Update Sample Apache Configuration for Security
Bug #1944597 reported by
Jason Stephenson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
New
|
Undecided
|
Unassigned |
Bug Description
Evergreen 3.5.3+
According to a recent security scan there are configuration changes that we can make to the sample Apache configurations to improve security. The principle recommendation is to review the OWASP Secure Configuration Guide for Apache:
https:/
Some highlights:
* Set ServerTokens to Prod
* Set ServerSignature Off
* Add custom error pages
Not a part of the recommendation, but it may be time to consider allowing HTTPS-only connections.
tags: | added: apache |
To post a comment you must log in.