Shulou(Shulou.com)06/01 Report--

Bar Mitzvah Attack vulnerability exists in 1.SSL/TLS

Because the SSL module is not installed on the apache server, you need to install the mod_ssl module without recompiling apahe.

1.0 install apxs,yum install httpd_devel

1.1 enter the apache source directory and enter the ssl directory under the module folder

1.2 find the include path of oepnssl

1.3 run / usr/local/apache2/bin/apxs-I-c-a-D HAVE_OPENSSL=1-I / usr/include/openssl-lcrypto-lssl-ldl * .c

1.4 check the configuration and restart. After successful execution, you can see that the mod_ssl module has been added in the httpd.conf configuration file, and the mod_ssl.so file has also been created in module in the apache installation directory.

Disable the RC4 encryption algorithm in apache and modify the following configuration in / etc/httpd/conf.d/ssl.conf:

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4

Restart the apache service:

/ etc/init.d/httpd restart

2.SSLv3 has serious design vulnerabilities (CVE-2014-3566)

Disable SSLv3 and SSLv3 in the SSL configuration of Apache, and modify the following configuration in / etc/httpd/conf.d/ssl.conf:

SSLProtocol all-SSLv2-SSLv3

3. A slow http denial of service may be detected on the target host * *

Limit the maximum license time for HTTP header transfer of the web server, and add the following configuration in / etc/httpd/conf/httpd.conf:

RequestReadTimeout header=5-40 MinRatekeeper 500 body=20,MinRate=500

FREAK*** vulnerability exists in 4.SSL/TLS

Update openssl, which has been fixed in the new version, yum update openssl

5. Click hijack: X-Frame-Options is not configured

Add the following configuration to / etc/httpd/conf/httpd.conf:

Header always append X-Frame-Options "DENY"

Part of the content comes from the contributions of netizens.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.