HTTP Strict Transport Security with Apache

HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against protocol downgrade attacks by allowing web servers to declare that web browsers should only connect via secure HTTPS connections. The HSTS Policy for the site is communicated by the server to the browser via a HTTPS response header field …

Continue reading ‘HTTP Strict Transport Security with Apache’ »

Basic web server backup script – MySQL and Apache

I was working on a dedicated server the other day and needed a quick script to backup the website and the MySQL database. The following bash script will do just that, simply modify the directory paths within the tar command to ensure every folder you need is included, the MySQL command assumes all databases need …

Continue reading ‘Basic web server backup script – MySQL and Apache’ »

Qualys Labs SSL Test – Incorrect SNI alerts

If you have run the Qualys SSL Test, you may have seen the following errors in your report: Client aborts on SNI unrecognized_name warning Incorrect SNI alerts If your unsure what SNI is all about, then the following quote from Wikipedia should bring you up to speed: “Server Name Indication (SNI) is an extension to …

Continue reading ‘Qualys Labs SSL Test – Incorrect SNI alerts’ »