jlengrand/gitlab-recipes
1
0
Fork 0
mirror of https://github.com/jlengrand/gitlab-recipes.git synced 2026-03-10 08:11:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

httpd security recommendations added

Browse Source 
Recommendations for disabling mod_suexec and mod_deflate modules.
This commit is contained in:
Sam Gleske
2013-09-24 16:23:32 -04:00
parent e57b0bf0b1
commit c1d4ca0bd0
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web-server/apache/README.md
View File

@@ -93,6 +93,13 @@ For Apache httpd 2.2.24 and greater there has been a fix implemented in `mod_ssl
SSLCompression Off
You should comment out the following modules from your `httpd.conf`.
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule suexec_module modules/mod_suexec.so
`mod_deflate` is potentially used by HTTP. If you set up HTTP to use it then you'll still be vulnerable to the [CRIME][crimepatch] exploit. `mod_suexec` is dangerous if apache directories' permissions are improperly configured. `mod_suexec` can be exploited to write to the document root which gives a remote attacker the ability to possible execute a local exploit to escalate privileges. There's not reason to `mod_suexec` enabled for GitLab.
## Manage your own SSL Certificates
Using self signed certificates is always a bad idea. It's far more secure to run and manage your own certificate authority than it is to use self signed certificates. Running your own certificate authority is easy. There are 3 ways you can manage your own certificate authority for signing certificates.