I have been successfully running an Apache server for some years
(currently 2.4.41 on Ubuntu 20.04LTS).
I have three "real" http vhosts on port 80, findable through a dynamic
DNS service. I also have a (first in line) default vhost with an
"unreachable" ServerName, which returns a 4xx status, an
Hello,
I scanned my website with the Acunetix tool and below vulnerabilities found:
1- Cookie(s) without HttpOnly flag set
2- Disable OPTIONS Method
3- CORS (Cross-Origin Resource Sharing) origin validation failure
To solve these problems, I added below lines to my Virtual Host configuration
fil
OS : Debian 10.9
Apache : 2.4.38 (from repo)
I presume I've missed something (obvious) in the doc, but the following
setup doesn't work for me and I believe it should :
Options Indexes
AllowOverride None
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAu
