Apache – Page 33 – WindowsTechs.com

Malformed HTTP requests with repeated protocol (GET /https://https://www.DOMAIN.com) in Apache logs – what vulnerability are they scanning for?

Posted on December 21, 2017 by vallismortis

About once per day, I’m seeing the following series of requests in my Apache 2.4 httpd logs, and I’m trying to figure out what vulnerability is being scanned for. Each occurrence of these scans has an identical pattern (repla… Continue reading Malformed HTTP requests with repeated protocol (GET /https://https://www.DOMAIN.com) in Apache logs – what vulnerability are they scanning for?→

Is mod_reqtimeout a sufficient and safe technique to mitigate Slow HTTP DoS Attacks?

Posted on December 13, 2017 by alecxe

We’ve been looking into configuring apache against the Slow HTTP DoS Attacks and stumbled upon this article, which goes over multiple techniques and apache configuration options.

mod_reqtimeout module looks promising and we … Continue reading Is mod_reqtimeout a sufficient and safe technique to mitigate Slow HTTP DoS Attacks?→

TLS session resumption failure Windows 2012 R2

Posted on December 5, 2017 by jmyns

I have an issue with TLS session resumption failing on a specific Windows 2012 R2 client connecting to an apache server running openSSL.

When I make the initial request the server provides a session ticket. If I make another… Continue reading TLS session resumption failure Windows 2012 R2→

How to disable HTTP 1.0 protocol in Apache?

Posted on November 28, 2017 by syam.k

HTTP 1.0 has security weakness related to session hijacking. Is there a way to disable it by using the mod_rewrite module?

Continue reading How to disable HTTP 1.0 protocol in Apache?→

How to disable HTTP 1.0 protocol in Apache?

Posted on November 28, 2017 by syam.k

HTTP 1.0 has security weakness related to session hijacking. Is there a way to disable it by using the mod_rewrite module?

Continue reading How to disable HTTP 1.0 protocol in Apache?→

HTTPS Inspection: how to detect at (own) server? / does it break Apache digest authentication? [duplicate]

Posted on November 27, 2017 by mdrmdr

This question already has an answer here:

Detect man-in-the-middle on server side for HTTPS

1 answer

I have 2 questions r… Continue reading HTTPS Inspection: how to detect at (own) server? / does it break Apache digest authentication? [duplicate]→

Should one use separate SSL certificates for front-end and back-end?

Posted on November 22, 2017 by NG.

I have a website hosted by Apache on a Linux server. I also have a Node.js back-end/API that is hosted on the same server, which serves all the front-end’s requests. Today I set up SSL for the front-end and got an error that a request to t… Continue reading Should one use separate SSL certificates for front-end and back-end?→

Should one use separate SSL certificates for front-end and back-end?

Posted on November 22, 2017 by NG.

Best practices for Apache Server web?

Posted on November 19, 2017 by gilberto quintero

What are some best practices, recommendations for a Apache server web?

Continue reading Best practices for Apache Server web?→

Is an XXE vulnerability always triggered from our code?

Posted on November 15, 2017 by Melardev

I may be impatient making this question because I don’t have the right example in my hand now, but I have to make it because I think on this over and over again.
I remember having read about some successful XXE attacks and as… Continue reading Is an XXE vulnerability always triggered from our code?→