October 29, 2008

5 basic Apache security tips

Here are just few things to keep in mind when setting up Apache and undergoing a quick security audit. 1. Turn off TRACE or TRACK Methods on Apache A Trace or Track method is a debug method used to debug webserver connections. A server supporting Trace connections can be subject to cross-site scripting attacks, dubbed XST for “Cross-Site Tracing” (cf to http://www.apacheweek.com/issues/03-01-24) To disable Trace or Track methods… make sure first that mod_rewrite is enabled, then RewriteCond %{REQUES_METHOD]^(TRACE|TRACK) RewriteRule .* - [F] ... Read more