WebHostingSSH

Guidelines on Securing Public Web Servers

reasons.  It will probably be necessary to configure any network infrastructure

supporting the Web server to allow SSL/TLS traffic (see Section 8.2).

Configure the server to protect the necessary resources (directories and/or files) using

SSL/TLS.  Configure the Web server application so that the appropriate resources are

protected with SSL/TLS.  These resources are then accessible only from a URL that

starts with https://.

Newer versions of the HTML standard have even been amended to include a response to

inform clients when they requested a file that is available only via SSL/TLS or vice versa.  The

HTTP status code 403.4 indicates that a HTTP GET request must be prefixed with an https://

because the resource requested is protected with SSL/TLS.  For more information, consult the

RFCs 2246, 2626, and 2817.

7.5.6 SSL/TLS

Implementations

Although some Web servers come packaged with SSL capabilities already integrated, many do

not.  This section discusses various commercial and open source SSL/TLS implementations,

in use today.  Some of these packages contain the functionality to generate SSL certificates

without the need of a CA.  The following list illustrates some of the SSL toolkits available:

SSLava is an implementation of SSL/TLS written in Java from Phaos Technology

http://www.phaos.com/index.html

).

OpenSSL is an open source implementation of SSL/TLS for Unix and Linux

platforms (

http://www.openssl.org

).

7.6  Web Authentication and Encryption Technologies Checklist

Completed

Action

Web authentication and encryption technologies

For Web resources that require minimal protection and for which

there is a small, clearly defined audience, configure address based

authentication

For Web resources that require additional protection but which for

which there is a small, clearly defined audience, configure address

based authentication as a second line of defense

For Web resources that require minimal protection but for which

there is no clearly defined audience, configure basic or digest

authentication (better)

For Web resources that require protection from malicious bots (see

Section 5.2.4), configure basic or digest authentication (better)

For Web resources that require maximum protection, configure

SSL/TLS

Configuring SSL/TLS

For configurations that require minimal authentication but require

http://www.ietf.org/rfc/rfc2246.txt

http://www.ietf.org/rfc/rfc2626.txt

, and

http://www.ietf.org/rfc/rfc2817txt





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved