Shulou(Shulou.com)06/01 Report--

First, take a look at the screenshot of the vulnerability scanned.

The following is a detailed operational solution (the following configuration has been modified several times before the vulnerability is actually fixed):

Security configuration 1:

[root@liulingli html] # find /-name .htaccess

/ var/www/html/wp-content/cache/autoptimize/.htaccess

Vim / var/www/html/wp-content/cache/autoptimize/.htaccess

Add the following five lines

RewriteEngine on

RewriteCond% {REQUEST_METHOD} ^ (TRACE | TRACK)

RewriteRule. *-[F]

Restart the httpd service

[root@liulingli html] # service httpd restart

Stopping httpd: [OK]

Starting httpd: [OK]

Security configuration 2:

Echo "net.ipv4.tcp_timestamps = 0" > > / etc/sysctl.conf

Sysctl-p

Security configuration 3:

Vim / etc/httpd/conf.d/ssl.conf

Original configuration

# SSL Protocol support:

# List the enable protocol levels with which clients will be able to

# connect. Disable SSLv2 access by default:

SSLProtocol all-SSLv2

# SSL Cipher Suite:

# List the ciphers that the client is permitted to negotiate.

# See the mod_ssl documentation for a complete list.

SSLCipherSuite all, "ADH," export, "SSLv2," RC4, "RSAV,"HIGH,"Medu,"low."

Modify to the following configuration:

SSLProtocol all-SSLv2-SSLv3

# SSL Cipher Suite:

# List the ciphers that the client is permitted to negotiate.

# See the mod_ssl documentation for a complete list.

SSLHonorCipherOrder on

SSLCipherSuite ECDHEMui AES256 GCMMY SHA384GCMMY GCMMY SHA256ECDHEMY RSAMY AES256FECDHEMUE RSAMY AES256MUBE ECDHEMY RSAMY AES128MFECDHEMUE RSAMY AES126MUBE RC4 SHAHEMIANG ECDHEMAY RSAMY RSAMY RSAE256 SHARANDEHEMUR RSAUSEAES256 SHAAMORHEUE RSAUSEAES258, SHAARHEUR RC4

And add the following three lines

RewriteEngine on

RewriteCond% {REQUEST_METHOD} ^ (TRACE | TRACK)

RewriteRule. *-[F]

Service httpd restart

Note} there is a space after it, otherwise the httpd service cannot be restarted

Scan the website again and find that both high-and medium-risk vulnerability alerts have been eliminated.

After 10 modifications and scans, it was finally solved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.