Monthly Archives: March 2018

Apache: Disable the ETag Header

By default, the Apache web server has an information disclosure vulnerability where the ETag header shows information about the file containing the object in question. This┬ácan contain an “i-node” value which in combination with the use of NFS can permit … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Disable the ETag Header

Apache: Disabling TRACK and TRACE Methods

By default Apache supports a number of HTTP methods in addition to the ones we normally use – GET (to get objects) and PUSH (to push form data although you can send form data with GET too). These additional methods … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Disabling TRACK and TRACE Methods

Apache: Blocking “Dangerous” Files

There are all sorts of “dangerous” files that can appear within a web server’s document root; some are merely┬ápotentially dangerous but some can be genuinely dangerous. For example, if someone uses an editor to change a .php file, it is … Continue reading

Posted in Technical | Tagged , | Comments Off on Apache: Blocking “Dangerous” Files