I would like to give a presentation on hardening / security if possible. I realize this is broad and a little simple for a conference, but the last extensive Apache Security Book was in 2009.
It is in no way ready yet and I am extremely self-conscious, but some possible topics that I have written about here and there and could combine: - set many many HTTP security headers (there are 9 you can do in Chrome now) - an updated SSLCipherSuite list - the importance of using ECDHE keys when possible - how to properly structure your /var/www folder regarding static content, executables, uploads, and downloads. - Using both a reverse proxy firewall along with outbound exfilitration scanning with ModSecurity - GeoIP Blocking with the new MaxMind API within Apache2 - followsymlinks danger and how to remediate - other things - any suggestions ppl have or areas they suggest I research :) > On May 8, 2019, at 12:55 PM, jean-frederic clere <jfcl...@gmail.com> wrote: > >> On 04/05/2019 11:53, Stefan Eissing wrote: >> >>>> Am 02.05.2019 um 16:39 schrieb Daniel Ruggeri <drugg...@apache.org>: >>>> >>>> Personally, I'd like to see a presentation on using mod_md, and perhaps >>>> something on the benefits of, and use of, http2 in httpd? >> >> If anyone wants to present about that and has questions, I'm happy to help. >> >> -Stefan >> > > What about HTTP/3 there is https://github.com/ngtcp2/nghttp3, do you > plan to work on it? > > I have a mod_proxy for tomcat, http/2 or 3 for tomcat, I can do a > mod_md/ let's encrypt one for httpd (someone else will do the tomcat one) > > -- > Cheers > > Jean-Frederic