Skip to content

Latest commit

 

History

History
90 lines (61 loc) · 2.86 KB

web_server_security.md

File metadata and controls

90 lines (61 loc) · 2.86 KB
Raw

Web Server Security

Overview

Web servers are a critical component of many IT infrastructures, serving content and applications to users. Hardening web servers is essential to protect against common web-based threats and vulnerabilities.

Importance

  • Data Protection: Securing web servers helps protect sensitive data from unauthorized access and breaches.
  • Attack Prevention: Hardening practices can prevent attacks such as SQL injection, cross-site scripting (XSS), and others.
  • Regulatory Compliance: Proper security measures ensure compliance with data protection regulations and standards.

Apache Hardening

  1. Keep Apache Updated:

    • Regularly update Apache to the latest version to ensure you have the latest security patches.

  2. Minimize Modules:

    • Disable any unnecessary modules to reduce the attack surface.
    sudo a2dismod status

  3. Use mod_security:

    • Install and configure mod_security, a web application firewall for Apache.
    sudo apt-get install libapache2-mod-security2
sudo a2enmod security2

  4. Enable HTTPS:

    • Use SSL/TLS to encrypt traffic between the server and clients.
    sudo a2enmod ssl
sudo a2ensite default-ssl

  5. Restrict Directory Access:

    • Use <Directory> directives to restrict access to sensitive directories.

  6. Limit Request Size:

    • Configure limits for request sizes to prevent denial-of-service (DoS) attacks.
    LimitRequestBody 10485760  # 10 MB

Nginx Hardening

  1. Keep Nginx Updated:

    • Regularly update Nginx to the latest version to ensure you have the latest security patches.

  2. Disable Server Tokens:

    • Hide Nginx version information by setting the server_tokens directive to off.
    server_tokens off;

  3. Use SSL/TLS:

    • Configure Nginx to use HTTPS with a valid certificate to encrypt traffic.

  4. Restrict Access:

    • Use the allow and deny directives to restrict access to sensitive areas.

  5. Limit Request Size:

    • Set the client_max_body_size directive to limit the size of client request bodies.
    client_max_body_size 10M;

  6. Enable HTTP/2:

    • If possible, enable HTTP/2 in your Nginx configuration to improve security and performance.
    listen 443 ssl http2;

Best Practices

  • Regular Security Audits: Periodically audit your web server configuration and security settings.
  • Monitor Access Logs: Keep an eye on access logs for suspicious activities and potential attacks.
  • Use Security Headers: Implement security headers like X-Frame-Options and Content-Security-Policy to enhance security.

By following these guidelines and best practices, you can significantly improve the security of your web server and protect your applications and data from potential threats.