- Revenera Community
- FlexNet Operations
- FlexNet Operations Forum
- Hardening flexnet operations
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Hardening flexnet operations
Our customers scanning tool is picking up the Apache server httpd.conf file and flagging the following issues:
HTTP OPTIONS Method Enabled
TLS Server Supports TLS version 1.1
TLS/SSL Server Is Using Commonly Used Prime Numbers
TLS/SSL Server Supports The Use of Static Key Ciphers
When you edit httpd.conf and restart the services it just writes over it. We identified a Revenera Knowledge Article https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/Customizing-Apache-HTTP-Server-configuration-using-httpConfExtra/ta-p/139280 that shows why it gets overwritten and how to combat this.
We tried the method mentioned in the article linked (using httpConfExtra.conf) and it works for setting extra configuration parameters, adding a custom header for example.
However, since the extra configuration is included at the very top of httpd.conf, anything you do can be overridden by directives in httpd.conf. Eg the SSLProtocol directive that sets allowed protocol versions is used later in httpd.conf and overwrites anything you set in httpConfExtra.conf.
So it appears that this is not a possible workaround for the customers problem in this case. Is there another method to correct these issues?
Hi @CraigEl do you want to Disable HTTP Options? then we had the same request from one other customer and the discussion is here https://community.flexera.com/t5/FlexNet-Publisher-Forum/Disable-HTTP-Options-FlexNet-Publisher-License-Server-Manager-11/m-p/204300#M2001
check and let me know I this helps.