[ZendTo] Re: Hardening Zendto
John Cooper
johnpcooper at yahoo.com
Tue Sep 20 09:43:33 BST 2011
Hi Patrick,
Are you willing to share the updates to mod_security? I'm using Centos
6 for our live service and will also enable SELinux once I've sorted all
the AVC errors.
Thanks, John.
On 24/05/11 21:52, patrick.gaikowski at kaufland.com wrote:
>
> Hi,
>
> i'm preparing Zendto for Penetration Test and used some Scanner like
> Paros, Nikto ...
>
> 1.) deactivate X-Powered-By (Server sends exact PHP-Version to client)
>
> in php.ini --> expose_php = Off
>
> 2.) deactivate HTTP TRACE (used by Security Scanner for XSS)
>
> http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/
>
> 3.) using mod_security as module for apache
>
> Mod_Security is an open source Web application firewall with a lot of
> preconfigured rulesets. Mod_Security prevents Injections, XSS,
> Commands ... I played with mod_security and add an sample (not complete)
>
>
More information about the ZendTo
mailing list