Good morning
We have finished doing a threat risk assessment on our server and the following issues have been identified.
I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.
We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.
- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
Thanks in advance
Chris
We have finished doing a threat risk assessment on our server and the following issues have been identified.
I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.
We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.
- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
Thanks in advance
Chris