Collaborate Disseminate
I am wondering which type of traffic is more dangerous to a web server:
outgoing traffic or incoming traffic? Assume there are ports open for both.
Continue reading Which is more dangerous: incoming traffic or outgoing traffic? [closed]
If I have a webserver which allows outgoing traffic on all ports. What are the risks?
I understand that incoming traffic should be limited to HTTPS, HTTP and other required ports for communication.
I dont understand the risk of allowing ou… Continue reading What are the risks of allowing outgoing traffic on all ports on a webserver? [duplicate]
I am wondering which webserver framework is the most secure?
Some webserver frameworks I have used are:
-python (flask)
-javascript (express)
-rust (actix)
If they are all safe, then which framework would stay safe in 5 years into the futu… Continue reading Which webserver framework is the most secure? [closed]
I have a situation where a webserver behind a network firewall is ran inside of Docker containers. It is setup in this order:
Caddy webserver – acts as WAF, GEOIP block, IP blacklist, HTTP Security Headers modifications, TLS termination, … Continue reading Is reducing the webserver stack from Caddy, NGINX and PHP-FPM to only Caddy and PHP-FPM a reduction in layered-security?
Is it possible on one VM (REMnux in this case), to serve several different webpages on different IP addresses, on one interface (accept-all-ips and fakedns are activated).
Some times malware goes to different sites to grab different things… Continue reading Given REMnux is accepting all IPs, is it possible to serve a different webpages per IP? [migrated]
Before I start, I have found a few related references to this question, but they are not answered previously or are about a slightly different scenario to mine.
I have the following need. I need a way to let users write Javascript code, wh… Continue reading How to securely load user genereated Javascript code from IFrame into my website?
Background:
There are a lot of self-hosted web applications these days, and often, more than one for the same purpose. In my case I am looking for a replacement for GitHub or other big tech/cloud git platforms. But I am stack at: security…. Continue reading Evaluating Self-Hosted Web Applications
I am looking at different UI options for a microcontroller/SOC, the ESP32-S3. One option is a web site with a login and HTTPS running on a "light weight web server". However, I am not sure how secure it will be.
I am not worried … Continue reading Looking for Advice on Securing a UI implemented as a Web Site
Scenario:
A web server with a web app for remote staff.
The web server is behind a reverse proxy (traefik)
The web server has a host based firewall configured to allow connections only from the proxy on the designated port. Those connectio… Continue reading Which external vulnerabilities remain for a web server secured with mTLS?
It is recommended to do this often in web apps:
import { NextResponse } from ‘next/server’
import type { NextRequest } from ‘next/server’
// Define allowed origins
const allowedOrigins = [
‘http://localhost:3000’,
‘http://localhost:30… Continue reading How to securely allow localhost to access through CORS, without exposing it to anyone’s localhost?