Sounds excellent. What comes to mind in this regard is - TLS 1.3 support - the OCSP stapling situation where we are at the moment not the strongest. We should recommend a persistent cache for that - online docs often mention only a memory cache. When OCSP responders have outages while we find out cached responses invalid, people are out of luck.
- Stefan > Am 08.05.2019 um 20:17 schrieb Dan Ehrlich <[email protected]>: > > I would like to give a presentation on hardening / security if possible. > > I realize this is broad and a little simple for a conference, but the last > extensive Apache Security Book was in 2009. > > It is in no way ready yet and I am extremely self-conscious, but some > possible topics that I have written about here and there and could combine: > > - set many many HTTP security headers (there are 9 you can do in Chrome now) > - an updated SSLCipherSuite list > - the importance of using ECDHE keys when possible > - how to properly structure your /var/www folder regarding static content, > executables, uploads, and downloads. > - Using both a reverse proxy firewall along with outbound exfilitration > scanning with ModSecurity > - GeoIP Blocking with the new MaxMind API within Apache2 > - followsymlinks danger and how to remediate > - other things > - any suggestions ppl have or areas they suggest I research :) > > >> On May 8, 2019, at 12:55 PM, jean-frederic clere <[email protected]> wrote: >> >>> On 04/05/2019 11:53, Stefan Eissing wrote: >>> >>>>> Am 02.05.2019 um 16:39 schrieb Daniel Ruggeri <[email protected]>: >>>>> >>>>> Personally, I'd like to see a presentation on using mod_md, and perhaps >>>>> something on the benefits of, and use of, http2 in httpd? >>> >>> If anyone wants to present about that and has questions, I'm happy to help. >>> >>> -Stefan >>> >> >> What about HTTP/3 there is https://github.com/ngtcp2/nghttp3, do you >> plan to work on it? >> >> I have a mod_proxy for tomcat, http/2 or 3 for tomcat, I can do a >> mod_md/ let's encrypt one for httpd (someone else will do the tomcat one) >> >> -- >> Cheers >> >> Jean-Frederic
