/ has
errors currently.
Cheatsheet:
https://github.com/danehrlich1/CheatSheetSeries/blob/CSS-05/cheatsheets/Apache_HTTPD_Cheatsheet.md
OWASP Pull Request: https://github.com/OWASP/CheatSheetSeries/pull/184
Best,
Dan Ehrlich
I’ve seen a few CVEs now that are low level but pretty much effect every
version from 2.4.30ish and back.
The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and
2.4.29 respectively.
QUESTIONS:
1. Anyway to move the versions up (assuming I didn’t miss something) ?
2. Happy to
Looks like you just need to enable mod_headers
(http://httpd.apache.org/docs/current/mod/mod_headers.html) and then add the
below text that they mention in the Stack Over question?
You might need to run “a2enmod headers” from terminal once to get it loaded
into Apache HTTPD forever, but that’s
I think it’s the L in your rewrite rule.
It stands for Last and means it won’t process any further rules. Remove it and
it should (maybe) work.
Someone else feel free to correct me if I’m wrong.
> On Feb 5, 2019, at 8:55 PM, Jayaram Ponnusamy
> wrote:
>
> Dear All,
> Our Site is Public Site
You’ll want to look into HSTS
https://https.cio.gov/hsts/
Basically it will let the user’s browser know “in advance” to always connect
via HTTPS, eliminating the vulnerability of first connecting to a site over
HTTP before being redirected.
> On Feb 1, 2019, at 8:09 AM, R. Diez wrote:
>
> H
Is this true?
https://github.com/hannob/apache-uaf/blob/master/README.md
Was this security vulnerability really treated with such disregard by Apache
HTTPD devs?
I am aware the work that they do is free, but I contribute to plenty of open
source for free and take the responsibility very serio
Not surprising that you got different behavior after removing a value from
.htaccess and placing it elsewhere.
No one knows exactly / 100% how .htaccess works. The file only exists
because they wanted to maintain backwards compatibility with the web server
that used to come with Mosaic at Universi