security
Differences
This shows you the differences between two versions of the page.
|
security [2019/11/11 15:26] k2patel [cgi-bin precaution] |
security [2020/08/10 02:35] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Security ====== | ||
| - | ==== WebDAV Readonly mode ==== | ||
| - | Make sure to disable following methods in webserver. | ||
| - | <code bash> | ||
| - | # Disabled TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD | ||
| - | <Directory /var/www/html > | ||
| - | AuthType None | ||
| - | Satisfy Any | ||
| - | Allow from all | ||
| - | RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|PUT|OPTIONS|DELETE|HEAD) | ||
| - | RewriteRule .*$ - [F,L] | ||
| - | </Directory> | ||
| - | </code> | ||
| - | |||
| - | ==== cgi-bin precaution ==== | ||
| - | Make sure none of the configuration files get printed as pain text. | ||
| - | <code bash> | ||
| - | <FilesMatch ".+(\.pm|\.conf|\.htaccess|\.gitignore|config)$"> | ||
| - | Require all denied | ||
| - | </FilesMatch> | ||
| - | </code> | ||
| - | |||
| - | ==== Anything start with .(dot) ==== | ||
| - | Disable all files and folder start with .dot | ||
| - | <code bash> | ||
| - | <DirectoryMatch "^\.|\/\."> | ||
| - | Require all denied | ||
| - | </DirectoryMatch> | ||
| - | |||
| - | <LocationMatch "\/\."> | ||
| - | Require all denied | ||
| - | </LocationMatch> | ||
| - | </code> | ||
security.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
