Wednesday, January 03, 2007

Mask your Site

We present to you a few feature as well as security enhancements to mask your webserver and site from web attacks!

  • Do not use a default extension even though you use a language like php or aspx. If you can make it go away in entirety - the better! And do use Clean URLs Search engines love Clean URLs
  • Modify your header information so that it returns something not so obvious. Take a look at mod_headers module
  • Do not use CGI or SSI (Server Side Includes) - both of them are heavy on the server and vulnerable to attacks
  • If you have a popular site, you might want to consider using something like Modsecurity which is a web application firewall which allows real time monitoring and analysis
  • Get a book - Apache Security is a good start

1 comment:

Anonymous said...

mod_headers can't change Server: header.
You should have a look at mod_sesehe a third party module that remove or change the Server: header.
mod_sesehe