cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraigEl
Level 2

Hardening flexnet operations

Jump to solution

Hi community

Our customers scanning tool is picking up the Apache server httpd.conf file and flagging the following issues:

HTTP OPTIONS Method Enabled

TLS Server Supports TLS version 1.1

TLS/SSL Server Is Using Commonly Used Prime Numbers

TLS/SSL Server Supports The Use of Static Key Ciphers

When you edit httpd.conf and restart the services it just writes over it. We identified a Revenera Knowledge Article https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Customizing-Apache-HTTP-Server-configuration-using-httpConfExtra/ta-p/139280 that shows why it gets overwritten and how to combat this.

We tried the method mentioned in the article linked (using httpConfExtra.conf) and it works for setting extra configuration parameters, adding a custom header for example.

However, since the extra configuration is included at the very top of httpd.conf, anything you do can be overridden by directives in httpd.conf. Eg the SSLProtocol directive that sets allowed protocol versions is used later in httpd.conf and overwrites anything you set in httpConfExtra.conf.

So it appears that this is not a possible workaround for the customers problem in this case. Is there another method to correct these issues?

 

Labels (1)
0 Kudos
(1) Solution
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @CraigEl do you want to Disable HTTP Options? then we had the same request from one other customer and the discussion is here https://community.flexera.com/t5/FlexNet-Publisher-Forum/Disable-HTTP-Options-FlexNet-Publisher-License-Server-Manager-11/m-p/204300#M2001

check and let me know I this helps. 

Best Regards,

View solution in original post

0 Kudos
(1) Reply
mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator

Hi @CraigEl do you want to Disable HTTP Options? then we had the same request from one other customer and the discussion is here https://community.flexera.com/t5/FlexNet-Publisher-Forum/Disable-HTTP-Options-FlexNet-Publisher-License-Server-Manager-11/m-p/204300#M2001

check and let me know I this helps. 

Best Regards,

0 Kudos