Mar 16, 2023
12:20 AM
Hi community
Our customers scanning tool is picking up the Apache server httpd.conf file and flagging the following issues:
HTTP OPTIONS Method Enabled
TLS Server Supports TLS version 1.1
TLS/SSL Server Is Using Commonly Used Prime Numbers
TLS/SSL Server Supports The Use of Static Key Ciphers
When you edit httpd.conf and restart the services it just writes over it. We identified a Revenera Knowledge Article https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Customizing-Apache-HTTP-Server-configuration-using-httpConfExtra/ta-p/139280 that shows why it gets overwritten and how to combat this.
We tried the method mentioned in the article linked (using httpConfExtra.conf) and it works for setting extra configuration parameters, adding a custom header for example.
However, since the extra configuration is included at the very top of httpd.conf, anything you do can be overridden by directives in httpd.conf. Eg the SSLProtocol directive that sets allowed protocol versions is used later in httpd.conf and overwrites anything you set in httpConfExtra.conf.
So it appears that this is not a possible workaround for the customers problem in this case. Is there another method to correct these issues?
... View more
Labels
- Labels:
-
Revenera
Latest posts by CraigEl
Subject | Views | Posted |
---|---|---|
84 | Mar 16, 2023 12:20 AM |
Activity Feed
- Posted Hardening flexnet operations on FlexNet Operations Forum. Mar 16, 2023 12:20 AM