security
Table of Contents
Security
WebDAV Readonly mode
Make sure to disable following methods in webserver.
# Disabled TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD <Directory /var/www/html > AuthType None Satisfy Any Allow from all RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD) RewriteRule .*$ - [F,L] </Directory>
cgi-bin precaution
Make sure none of the configuration files get printed as pain text.
<FilesMatch ".+(\.pm|\.conf|\.htaccess|\.gitignore|config)$"> Require all denied </FilesMatch>
Anything start with .(dot)
Disable all files and folder start with .dot
<DirectoryMatch "^\.|\/\."> Require all denied </DirectoryMatch> <LocationMatch "\/\."> Require all denied </LocationMatch>
security.txt · Last modified: 2020/08/10 02:35 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
