Needing to correct some security gaps in Apache
Posted by: darthpathos42 (158.106.86.---)
Date: July 18, 2019 03:26PM

Good morning

We have finished doing a threat risk assessment on our server and the following issues have been identified.

I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.

We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.


- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.

Thanks in advance
Chris

Options: ReplyQuote
Re: Needing to correct some security gaps in Apache
Posted by: RiggsFolly (Moderator)
Date: July 18, 2019 05:29PM

Hi,

This is not a General Advice sute. This site is specific to WAMPServer.

As WAMPServer is a developer environment, we do not make suggestions on the areas you are seeking help on anyway

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.2.0 32bit & 64bit)
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.16>

Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your MySQL databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Options: ReplyQuote
Re: Needing to correct some security gaps in Apache
Posted by: darthpathos42 (---.dsl.bell.ca)
Date: July 19, 2019 01:31AM

Hi RiggsFolly - Sorry about that, new to all this :-) Any ideas where I can find a community that i can post? I'm' kind of stuck and thought this was my best option.

Options: ReplyQuote
Re: Needing to correct some security gaps in Apache
Posted by: RiggsFolly (Moderator)
Date: July 19, 2019 11:53AM

You might try one of the Stack sites
This one maybe [dba.stackexchange.com]

---------------------------------------------------------------------------------------------
(Windows 10 Pro 64bit) (Wampserver 3.2.0 32bit & 64bit)
<Apache versions MULTIPE> <PHP versions MULTIPLE> <MySQL Versions MULTIPLE>
<MariaDB versions MULTIPLE> <phpMyAdmin versions MULTIPLE> <MySQL Workbench 8.0.16>

Read The Manuals Apache -- MySQL -- PHP -- phpMyAdmin
Get your Apache/MySQL/mariaDB/PHP ADDONs here from the WAMPServer alternate Repo
-X-X-X- Backup your MySQL databases regularly Here is How dont regret it later! Yes even when developing -X-X-X-

Options: ReplyQuote


Sorry, only registered users may post in this forum.