[ZendTo] Hardening Zendto
patrick.gaikowski at kaufland.com
patrick.gaikowski at kaufland.com
Tue May 24 21:52:20 BST 2011
Hi,
i'm preparing Zendto for Penetration Test and used some Scanner like Paros,
Nikto ...
1.) deactivate X-Powered-By (Server sends exact PHP-Version to client)
in php.ini --> expose_php = Off
2.) deactivate HTTP TRACE (used by Security Scanner for XSS)
http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/
3.) using mod_security as module for apache
Mod_Security is an open source Web application firewall with a lot of
preconfigured rulesets. Mod_Security prevents Injections, XSS, Commands ...
I played with mod_security and add an sample (not complete)
# Prevents Path disclosure for PHP Fatal Error
SecRule RESPONSE_BODY "Fatal Error:" "deny,status:500,log,auditlog,msg:'PHP
Fatal Error blocked'"
ErrorDocument 500 /security-error.php
#Prevent Security Scanner from Scanning the WebApplication"
SecRule HTTP_User-Agent "(?:\b(?:m(?:ozilla\/4\.0 \(compatible\)|etis)|
webtrends security analyzer|pmafind)\b|n(?:-stealth|sauditor|essus|ikto)|b
(?:lack ?widow|rutus|ilbo)|(?:jaascoi|Paro)s|internet explorer|webinspect|
\.nasl)" \
"deny,log,msg:'Request Indicates a Security Scanner Scanned the
Site',,status:500,phase:2"
SecDefaultAction
phase:2,redirect:/security-error.php,status:509,log,auditlog
#Hides the Webserver signature (IIS, Apache ...)
SecServerSignature "Hotzenplotz"
#Root-Path
SecRule REQUEST_URI "^/$" "log,allow,phase:2"
#needed for ReCaptcha
SecRule REQUEST_URI "https://www.google.com/recaptcha/api/image$"
"log,allow,phase:2"
#PHP-Sites
SecRule REQUEST_FILENAME "^/security-error.php$" "log,allow,phase:2"
SecRule REQUEST_FILENAME "^/about.php$" "log,allow,phase:2"
SecRule REQUEST_FILENAME "^/verify.php$" "log,allow,phase:2"
....
The sample is not complete ...
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com
KI 967800 IT International / Infrastruktur
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Amtsgericht Stuttgart HRA 104163
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110524/b29c5637/attachment.html
More information about the ZendTo
mailing list