security

Deny dns requests type=ANY using iptables

iptables -A INPUT -p udp –dport 53 -m string –from 50 –algo bm –hex-string ‘|0000FF0001|’ -m recent –set –name dnsanyqueryiptables -A INPUT -p udp –dport 53 -m string –from 50 –algo bm –hex-string ‘|0000FF0001|’ -m recent –name dnsanyquery –rcheck –seconds 60 –hitcount 1 -j DROPiptables -A INPUT -p udp –dport 53 -m u32 –u32 $(python […]

Enable HSTS to force clients to use secure connections only

Apache apache, HSTS, security, ssl

Use HTTP Strict Transport Security to force client to use secure connections only