Archive for March 27th, 2018

27
Mar

apache hardening

   Posted by: admin    in Mẹo vặt của hiếu râu

ServerTokens Prod

ServerSignature Off
LoadModule reqtimeout_module modules/mod_reqtimeout.so

<Location />
<LimitExcept GET POST>
order deny,allow
deny from all
</LimitExcept>
</Location>

TraceEnable Off
Header always append X-Frame-Options SAMEORIGIN

RequestReadTimeout header=10-30,MinRate=500 body=10,MinRate=2000

ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!3DES
php.ini
expose_php = Off
================
disable tcp timestamp
run and put the line to /etc/rc.d/rc.local
#echo 0 > /proc/sys/net/ipv4/tcp_timestamps
disable icmp timestamp
-A INPUT -p icmp –icmp-type 8 -j ACCEPT