Apache Notes

From Federal Burro of Information
Revision as of 20:23, 6 January 2017 by David (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Disable weak cryptography Apache 

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT 
SSLProtocol ALL -SSLv1 -SSLv2 -TLSv1

compressions:

https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html


Protecting against attacks

Apache Range Attack DOS

aka Apache Killer

http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html 

RewriteEngine On
RewriteCond %{HTTP:range} ^.+$ [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP:request-range} ^.+$ [NC]
RewriteRule .* - [F]

See Also

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf

Retrieved from "https://wiki.quadratic.net/index.php?title=Apache_Notes&oldid=3149"