Web server security series

Web server security series

In this series, we show ways to secure your web server. We will use Debian 9 and Apache httpd 2.4.25 in our examples, however, you can convert most configuration to other operating systems or web servers.

  1. Part 0: How to start
  2. Part 1: Basic hardening
  3. Part 2: Harden the web server
  4. Part 3: TLS and security headers
  5. Part 4: WAF ModSecurity and IPS Fail2ban
  6. Part 5: Server-side DNS security features
  7. Part 6: GDPR-friendly logging, and server monitoring
  8. Part 7: Policies, and security contact
  9. Part 8: Basic log file analysis

Upcoming parts of this series will be about getting ECDSA certificates, tools for server monitoring, certain HTTP response header directives, cookie security, and more.