Apache Notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
(Created page with " Disable weak cryptography Apache SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT SSLProtocol -ALL +SSLv3 +TLSv1") |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT | SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT | ||
SSLProtocol - | SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1 | ||
compressions: | |||
https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html | |||
== Protecting against attacks == | |||
== Apache Range Attack DOS == | |||
aka Apache Killer | |||
http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html | |||
RewriteEngine On | |||
RewriteCond %{HTTP:range} ^.+$ [NC] | |||
RewriteRule .* - [F] | |||
RewriteCond %{HTTP:request-range} ^.+$ [NC] | |||
RewriteRule .* - [F] | |||
== See Also == | |||
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls | |||
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf | |||
Latest revision as of 20:23, 6 January 2017
Disable weak cryptography Apache
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1
compressions:
https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
Protecting against attacks
Apache Range Attack DOS
aka Apache Killer
http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html
RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]
See Also
https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf
