HTTP Security

SSL

Apache Reverse Proxy

POODLE Vulnerability

The POODLE vulnerability is a man in the middle vulnerability with SSLv3. To mitigate this issue for Apache HTTP:

Add following lines to httpd-ssl.conf:

# Disable sslv3 to avoid POODLE attack

SSLProtocol All -SSLv2 -SSLv3

Restart Apache:

apachectl restart

Replace favicon.ico

Default favicon.ico files can be flagged during penetration test because they identify the software in use. To avoid this situation follow the notes below.

Identify a suitable replacement favicon.ico. Either use one of the many online favicon.ico designer tools or find a nondescript one from another server.

Copy an icon called favicon.ico to: htdocs under the Apache home