Tagged: security

0013_clickjacking 2

Prevent clickjacking on Drupal and other Apache web applications

Security is an important aspect to keep an eye for, and this time it’s about preventing clickjacking on Drupal and other Apache web applications. Edit apache’s configuration file, which may be your declared vhost or such, usually at a location like /etc/httpd/conf.d/default.conf and make sure the ¬†following   <IfModule mod_headers.c> Header always append X-Frame-Options SAMEORIGIN </IfModule>   This will disable embedding your website as an iFrame.

2870445260_82be0db1db_z 0

Apache Obfuscation by disabling trace and server tokens

Apache¬†Obfuscation can be achieved very easily and the benefits are great – it doesn’t disclose server information such as versions, OS, and does output verbose errors when ‘bad things happen’, and they happen. Edit apache configuration, usually available here for RedHat based distributions:¬†/etc/httpd/conf/httpd.conf Make sure the following settings are present, save, and restart apache: TraceEnable Off ServerSignature Off ServerTokens Prod How do we test that this is actually working? How...