Apache Bug fix

Source: Internet
Author: User

1.SSL/TLS presence Bar Mitzvah Attack Vulnerability

Because the Apache server does not have an SSL module installed, the Mod_ssl module needs to be installed without recompiling the Apahe.

1.0 installing Apxs,yum install httpd_devel;

1.1 into the Apache source directory, enter the module folder under the SSL directory;

1.2 Find the include path of OEPNSSL;

1.3 Running/usr/local/apache2/bin/apxs-i-c-a-D have_openssl=1-i/USR/INCLUDE/OPENSSL-LCRYPTO-LSSL-LDL *.c;

1.4 Check configuration, restart. After successful execution, you can see that the Mod_ssl module has been added in the httpd.conf configuration file, and the mod_ssl.so file is also created in the module in the Apache installation directory.

Disable the RC4 encryption algorithm in Apache and modify the following configuration in/etc/httpd/conf.d/ssl.conf:

Sslciphersuite high:medium:!anull:! md5:! RC4

To restart the Apache service:

/ETC/INIT.D/HTTPD restart


2.SSLv3 A serious design flaw Vulnerability (cve-2014-3566)

Disable SSLv3 and SSLv3 in the Apache SSL configuration, and modify the following configuration in/etc/httpd/conf.d/ssl.conf:

Sslprotocol All-sslv2-sslv3


3. There may be a slow HTTP denial of service attack detected on the target host

Limit the maximum allowable time for HTTP header transfers for the Web server, and add the following configuration in/etc/httpd/conf/httpd.conf:

<ifmodule reqtimeout_module>

Requestreadtimeout header=5-40,minrate=500 body=20,minrate=500

</IfModule>


4.SSL/TLS presence FREAK Attack vulnerability

Updated OpenSSL, which has been repaired in the new version, yum update OpenSSL


5. Click Hijack:x-frame-options Not Configured

In/etc/httpd/conf/httpd.conf, add the following configuration:

<ifmodule headers_module>

Header always append x-frame-options "DENY"

</ifmodule>


Part of the content from the contributions of netizens

This article is from the "bit Growth" blog, please make sure to keep this source http://linuxzp.blog.51cto.com/3614757/1690383

Apache Bug fix

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.