Category: http

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for SafeLine WAF on Hetzner server. Preparations Select Debian 12 as your system! Follow the steps in the Article How to install...

If you want to install the SafeLine WAF, here are some scripts to speed up your deployment. You must run the script as root as we need to install some packages from the official docker repository. I know – the official SafeLine installer already will install the needed packages. But this script helps in setting...

What is a WAF A Web Application Firewall (WAF) is a security tool that monitors, filters, and blocks HTTP/HTTPS traffic between web applications and the internet. It acts as a protective barrier specifically designed to defend web applications from various cyber attacks. When should I use a WAF – is it something I should use?...

this is an installation instruction to set up your virtual private server at hetzner.de

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)?redirectedfrom=MSDN

this is a nice check+recommend-script for your apache configuration download current version of apache2buddy.pl via github documentation of the author

see wikipedia article ModSecurity, sometimes called Modsec, is an open-source web application firewall (WAF). Originally designed as a module for the Apache HTTP Server, it has evolved to provide an array of Hypertext Transfer Protocol request and response filtering capabilities along with other security features across a number of different platforms including Apache HTTP Server,...

see https://securityheaders.com/?q=blog.fresel.at&hide=on&followRedirects=on Strict-Transport-Security max-age=15768000; preloadX-Frame-Options DENYX-XSS-Protection 1; mode=blockX-Content-Type-Options nosniffContent-Security-Policy default-src https: 'self' blog.fresel.at public-api.wordpress.com s0.wp.com s01.wp.com s2.wp.com; script-src 'self' 'unsafe-eval' c0.wp.com c01.wp.com s0.wp.com s1.wp.com s2.wp.com stats.wp.com blog.fresel.at 'unsafe-inline'; img-src * 'self' data:; style-src 'self' 'unsafe-inline' c0.wp.com c1.wp.com s0.wp.com s1.wp.com s2.wp.com fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com c0.wp.com c1.wp.com s0.wp.com s1.wp.comReferrer-Policy same-originFeature-Policy microphone 'none'; payment 'none';...

install module echo "define('WP_FAIL2BAN_AUTH_LOG', LOG_AUTH);" >> /var/www/html/wordpress/wp-config.php cp /var/www/html/wordpress/wp-content/plugins/wp-fail2ban/filters.d/wordpress-* /etc/fail2ban/filter.d/ /etc/fail2ban/jail.d/wordpress.conf[wordpress-hard]enabled = true filter = wordpress-hard logpath = /var/log/messages maxretry = 1 port = http,https bantime = 90 [wordpress-soft] enabled = true filter = wordpress-soft logpath = /var/log/messages maxretry = 3 port = http,https bantime = 90EOF fail2ban-client reload

https://www.ssllabs.com/ssltest/analyze.html?d=blog.fresel.at&hideResults=on

yum install httpd mod_ssl python-certbot-apache -yfirewall-cmd --add-service=http --permanentfirewall-cmd --add-service=https --permanentsystemctl restart firewalldsystemctl enable httpd/etc/letsencrypt/cli.ini #Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 email = letsencrypt@DOMAIN domains = blog.DOMAIN must-staple = True staple-ocsp = True agree-tos = True debug = TrueEOFcertbot certonly --apache --config /etc/letsencrypt/cli.ini /etc/letsencrypt/options-ssl-apache.conf SSLEngine on SSLHonorCipherOrder     on...

<ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_include mime ^application/font* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule> <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType...