Evergreen

Update Sample Apache Configuration for Security

Bug #1944597 reported by Jason Stephenson on 2021-09-22

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Evergreen	New	Undecided	Unassigned

Bug Description

Evergreen 3.5.3+

According to a recent security scan there are configuration changes that we can make to the sample Apache configurations to improve security. The principle recommendation is to review the OWASP Secure Configuration Guide for Apache:

https://wiki.owasp.org/index.php/SCG_WS_Apache

Some highlights:

  * Set ServerTokens to Prod
  * Set ServerSignature Off
  * Add custom error pages

Not a part of the recommendation, but it may be time to consider allowing HTTPS-only connections.

Tags:

Terran McCanna (tmccanna) on 2021-10-27

tags:

added: apache

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.