IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [apache]

Questions about the security of Apache open source software, especially Apache HTTP Server

The Apache Software Foundation maintain a number of open source software, notably including the Apache HTTP Webserver -

Apache has been the most popular web server on the Internet since April of 1996.

http://www.apache.org/

519 questions
-1
votes
2 answers

Is it possible to stop an SSL Certificate from being portable between servers?

From what I read it seems that the certificate isn't a big deal since it's already public, and downloaded by every browser, however if someone gets hold of your key file, then you have an issue.
leeand00
  • 1,297
  • 1
  • 13
  • 21
-2
votes
1 answer

Using a index.php script in my iOS app, what should I do to secure it?

I am really new using web servers and security. I have just written a backend for my iOS app in PHP. It's hosted on a Linode apache server. The index.php us located at http://www.example.com/API/. I'm just wondering what I should do to secure it. I…
Bob
  • 9
  • 1
-2
votes
2 answers

LAMP Stack Tiers - why?

What are the vulnerabilities mitigated by a tiered LAMP stack? As I understand it, any breach would allow access to the database even if it was tiered. What's the benefit? Are we better to concentrate on WAFs?
M Von Randberg
  • 1
-2
votes
1 answer

Cross-site request forgery attack. How can we stopped this?

On one of our websites, we are seeing this code is adding itself. I tried to figured out but no success. One thing I have noticed when I removed the html, head and body starting tags, it's gone. Our website is on wordpress but when I create…
Tariq
  • 27
  • 4
-2
votes
1 answer

Hack my server, please?

I'm not quite sure this is the place for such questions, but stackoverflow or superuser seem even less appropriate, so. I want to ask if there is some kind of a site or service, similar to the stackexchange sites, where enthusiast hackers can offer…
php_nub_qq
  • 787
  • 1
  • 6
  • 13
-2
votes
2 answers

attack on port 80

I have a ubuntu ec2 instance server hosting apache2 site & tomcat7 at back end. According to apache logs I have doubt there malicious attack ! Please can anyone confirm it & what can i do to stop it ? I found that those IP is from xyz so tried…
Ashish Karpe
  • 113
  • 7
-3
votes
1 answer

insecure HTTP Methods Enabled -- how to control?

Here I am new to insecure HTTP Methods Enabled. The server allows HTTP methods that are considered dangerous. The following methods were enabled: PUT,DELETE Software used: Apache-tomcat-6.0.29. How to reproduce the same? How to fix this…
Ramakrishnan M
  • 101
  • 1
  • 1
  • 1
-3
votes
1 answer

LFI attacks auth.log , environ , passwd

paths like /proc/self/environ , /etc/passwd and /var/log/auth.log are targeted by the attackers. how can I hide those files ( passwd ) ( environ ) ( auth.log ) to be not include in LFI attack
Sec Researcher
  • 27
  • 5
-4
votes
2 answers

How do you suppress SSL error messages?

I noticed that some SSL error messages that are returned back to my browser (firefox) reveals all SSL keys, including the private server keys for sites like Facebook, Google Hangouts, Amazon. How does someone prevent client browsers from revealing…
drtechno
  • 101
  • 5
1 2 3
34
35