Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
HTTPS + Let's Encrypt
1.
2. Google I/O 2014: HTTPS Everywhere
„Data delivered over an unencrypted channel is
insecure, untrustworthy, and trivially
intercepted. We must protect the security,
privacy, and integrity of our users data. In
this session we will take a hands-on tour of
how to make your websites secure by default:
the required technology, configuration and
performance best practices, how to migrate
your sites to HTTPS and make them user and
search friendly, and more. Your users will
thank you.“
https://www.youtube.com/watch?v=cBhZ6S0PFCY
41. Konfiguration
How to Deploy HTTPS Correctly
https://www.eff.org/https-everywhere/deploying-https
SSL/TLS Deployment Best Practices
https://www.ssllabs.com/projects/best-practices/
Richtig verschlüsseln mit SSL/TLS
https://www.owasp.org/images/1/19/Richtig_verschluesseln_mit_SSL%2
BTLS_-_Achim_Hoffmann%2BTorsten_Gigler.pdf
HTTP2-Implementationen
https://github.com/http2/http2-spec/wiki/Implementations
42.
43.
44.
45. diff --git a/.htaccess b/.htaccess
index 974999a..f4024c6 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,7 +3,7 @@
#
# Protect files and directories from prying eyes.
-<FilesMatch ".(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|
tpl(.php)?|xtmpl|yml)(~|.sw[op]|.bak|.orig|.save)?$|^(..*|Entries.*|
Repository|Root|Tag|Template|composer.(json|lock))$|
^#.*#$|.php(~|.sw[op]|.bak|.orig|.save)$">
+<FilesMatch ".(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|
tpl(.php)?|xtmpl|yml)(~|.sw[op]|.bak|.orig|.save)?$|^(.(?!well-known).*|
Entries.*|Repository|Root|Tag|Template|composer.(json|lock))$|
^#.*#$|.php(~|.sw[op]|.bak|.orig|.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
@@ -93,7 +93,7 @@ AddEncoding gzip svgz
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
- RewriteRule "(^|/)." - [F]
+ RewriteRule "(^|/).(?!well-known)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
https://www.drupal.org/node/2408321
46.
47.
48. $ ls -l /etc/letsencrypt/
total 24
drwx------ 3 root root 4096 Jan 8 12:23 accounts
drwx------ 5 root root 4096 Feb 4 15:14 archive
drwxr-xr-x 2 root root 4096 Feb 4 14:36 csr
drwx------ 2 root root 4096 Feb 4 14:36 keys
drwx------ 6 root root 4096 Feb 4 15:14 live
drwxr-xr-x 2 root root 4096 Feb 4 14:36 renewal
$ sudo ls -l /etc/letsencrypt/live/walterebert.de
total 0
lrwxrwxrwx 1 root root 38 Feb 4 14:59 cert.pem ->
../../archive/walterebert.de/cert1.pem
lrwxrwxrwx 1 root root 38 Feb 4 14:59 cert1.pem ->
../../archive/walterebert.de/cert1.pem
lrwxrwxrwx 1 root root 39 Feb 4 14:59 chain.pem ->
../../archive/walterebert.de/chain1.pem
lrwxrwxrwx 1 root root 43 Feb 4 14:59 fullchain.pem
-> ../../archive/walterebert.de/fullchain1.pem
lrwxrwxrwx 1 root root 41 Feb 4 15:00 privkey.pem ->
../../archive/walterebert.de/privkey1.pem
49.
50.
51. Testen
SSL Server Test (Qualys SSL Labs)
https://www.ssllabs.com/ssltest/
SSLyze
https://github.com/nabla-c0d3/sslyze
O-Saft (OWASP)
https://www.owasp.org/index.php/O-Saft