In this series, we show ways to secure your web server. We will use Debian 9 and Apache httpd 2.4.25 in our examples, however, you can convert most configuration to other operating systems or web servers.
- Part 0: How to start
- Part 1: Basic hardening
- Part 2: Harden the web server
- Part 3: TLS and security headers
- Part 4: WAF ModSecurity and IPS Fail2ban
- Part 5: Server-side DNS security features
- Part 6: GDPR-friendly logging, and server monitoring
- Part 7: Policies, and security contact
Upcoming parts of this series will be about getting ECDSA certificates, tools for server monitoring, certain HTTP response header directives, cookie security, and more.