Quantcast
Channel: WampServer - WampServer English
Viewing all articles
Browse latest Browse all 3177

Needing to correct some security gaps in Apache (1 reply)

$
0
0
Good morning

We have finished doing a threat risk assessment on our server and the following issues have been identified.

I'm unsure where to go in the Config file to correct these; any suggestions would be appreciated.

We're running Windows Server2012R2, Apache2.4, and everything is SSL Encrypted with 256-bit passwords.


- MISSING SECURITY HEADERS (on server name) Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
- Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
- The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.

Thanks in advance
Chris

Viewing all articles
Browse latest Browse all 3177

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>