linux_wiki:apache_http_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:apache_http_server [2018/03/23 16:02]
billdozor [ssl.conf] 		linux_wiki:apache_http_server [2019/05/25 23:50] (current)
Line 163: Line 163:
 </code> </code>
  
-==== SSL Verification ====+----
  
-Check what ciphers will be used given an Apache config +===== Other Security Settings =====
-<code bash> +
-openssl ciphers -v 'HIGH:!DHE:!EDH:!RC4:!ADH:!MEDIUM' +
-</code>+
  
-Verify server offered ciphers +Other important security settings. 
-<code bash> + 
-sslscan --no-failed 10.1.2.3:443 +==== Redirect HTTP to HTTPS ==== 
-</code> + 
-  * Look for "Supported Server Cipher(s)" and "Preferred Server Cipher(s)"+Redirect all HTTP to HTTPS<code bash><VirtualHost *:80> 
 +  ServerName example.com 
 +  <IfModule mod_rewrite.c> 
 +    RewriteEngine On 
 +    RewriteCond %{HTTPS} off 
 +    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
 +  </IfModule> 
 +</VirtualHost></code> 
 + 
 +---
 + 
 +==== HSTS ==== 
 + 
 +Enabling HTTPS Strict Transport Security (HSTS). 
 + 
 +Add the strict transport security header to the listening HTTPS host section 
 +<code bash># Optionally load the headers module: 
 +LoadModule headers_module modules/mod_headers.so 
 + 
 +<VirtualHost *:443
 +    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 
 +</VirtualHost></code> 
 +  * max-age=63072000 -> Tell web browsers to connect to the site using HTTPS only for two years. Countdown is reset each time the site is visited.
  
 ---- ----
  • linux_wiki/apache_http_server.1521835331.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)