This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "SCG WS Apache"

From OWASP
Jump to: navigation, search
(basic template of stuff that will be added and expanded.)
Line 5: Line 5:
  
 
== Misconfigurations ==
 
== Misconfigurations ==
 +
 +
'''Please also mention /server-status ! '''
  
 
1. Version details disclosed in headers
 
1. Version details disclosed in headers

Revision as of 16:28, 5 January 2015

This article is part of the OWASP Secure Configuration Guide.
Back to the OWASP Secure Configuration Guide ToC: https://www.owasp.org/index.php/Secure_Configuration_Guide Back to the OWASP Secure Configuration Guide Project: https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide


Details will be added in proper format. right now cataloguing links which can be used as references.

Misconfigurations

Please also mention /server-status !

1. Version details disclosed in headers disable apache tokens


2. Proper SSL cipher selection Cipher orders Disable specific ciphers

3. Guidelines on how to store ssl private keys on server stuff like not to store private keys on /var/www/

4. Detailing about various authentication types

basic, digest, X509, LDAP or others.

Detailing about authoentication types and which one to use in which situation.


References

https://httpd.apache.org/docs/current/misc/security_tips.html

https://wiki.debian.org/Apache/Hardening