Category: "Security"

CentOS 7 - Fail2Ban with Apache ModSecurity

One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache. I installed it and enabled it. jail.d/apache-modsecurity.conf [apache-modsecurity] enabled = true… more »

One Approach to Complying with a "script-src 'self'" Content Security Policy

I recently encountered this error when working with plugin code on an application: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' chrome-extension-resource:". The cause of the e… more »

Deny Access Based on Accept-Language Header

It can be difficult to determine the source of a request to a server. You can use geolocation to lookup an IP address, one excellent service is IP2Location. However, if the goal is to deny access to servers from outside the country, language may be… more »

Some Apache RewriteRules for Improved Security

A set of Apache RewriteRules, including curl commands to test them. Always test the rules, using a browser if possible, and curl. The curl output has been edited to make it easier to read. Remember to write the rules carefully so you don't deny acc… more »

Linux - Using file -i instead of the input accept attribute

The file input allows an accept attribute to indicate what type of file may be submitted. The type is the client's MIME type, which may vary by operating system, installed applications, and end user configuration. A sample set of MIME types used for… more »
1 3 4 5 ...6 ...7 8 9