how to protect a web server ?

knowlesy · 27 Oct 2008 at 09:58

the title says it so how would i go about doing it if i had a home one or a one onsite ?

Eddietop · 27 Oct 2008 at 11:19

Setup up firewall rules to make sure no services are open to the world other than port 80.

Check Apache config for mis configurations.

Check all webapps your running are the latest version.

Install something like mod-security for Apache to sanitize GET requests.

oddjob62 · 27 Oct 2008 at 15:03

Or IISLockdown if it's IIS
http://support.microsoft.com/kb/325864

bigredshark · 27 Oct 2008 at 18:23

oddjob62 said:
Or IISLockdown if it's IIS
http://support.microsoft.com/kb/325864

and MBSA if it's windows...

and get a hardware firewall in front of it.

quackers · 27 Oct 2008 at 19:59

Check all the permissions if using iis on the directory the site is in

s0ck · 27 Oct 2008 at 20:44

Eddietop said:
Setup up firewall rules to make sure no services are open to the world other than port 80.

or 443, where applicable.