Apache Notes: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
 
Line 3: Line 3:


  SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT  
  SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT  
  SSLProtocol -ALL +SSLv3 +TLSv1
  SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1


compressions:
compressions:
https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html


== Protecting against attacks ==
== Protecting against attacks ==

Latest revision as of 20:23, 6 January 2017

Disable weak cryptography Apache

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT 
SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1

compressions:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html


Protecting against attacks

Apache Range Attack DOS

aka Apache Killer

http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html

RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]

See Also

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf