Generate Mozilla Security Recommended Web Server Configuration Files. Mozilla Mozilla SSL Configuration Generator See also: Mozilla's Server Side TLS Guidelines for more details on these configurations.
TLS Observatory, Cipherscan and SSLLabs to test the configuration of live servers Report issues and propose improvements to this generator on GitHub. Firefox 23 añade una capa extra de seguridad.
Enabling HTTP Strict Transport Security on debian servers. Posted by dkg on Thu 16 Dec 2010 at 10:48 I just enabled HTTP Strict Transport Security (HSTS) markers on a bunch of web servers that offer HTTPS.
It's an easy step to take, and it means that users of HSTS-compliant browsers (such as Chromium and the upcoming Firefox 4) or browsers with HSTS-compliant extensions (like Firefox's NoScript or HTTPS-Everywhere) will no longer be vulnerable to attacks like sslstrip once they have made one successful connection to the HSTS-enabled HTTPS web site. It's not a perfect solution, but it is far better than the current situation. And it's easy to implement for websites that already use HTTPS. For sites using apache, just enable mod_headers (on debian, that's: a2enmod headers) and add the following line to your HTTPS vhost stanza:
SSL/TLS Strong Encryption: FAQ. Available Languages: en | fr The wise man doesn't give the right answers, he poses the right questions.-- Claude Levi-Strauss Configuration Is it possible to provide HTTP and HTTPS from the same server?
Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. Which port does HTTPS use? You can run HTTPS on any port, but the standards specify port 443, which is where any HTTPS compliant browser will look by default. HOWTO: AjaxTerm en Debian Etch. AjaxTerm es un terminal basado en web. Está escrito en Python e implementa Ajax en el lado del cliente. En Debian se instala como cualquier otro paquete: # apt-get install ajaxterm Una vez iniciado solo acepta peticiones del mismo equipo (127.0.0.1) al puerto 8022. Sin embargo, el Apache puede actuar de proxy y hacer esa petición por nosotros. . # apt-get install libapache2-mod-proxy-html De todas formas para que el viaje hasta el apache sea cifrado debemos usar SSL.
. # cd /etc/apache2/mods-enable/ voip:/etc/apache2/mods-enabled# ln -s .. Existe otra forma de cargar los módulos en apache, y es con el comando a2enmod. . # a2enmod proxy_connect # a2enmod proxy_ftp # a2enmod proxy_http Ahora lo que falta es crear las llaves válidas, para ello vamos a la carpeta donde estarán los certificados del apache, en este caso /etc/apache2/ssl/. Setting up Subversion and websvn on Debian. Setting up Subversion and websvn on Debian Purpose of this howto This howto will illustrate a way to install and configure Subversion and websvn on a Debian server with the following features: multiple repository Subversion access to the repositories via WebDAV (http, https) and ssh Linux system account access control and/or Apache level access control a secured websvn (php web application for easy code browsing) configured syntax coloring in websvn with gnu enscript I will not specifically configure inetd with svnserve in this howto.
Rest assured that Subversion will be totally functional without it. You can copy/paste most of the howto to get it working. Packages that are assumed to already be installed This howto assumes PHP and apache2 are installed and configured. Setting up Subversion Subversion packages As root you can enter the following commands to install the packages required for our Subversion setup: Installation of Subversion on Ubuntu, with Apache, SSL, and BasicAuth. at AlephZarro. Debian - Maddes.net - Stand: 2008-01-29. Tentative Guide for SSL Logins on Drupal Multisite. All, I've seen several threads talking about SSL encryption for Drupal logins, but haven't found one outlining a complete and viable solution.
I can't say that I've got a silver bullet for SSL logins (far from it), but I think I've got it working on my system. I'd like to share my setup in hopes that other people might derive related solutions. Of course, I'd also like feedback: I've been using Linux and Apache for less than a year, Drupal for only a few months, and I'm not even confident that I've actually implemented secure logins. I'd greatly appreciate any sanity checks, suggestions, criticisms, or best practices that people want to offer. This gist of my approach uses mod_rewrite to redirect users into secure " pages when they're submitting sensitive information, and automatically bring them back to plain " pages when they resume less critical activities.
With that said, I have taken the time to compose a "formal-ish" write up of my setup. 1) Goals 2) Assumptions 4) Test Setup Huh?