Apache Notes

From Federal Burro of Information
Jump to navigationJump to search

Disable weak cryptography Apache

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT 
SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1

compressions:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html


Protecting against attacks

Apache Range Attack DOS

aka Apache Killer

http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html

RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]

See Also

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf