網頁資安問題解決筆記

一、Slow HTTP Denial of Service Attack

俗稱的DDOS攻擊,解決方法有很多種。


  • 方法一:以Apache來說的話,可安裝套件 Mod_Antiloris。
1. 下載檔案


cd /usr/local/src
wget http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2
tar -xvjf mod_antiloris-0.4.tar.bz2
cd mod_antiloris-*
apxs -a -i -c mod_antiloris.c

2. 重啟apache
service httpd restart

3. 檢查是否有掛載mod_antiloris
httpd -M | grep antiloris


  • 方法二:更改防火牆設定

      iptables -I INPUT -p tcp --dport 80 \ -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP


二、RC4 cipher suites detected、SSL weak ciphers

在conf檔裡加上以下的設定:

 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 # Compression is disabled by default on my distribution (CentOS 6)
 # SSLCompression off
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

三、The FREAK attack (export cipher suites supported)



四、SSL certificate public key less than 2048 bit

openssl genrsa -out test.key 2048
openssl genrsa -des3 -out test.key 2048
openssl req -new -key test.key -out test.csr
  

留言