Prevent Vulnerabilities in HTTP Headers Nginx & IIS Web Server

OS Information:
Nginx – Linux Debian 9 Server
IIS – Windows Server 2012 R2

Pernah dengar tentang XSS, Code Injection, Mime types, Clickjacking etc…? Bagi yang belum mengerti silahkan googling dulu GOOGLE.

Untuk melakukan hardening server (Linux/Windows)  supaya dapat mencegah beberapa serangan pada header bisa dilakukan dengan menambahkan headers berikut:

HTTP Strict Transport Security

Nginx
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
IIS
max-age=31536000; includeSubDomains; preload

X-XSS Protection

Nginx
add_header X-XSS-Protection "1; mode=block";
IIS
1; mode=block

Content Security Policy

Nginx
add_header Content-Security-Policy "default-src 'self';";
IIS
default-src 'self'

X-FRAME-Options

Nginx
add_header X-Frame-Options “DENY”;
IIS
DENY

Untuk Apache? Karena sekarang saya lebih dominan ke Nginx dan IIS next time saya posting untuk Apache.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your e-mail address will not be published. Required fields are marked *

*