Logo

Building a sound foundation

  • Introduction
    • What?
    • Why?
    • How?
  • Keep only required modules
    • Nginx
    • Apache
  • Disable unwanted services
    • Apache
    • Nginx
  • Restrict file and directory access
    • Apache
    • Nginx
  • Disable unwanted HTTP methods
    • Nginx
    • Apache
  • Create non-root users
  • Install and use ModSecurity
    • Nginx
    • Apache
    • Usage
    • Configuration resources
  • Install and use ModEvasive
  • Set up and configure logging
    • Nginx
    • Apache

Resolving TLS issues

  • Introduction
    • What?
    • Why?
    • How?
  • (Re)configure TLS
    • Nginx
    • Apache: TLS 1.2 only
    • Apache: TLS 1.3 and 1.2
  • Manually specify cipher suite
  • Configure forward secrecy

Preventing information disclosure

  • Introduction
    • What?
    • Why?
    • How?
  • Hide web server information
    • Apache
    • Nginx
  • Disable directory listing
    • Apache
    • Nginx
    • Disable SSI and autoindex execution

Setting HTTP security headers

  • Introduction
    • What?
    • Why?
    • How?
  • Check your HTTP security headers
  • HTTP Strict Transport Security (HSTS)
    • Nginx
    • Apache
    • Resources
  • X-Frame-Options
    • Nginx
    • Apache
    • Resources
  • Content Security Policy (CSP)
    • Nginx
    • Apache
    • Resources
  • Permissions-Policy
    • Apache
    • Nginx
    • Resources
  • Referrer-Policy
    • Apache
    • Nginx
    • Resources
  • X-Content-Type-Options
    • Apache
    • Nginx
    • Resources
  • X-XSS-Protection
    • Apache
    • Nginx
    • Resources
  • Set-Cookie
    • Resources
  • Content-Type
    • Resources

Using CORS

  • Introduction
    • What?
    • Why?
    • How?
  • CORS best practices
  • CORS on Nginx
    • Resources
  • CORS on Apache
    • Resources
Hardening webserver
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact
Unseen University, 2024, with a forest garden fostered by /ut7.