Steffen Hi, the name's Steffen and I'm writing about the Web, programming and all those things coming to my mind. Enjoy your stay.

I'm currently working on fabidoo.com - 3D Printing for everyone!

Is your web server secure?

Well, no one can tell for sure. But if you don’t want to have the most obvious security holes in your configuration, Nikto may be one of your friends. Once you have it installed (check out your Linux distro repository for details), it can be easily started via

nikto -h <your.host>

or sometimes

perl nikto.pl -h <your.host>

There’s one issue with Apache that, from my knowledge, can only be solved partly. TRACE should not be allowed as an HTTP request method. Unfortunately it can’t be turned off. It is however possible to almost disable it. Put the following configuration lines inside your “virtual host” section:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

Tags: , , ,

This entry was posted on Tuesday, August 15th, 2006 at 1:42 and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« Badger, Badger, Badger - Mushroom, Mushroom!
Dapper, Dappit, Blotter »

Leave a Reply

53341