Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-04-28, 19:20:16
« previous next »
Pages: [1]   Go Down

Author Topic: Vulnerability SSL securityheaders  (Read 3943 times)

0 Members and 1 Guest are viewing this topic.

Offline masnggakdiajak

  • Valuable Member
  • *
  • Posts: 126
  • Karma: +0/-0
    • View Profile
Vulnerability SSL securityheaders
« on: 2016-04-06, 03:40:26 »
pagi...
barusan cek domain di securityheaders.io setelah dipasang ssl di kloxomr7 menggunakan nginxproxy hasilnya nilainya F



petunjuk webnya disarankan untuk menambah add_header Strict-Transport-Security, Content-Security-Policy, Public-Key-Pins, X-Frame-Options, X-XSS-Protection, X-Content-Type-Options di config nginxnya

tapi bingung nambahnya di mana, saya coba di /opt/configs/nginx/conf/globals/ssl_base.conf ndak jalan, saya coba buat folder dan file di /opt/configs/nginx/conf/ lalu saya include di /opt/configs/nginx/conf/domains/conf_domainnya juga ndak jalan,

mohon petunjuknya bang, terimakasih banyak.
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #1 on: 2016-04-06, 03:46:58 »
Informasikan bagaimana anda menambah ssl untuk domain terkait.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #2 on: 2016-04-06, 03:50:02 »
Apa domainnya dan dimana tempat mengujinya.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline masnggakdiajak

  • Valuable Member
  • *
  • Posts: 126
  • Karma: +0/-0
    • View Profile
Re: Vulnerability SSL securityheaders
« Reply #3 on: 2016-04-06, 03:57:36 »
saya install letsencrypt di server kemudian saya request ssl, kemudian saya masukkan ssl letsencrypt ke client di kloxomr dimenu add ssl text,

saya test di https://securityheaders.io >> nama domain https://hargapangan.egov.co.id

terimakasih,
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #4 on: 2016-04-06, 05:30:17 »
Ya memang 'parah' hasilnya.

Saya sudah perbaiki untuk forum ini. Lumayan hasil jadi 'B'.

Saya akan upload setelah tambahan header di semua web server.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline masnggakdiajak

  • Valuable Member
  • *
  • Posts: 126
  • Karma: +0/-0
    • View Profile
Re: Vulnerability SSL securityheaders
« Reply #5 on: 2016-04-06, 06:50:24 »
sip pak jadi B forum.mratwork.com kurang header Public-Key-Pins dan Content-Security-Policy biar jadi A atau A+, upload di sini atau upload untuk di kloxonya dan saya update kloxonya pak?

terimakasih
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #6 on: 2016-04-06, 07:13:33 »
Baru nanti malam saya upload updatenya.

Header 'header Public-Key-Pins' dan 'Content-Security-Policy' tidak/belum diimplementasikan. Silahkan pelajari saja.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline masnggakdiajak

  • Valuable Member
  • *
  • Posts: 126
  • Karma: +0/-0
    • View Profile
Re: Vulnerability SSL securityheaders
« Reply #7 on: 2016-04-06, 07:23:37 »
siap pak, oya nanti kalau saya setelah update kloxonya dan ingin menambahkan 'header Public-Key-Pins' dan 'Content-Security-Policy' saya harus edit dibagian mana pak?

terimakasih.
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #8 on: 2016-04-07, 04:12:13 »
Silahkan update
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Wibowo

  • Master
  • **
  • Posts: 391
  • Karma: +0/-0
  • Gender: Male
    • View Profile
Re: Vulnerability SSL securityheaders
« Reply #9 on: 2016-04-09, 16:54:28 »
Quote from: MRatWork on 2016-04-06, 05:30:17
Ya memang 'parah' hasilnya.

Saya sudah perbaiki untuk forum ini. Lumayan hasil jadi 'B'.

Saya akan upload setelah tambahan header di semua web server.

kok saya masih 'F' ya pak?
padahal sudah update ke kloxomr yg baru
X-Frame-Options ; X-XSS-Protection ; X-Content-Type-Options
masih merah

btw HSTS dihapus dari versi terbaru pak?
Logged

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Vulnerability SSL securityheaders
« Reply #10 on: 2016-04-10, 00:23:50 »
HSTS di-disable untuk sementara. Nantinya akan di-enable semuanya bilamana letsencrypt sudah berhasil diimplementasikan.
Logged
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --
Pages: [1]   Go Up
« previous next »
 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.08 seconds with 22 queries.

web stats analysis