The objective of this lab is to implement a series of safeguards to the existing Apache instance. In particular, you will need to implement DOS and DDOS protection in terms of the Apache configuration. You will also need to implement clickjacking attack protection, add cross-site scripting protection, prevent server-side includes, specify allowed request methods, disable HTTP 1.0 protocol, prevent the following of symbolic links, and make sure you do not volunteer server information via server banner and ETag. Keep in mind that firewalld is already running, SSH is port 61613, Apache is already running on port 80, SELinux is in enforcing mode, and the frontend and backend are both up and running.
Successfully complete this lab by achieving the following learning objectives:
- Implement DOS/DDOS Protection, Clickjacking Attack Protection, and Cross-Site Scripting Protection
Open the main configuration file for editing.
Set the flag for the cookies to be secure, enable cross-site scripting protection, and prevent i-framing and embedding the website somewhere else.
Implement DOS and DDOS protection and mitigation mechanisms.
- Prevent Server Side Includes and Specify Allowed Request Methods
Append code to prevent includes to the directory.
Insert option limits to prevent server-side includes and indexes.
- Disable HTTP 1.0 Protocol and Prevent the Following of Symbolic Links
Insert code to disable HTTP 1.0 protocol and only use HTTP 1.1 protocol.
Prevent following of symbolic links.
- Do Not Volunteer Server Information via Server Banner and Etag, and Restart the Web Server to Apply the Changes
Limit the amount of information that the server provides.
Save and close to apply the changes.
Restart the system, check the status of the server, and verify access to the web server in a different browser window.