27
Mar
apache hardening
ServerTokens Prod
ServerSignature Off
LoadModule reqtimeout_module modules/mod_reqtimeout.so
<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>
TraceEnable Off
Header always append X-Frame-Options SAMEORIGIN
RequestReadTimeout header=10-30,MinRate=500 body=10,MinRate=2000
ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!3DES
php.ini
expose_php = Off
================
disable tcp timestamp
run and put the line to /etc/rc.d/rc.local
#echo 0 > /proc/sys/net/ipv4/tcp_timestamps
disable icmp timestamp
-A INPUT -p icmp –icmp-type 8 -j ACCEPT