linux_wiki:apache_http_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
linux_wiki:apache_http_server [2018/03/23 16:02]
billdozor [ssl.conf] 		linux_wiki:apache_http_server [2018/03/23 16:10]
billdozor [SSL Verification]
Line 163: Line 163:
 </code> </code>
  
-==== SSL Verification ==== 
  
-Check what ciphers will be used given an Apache config +----
-<code bash> +
-openssl ciphers -v 'HIGH:!DHE:!EDH:!RC4:!ADH:!MEDIUM' +
-</code>+
  
-Verify server offered ciphers +===== Other Security Settings ===== 
-<code bash> + 
-sslscan --no-failed 10.1.2.3:443 +Other important security settings. 
-</code> + 
-  * Look for "Supported Server Cipher(s)" and "Preferred Server Cipher(s)"+==== Redirect HTTP to HTTPS ==== 
 + 
 +Redirect all HTTP to HTTPS<code bash><VirtualHost *:80> 
 +  ServerName example.com 
 +  <IfModule mod_rewrite.c> 
 +    RewriteEngine On 
 +    RewriteCond %{HTTPS} off 
 +    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
 +  </IfModule> 
 +</VirtualHost></code> 
 + 
 +---
 + 
 +==== HSTS ==== 
 + 
 +Enabling HTTPS Strict Transport Security (HSTS). 
 + 
 +Add the strict transport security header to the listening HTTPS host section 
 +<code bash># Optionally load the headers module: 
 +LoadModule headers_module modules/mod_headers.so 
 + 
 +<VirtualHost *:443
 +    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" 
 +</VirtualHost></code> 
 +  * max-age=63072000 -> Tell web browsers to connect to the site using HTTPS only for two years. Countdown is reset each time the site is visited.
  
 ---- ----
  • linux_wiki/apache_http_server.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)