filmov
tv
Apache Security - basic hardening & security for apache web server | Part - 1
Показать описание
In this first part of the series on securing apache http web server, we will have a look at most basic configuration checks and settings that can be implemented to secure #apache http web server and secure against various attacks that can disclose internal application information.
The primary idea behind this video series to reduce the attack surface of apache web server by disabling unwanted apache modules that can leave the #webserver to a vulnerable state. We can methodically reduce the attacksurface and make the server resilient to attacks and secure the web application hosted on the server.
In this video, we will be looking into checking if the apache web server has WebDAV module enabled. If the module is enabled, then we must check to see if the module is necessary at all for the application. If not, the we must disable the module. This is demonstrated in the first part.
Next, we explore and demonstrate option how can directory listing lead to website structure disclosure which can reveal internal application information. We will be seeing how we can disable / enable directory listing from the apache configuration file and see a more effective way to totally disable directory listing module.
Then, we ensure that the insecure HTTP method TRACE is disabled and work our way to double check the same.
We then move ahead to restrict access to .htaccess file on the webserver, as unauthorized access to this file can lead to website issues and invalid redirection.
NOTE - The contents shown here are most basic in nature and your hardening steps for your instance of apache web server will depend on the application hosted and the functionality of the application. I request you to kindly ensure this and then proceed with the steps shown in the video.
Also, note that i take no responsibility on any sort of damage done by implementation of these steps.
If you need a discount coupon, kindly post your request at the comment section.
#cyberbytes #apachesecurity #apachehardening
Video Index:-
00:00 - 03:57 - Introduction
03:58 - 05:56 - Checking & Disabling WebDAV module
05:57 - 11:53 - Checking & Disabling Directory listing
11:54 - 14:18 - Securing htaccess files
14:19 - 16:20 - Check & Disable HTTP TRACE method
16:21 - 17:42 - Restrict abuse and secure the ht-files
The primary idea behind this video series to reduce the attack surface of apache web server by disabling unwanted apache modules that can leave the #webserver to a vulnerable state. We can methodically reduce the attacksurface and make the server resilient to attacks and secure the web application hosted on the server.
In this video, we will be looking into checking if the apache web server has WebDAV module enabled. If the module is enabled, then we must check to see if the module is necessary at all for the application. If not, the we must disable the module. This is demonstrated in the first part.
Next, we explore and demonstrate option how can directory listing lead to website structure disclosure which can reveal internal application information. We will be seeing how we can disable / enable directory listing from the apache configuration file and see a more effective way to totally disable directory listing module.
Then, we ensure that the insecure HTTP method TRACE is disabled and work our way to double check the same.
We then move ahead to restrict access to .htaccess file on the webserver, as unauthorized access to this file can lead to website issues and invalid redirection.
NOTE - The contents shown here are most basic in nature and your hardening steps for your instance of apache web server will depend on the application hosted and the functionality of the application. I request you to kindly ensure this and then proceed with the steps shown in the video.
Also, note that i take no responsibility on any sort of damage done by implementation of these steps.
If you need a discount coupon, kindly post your request at the comment section.
#cyberbytes #apachesecurity #apachehardening
Video Index:-
00:00 - 03:57 - Introduction
03:58 - 05:56 - Checking & Disabling WebDAV module
05:57 - 11:53 - Checking & Disabling Directory listing
11:54 - 14:18 - Securing htaccess files
14:19 - 16:20 - Check & Disable HTTP TRACE method
16:21 - 17:42 - Restrict abuse and secure the ht-files
0:05:28
0:17:43
0:14:46
0:23:43
0:28:21
0:03:20
0:00:51
0:21:05
0:07:12
0:04:00
0:09:55
0:22:48
0:04:33
0:04:33
0:02:00
0:01:12
0:09:30
0:37:50
0:04:58
0:58:30
0:02:03
0:10:56
0:03:05
0:32:15