1.SSL/TLS presence Bar Mitzvah Attack Vulnerability
Because the Apache server does not have an SSL module installed, the Mod_ssl module needs to be installed without recompiling the Apahe.
1.0 installing Apxs,yum install httpd_devel;
1.1 into the Apache source directory, enter the module folder under the SSL directory;
1.2 Find the include path of OEPNSSL;
1.3 Running/usr/local/apache2/bin/apxs-i-c-a-D have_openssl=1-i/USR/INCLUDE/OPENSSL-LCRYPTO-LSSL-LDL *.c;
1.4 Check configuration, restart. After successful execution, you can see that the Mod_ssl module has been added in the httpd.conf configuration file, and the mod_ssl.so file is also created in the module in the Apache installation directory.
Disable the RC4 encryption algorithm in Apache and modify the following configuration in/etc/httpd/conf.d/ssl.conf:
Sslciphersuite high:medium:!anull:! md5:! RC4
To restart the Apache service:
/ETC/INIT.D/HTTPD restart
2.SSLv3 A serious design flaw Vulnerability (cve-2014-3566)
Disable SSLv3 and SSLv3 in the Apache SSL configuration, and modify the following configuration in/etc/httpd/conf.d/ssl.conf:
Sslprotocol All-sslv2-sslv3
3. There may be a slow HTTP denial of service attack detected on the target host
Limit the maximum allowable time for HTTP header transfers for the Web server, and add the following configuration in/etc/httpd/conf/httpd.conf:
<ifmodule reqtimeout_module>
Requestreadtimeout header=5-40,minrate=500 body=20,minrate=500
</IfModule>
4.SSL/TLS presence FREAK Attack vulnerability
Updated OpenSSL, which has been repaired in the new version, yum update OpenSSL
5. Click Hijack:x-frame-options Not Configured
In/etc/httpd/conf/httpd.conf, add the following configuration:
<ifmodule headers_module>
Header always append x-frame-options "DENY"
</ifmodule>
Part of the content from the contributions of netizens
This article is from the "bit Growth" blog, please make sure to keep this source http://linuxzp.blog.51cto.com/3614757/1690383
Apache Bug fix