WampServer
Apache, PHP, MySQL
on Windows
Needing to correct some security gaps in Apache
Posted by:
darthpathos42
(158.106.86.---)
Date: July 18, 2019 03:26PM
Good morning
We have finished doing a threat risk assessment on our server and the following issues have been identified.
I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.
We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.
- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
Thanks in advance
Chris
We have finished doing a threat risk assessment on our server and the following issues have been identified.
I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.
We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.
- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
Thanks in advance
Chris
Re: Needing to correct some security gaps in Apache
Posted by:
RiggsFolly
(Moderator)
Date: July 18, 2019 05:29PM
Hi,
This is not a General Advice sute. This site is specific to WAMPServer.
As WAMPServer is a developer environment, we do not make suggestions on the areas you are seeking help on anyway
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
This is not a General Advice sute. This site is specific to WAMPServer.
As WAMPServer is a developer environment, we do not make suggestions on the areas you are seeking help on anyway
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Re: Needing to correct some security gaps in Apache
Posted by:
darthpathos42
(---.dsl.bell.ca)
Date: July 19, 2019 01:31AM
Hi RiggsFolly - Sorry about that, new to all this :-) Any ideas where I can find a community that i can post? I'm' kind of stuck and thought this was my best option.
Re: Needing to correct some security gaps in Apache
Posted by:
RiggsFolly
(Moderator)
Date: July 19, 2019 11:53AM
You might try one of the Stack sites
This one maybe [dba.stackexchange.com]
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
This one maybe [dba.stackexchange.com]
---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.3.4 64bit) Aestan Tray Menu 3.2.5.4
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.23>
Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-
Sorry, only registered users may post in this forum.
