Securing Lighttpd (Pi-Hole) [Debian Linux]

Published: 23 August 2021
on channel: OsbornePro TV

1,617

Securing Lighttpd (Pi-Hole) [Debian Linux]
I (tobor), demonstrate some extra measures that can be taken to harden a lighttpd server. I demonstrate settings I have configured for a Pi-Hole running on Lighttpd. If you like what you see please subscribe!

CONFIG TEMPLATE FOR /etc/lighttpd/external.conf
https://github.com/OsbornePro/ConfigT...
https://github.com/OsbornePro/ConfigT...

Lighttpd Doc for generating a rejections list
https://redmine.lighttpd.net/projects...

Enable the Secure flag on PiHole (PHPv7.3)
/etc/php/7.3/cgi/php.ini
/etc/php/7.3/cli/php.ini
Set the below value
session.cookie_secure = on

Command to load the evasive module
ln -sf /etc/lighttpd/conf-available/10-evasive.conf /etc/lighttpd/conf-enabled/10-evasive.conf

0:00 Intro Summary
1:04 lighttpd.conf according to Pi-Hole
1:48 Loading Lighttpd Modules
2:58 Enable the Evasive module
4:35 Index File Names and URL Access Deny
5:31 SSL Cipher Suite and Order
6:27 Include other conf files
7:18 externalconf in conjection with Pi-Hole
7:48 Evasive Module Configuration Options
8:34 Testing out Evasive Module
11:35 Adding Secure Headers (HSTS)
12:17 Server Side XSS Protection
12:31 Click Jacking Protection
13:19 Can you hide the lighttpd version info???
14:05 Protecting Cookies with HttpOnly and Secure
15:16 Set Secure cookie flag for Pi-Hole (PHPv7.3)
16:22 SSL Settings
16:43 OCSP Stapling (Not available for Pi-Hole with Lighttpd yet)
17:32 Disable Client Re-negotiation
17:55 Diffie Hellman Key Settings
18:56 Use Strong TLS
19:45 Verify Strong TLS Usage
20:36 rejections.conf for Lighttd
21:00 Test Unwanted User-Agent blocking
21:33 Test Unwanted Referer blocking
22:01 Thanks for watching!

View my Verified Certifications!
https://www.credly.com/users/robertho...

Follow us on GitHub!
https://github.com/tobor88
https://github.com/OsbornePro

Official Site
https://osbornepro.com/

Give Respect on HackTheBox!
https://www.hackthebox.eu/profile/52286

Like us on Facebook!
/ osborneprollc

View PS Gallery Modules!
https://www.powershellgallery.com/pro...

The B.T.P.S. Security Package
https://btpssecpack.osbornepro.com/

Watch video Securing Lighttpd (Pi-Hole) [Debian Linux] online, duration hours minute second in high quality that is uploaded to the channel OsbornePro TV 23 August 2021. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 1,617 times and liked it 25 visitors.

1,265