latest

Building a sound foundation

Introduction
- What?
- Why?
- How?
Keep only required modules
- Nginx
- Apache
Disable unwanted services
- Apache
- Nginx
Restrict file and directory access
- Apache
- Nginx
Disable unwanted HTTP methods
- Nginx
- Apache
Create non-root users
Install and use ModSecurity
Install and use ModEvasive
Set up and configure logging
- Nginx
- Apache

Resolving TLS issues

Introduction
- What?
- Why?
- How?
(Re)configure TLS
Manually specify cipher suite
Configure forward secrecy

Preventing information disclosure

Introduction
- What?
- Why?
- How?
Hide web server information
- Apache
- Nginx
Disable directory listing

Setting HTTP security headers

Introduction
- What?
- Why?
- How?
Check your HTTP security headers
HTTP Strict Transport Security (HSTS)
- Nginx
- Apache
- Resources
X-Frame-Options
- Nginx
- Apache
- Resources
Content Security Policy (CSP)
- Nginx
- Apache
- Resources
Permissions-Policy
- Apache
- Nginx
- Resources
Referrer-Policy
- Apache
- Nginx
- Resources
X-Content-Type-Options
- Apache
- Nginx
- Resources
X-XSS-Protection
- Apache
- Nginx
- Resources
Set-Cookie
- Resources
Content-Type
- Resources

Using CORS

Introduction
- What?
- Why?
- How?
CORS best practices
CORS on Nginx
- Resources
CORS on Apache
- Resources

Hardening webserver

Hardening webserver
Blue Team
Improbability Blog
About the UU
Register

CORS on Nginx

Resources

MDN Web docs: Cross-Origin Resource Sharing (CORS)
MDN Web docs: Access-Control-Allow-Origin
CORS on Nginx
Nginx Access-Control-Allow-Origin and CORS

Previous Next

Unseen University, 2023, with a forest garden fostered by /ut7.

Read the Docs v: latest

Versions: latest

Downloads

On Read the Docs: Project Home; Builds