Apache Notes: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
Line 7: Line 7:
compressions:
compressions:


== Protecting against attacks ==
== Apache Range Attack DOS ==
aka Apache Killer
http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html
RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]


== See Also ==
== See Also ==

Revision as of 20:51, 21 February 2013

Disable weak cryptography Apache

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT 
SSLProtocol -ALL +SSLv3 +TLSv1

compressions:

Protecting against attacks

Apache Range Attack DOS

aka Apache Killer

http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html

RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]

See Also

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf