9 pages
Upgrading To 2.4 From 2.2 - Apache HTTP Server Version 2.4
Silvia Green
No ratings yet
Install Apache Dan PHP Pada Windows x64
Document8 pages
Install Apache Dan PHP Pada Windows x64
Muh. Hatta
No ratings yet
Installing Apache, PHP & Mysql
Document11 pages
Installing Apache, PHP & Mysql
sareeee
No ratings yet
0 - Recuperação Webserver e Apache2 Final
Document19 pages
0 - Recuperação Webserver e Apache2 Final
Mauro Goncalves
No ratings yet
Configuring Apache Web Server
Document2 pages
Configuring Apache Web Server
Ydia Christian
No ratings yet
Static IP: SSL Certificates Installation
Document26 pages
Static IP: SSL Certificates Installation
naresh babu
No ratings yet
Dansguardian Web Content Filtering
Document9 pages
Dansguardian Web Content Filtering
kickz_bry
No ratings yet
Apache Security Tips
Document18 pages
Apache Security Tips
Scraf Veintitrés
No ratings yet
Install Apache Dan PHP7 Pada Windows x64
Document8 pages
Install Apache Dan PHP7 Pada Windows x64
Muh. Hatta
No ratings yet
GITLAB-GUIDE
Document5 pages
GITLAB-GUIDE
DonQuixote de la Mancha
No ratings yet
How To Setup A Live Site
Document11 pages
How To Setup A Live Site
Rowena Alipar
No ratings yet
How To Install and Configure Squid Proxy On Debian 9
Document3 pages
How To Install and Configure Squid Proxy On Debian 9
Hamdi Maulana
No ratings yet
How To Set Up WebDAV With Apache2 On CentOS 5
Document10 pages
How To Set Up WebDAV With Apache2 On CentOS 5
Alemag Produções
No ratings yet
Tutorial For Squid Server Ministry of Environment
Document3 pages
Tutorial For Squid Server Ministry of Environment
Arap Rutto
No ratings yet
20 Ways To Secure Your Apache Configuration: First, Make Sure You've Installed Latest Security Patches
Document5 pages
20 Ways To Secure Your Apache Configuration: First, Make Sure You've Installed Latest Security Patches
tegalex
No ratings yet
PfSense 2 - 3 - 1 Security Explicit Squid Proxy WPAD SquidGuard Lightsquid and Static ARP
Document21 pages
PfSense 2 - 3 - 1 Security Explicit Squid Proxy WPAD SquidGuard Lightsquid and Static ARP
Godspower Inibu
No ratings yet
ABC
Document40 pages
ABC
Database 1
No ratings yet
Apache2 SSL in Ubuntu: From Linodewiki
Document4 pages
Apache2 SSL in Ubuntu: From Linodewiki
filmiigrice
No ratings yet
Instalare Observium
Document9 pages
Instalare Observium
Puiu Stefan Turcin
No ratings yet
Install Lampp Di Centos NextCloud
Document9 pages
Install Lampp Di Centos NextCloud
Aldin Samsudin
No ratings yet
Installing PHP For Dynamic Web Pages
Document11 pages
Installing PHP For Dynamic Web Pages
Asif Iqbal
No ratings yet
Apache 2
Document2 pages
Apache 2
José Henrique
No ratings yet
LASMST
Document9 pages
LASMST
Damien Seow
No ratings yet
Installing and Working With Apache Web Server
Document6 pages
Installing and Working With Apache Web Server
Dirga Brajamusti
100% (2)
Ccreate Your First Flume Program HTML
Document17 pages
Ccreate Your First Flume Program HTML
Ram
No ratings yet
Mengedit Domain Name Cacti
Document4 pages
Mengedit Domain Name Cacti
nazloen
No ratings yet
User Manual
Document6 pages
User Manual
Pandurang Kamath
No ratings yet
Secure Apache with Mod_Security and Mod_Evasive
Document3 pages
Secure Apache with Mod_Security and Mod_Evasive
nonenone
No ratings yet
Konfig Nginx Mariadb PHP Phpmyadmin
Document7 pages
Konfig Nginx Mariadb PHP Phpmyadmin
Bintang Khalil
No ratings yet
Apache Config
Document6 pages
Apache Config
Pet Marinay
No ratings yet
Zotero Data Server Installation Archlinux
Document8 pages
Zotero Data Server Installation Archlinux
fzefjzo
No ratings yet
Wordpress Security: Define ('DISALLOW - UNFILTERED - HTML', True)
Document11 pages
Wordpress Security: Define ('DISALLOW - UNFILTERED - HTML', True)
pr223
No ratings yet
Getting Started With SAP UI 5
Document6 pages
Getting Started With SAP UI 5
Yanming Cao
No ratings yet
Squid Proxy 2
Document12 pages
Squid Proxy 2
Jorge Torrealba
No ratings yet
Learning Laravel 7 and Bootstrap 4
Document2 pages
Learning Laravel 7 and Bootstrap 4
Jayvee Cadiz Lagmay
No ratings yet
Install Nagios on Slackware
Document6 pages
Install Nagios on Slackware
testeTestado
No ratings yet
Program 1 & 2 DS
Document4 pages
Program 1 & 2 DS
20ACS45 Jeevan raj
No ratings yet
ModSecurity 2.5
From Everand
ModSecurity 2.5
Magnus Mischel
No ratings yet
Ansible Basic
Document1 page
Ansible Basic
Bakiyaraj Balasubramaniam
No ratings yet
Isilon Cmds
Document1 page
Isilon Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Centos CMND List1
Document1 page
Centos CMND List1
Bakiyaraj Balasubramaniam
No ratings yet
Isilon Important Commnads To Know
Document1 page
Isilon Important Commnads To Know
Bakiyaraj Balasubramaniam
No ratings yet
Important Cmnds To Audit Linux
Document1 page
Important Cmnds To Audit Linux
Bakiyaraj Balasubramaniam
No ratings yet
Ethernet Bond
Document2 pages
Ethernet Bond
Bakiyaraj Balasubramaniam
No ratings yet
Secure SSH Linux
Document1 page
Secure SSH Linux
Bakiyaraj Balasubramaniam
No ratings yet
Brocade Switch Commands Part1
Document1 page
Brocade Switch Commands Part1
Bakiyaraj Balasubramaniam
No ratings yet
Jenkins Intro
Document2 pages
Jenkins Intro
Bakiyaraj Balasubramaniam
No ratings yet
Ansible Cmds
Document1 page
Ansible Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Jenkins Intro
Document2 pages
Jenkins Intro
Bakiyaraj Balasubramaniam
No ratings yet
Secure SSH Linux
Document1 page
Secure SSH Linux
Bakiyaraj Balasubramaniam
No ratings yet
Disk Expand Linux Server
Document1 page
Disk Expand Linux Server
Bakiyaraj Balasubramaniam
No ratings yet
Jenkins Learn
Document2 pages
Jenkins Learn
Bakiyaraj Balasubramaniam
No ratings yet
Tomcat Install Steps
Document1 page
Tomcat Install Steps
Bakiyaraj Balasubramaniam
No ratings yet
Jenkins Learn
Document2 pages
Jenkins Learn
Bakiyaraj Balasubramaniam
No ratings yet
Nagios Event Handler Example - To Restart A Service PDF
Document2 pages
Nagios Event Handler Example - To Restart A Service PDF
Bakiyaraj Balasubramaniam
No ratings yet
Tomcat Install Steps
Document1 page
Tomcat Install Steps
Bakiyaraj Balasubramaniam
No ratings yet
Linux Advance Cmds
Document1 page
Linux Advance Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Linux Advance Cmds
Document1 page
Linux Advance Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Jenkins
Document1 page
Jenkins
Bakiyaraj Balasubramaniam
No ratings yet
Puppet Benefits
Document1 page
Puppet Benefits
Bakiyaraj Balasubramaniam
No ratings yet
Kernel Compile
Document1 page
Kernel Compile
Bakiyaraj Balasubramaniam
No ratings yet
Linux Advance Cmds
Document1 page
Linux Advance Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Linux Special Commands
Document1 page
Linux Special Commands
Bakiyaraj Balasubramaniam
No ratings yet
Grep Cmds
Document1 page
Grep Cmds
Bakiyaraj Balasubramaniam
No ratings yet
Top 10 Apache Modules
Document1 page
Top 10 Apache Modules
Bakiyaraj Balasubramaniam
No ratings yet
Event Handlers: State Types Host Checks Service Checks
Document3 pages
Event Handlers: State Types Host Checks Service Checks
Bakiyaraj Balasubramaniam
No ratings yet
Diff Vsphere Esxi Vcenter
Document6 pages
Diff Vsphere Esxi Vcenter
Bakiyaraj Balasubramaniam
No ratings yet