Difference between revisions of "SCG WS Apache"

Revision as of 06:03, 23 December 2014

This article is part of the OWASP Secure Configuration Guide.

Back to the OWASP Secure Configuration Guide ToC:
   https://www.owasp.org/index.php/Secure_Configuration_Guide
Back to the OWASP Secure Configuration Guide Project:
   https://www.owasp.org/index.php/OWASP_Secure_Configuration_Guide

1 Misconfigurations
2 References

Details will be added in proper format. right now cataloguing links which can be used as references.

Misconfigurations

1. Version details disclosed in headers disable apache tokens

2. Proper SSL cipher selection Cipher orders Disable specific ciphers

3. Guidelines on how to store ssl private keys on server stuff like not to store private keys on /var/www/

4. Detailing about various authentication types

basic, digest, X509, LDAP or others.

Detailing about authoentication types and which one to use in which situation.

References

https://httpd.apache.org/docs/current/misc/security_tips.html

https://wiki.debian.org/Apache/Hardening

Difference between revisions of "SCG WS Apache"

Revision as of 06:03, 23 December 2014

Misconfigurations

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
 {{Template:OWASP Secure Configuration Guide}}
+Details will be added in proper format.
+right now cataloguing links which can be used as references.
+== Misconfigurations ==
+. Version details disclosed in headers
+disable apache tokens
+. Proper SSL cipher selection
+Cipher orders
+Disable specific ciphers
+. Guidelines on how to store ssl private keys on server
+stuff like not to store private keys on /var/www/
+. Detailing about various authentication types
+basic, digest, X509, LDAP or others.
+Detailing about authoentication types and which one to use in which situation.
+== References ==
+https://httpd.apache.org/docs/current/misc/security_tips.html
+https://wiki.debian.org/Apache/Hardening