I have both Apache and Modsecurity working together. I'm trying to limit hit rate by request's header (like "facebookexternalhit"). And then return a friendly "429 Too Many Requests" and "Retry-After: 3". I know I can read a file of headers…
I have an OpenID Connect provider built with IdentityServer4 and ASP.NET Identity, running on let's say: login.example.com. I have a SPA application running on let's say spa.example.com, that already uses my OpenID Connect provider to authenticate users through login.example.com and…
I use the following custom headers and rewrite rules to remove server response headers IIS 8.5 but when open the network monitor on Firefox or Chrome and point to any file with status 404 (as well as missing images) or…
I have the "public_html" folder and a subfolder called "login" with the index.php that asks for the username and password. I need to protect the subfolder contents from malicious bot requests and I thought to redirect|rewrite all the request URIs…
I want to have one server with HAproxy and a standalone mod_security installed which routes every packets to mod_security first and check by its rules. Then if there wasn't anything suspicious in packets (SQL Injection, DOS Attacks, ...) pass them…
I have a web server on EC2. I am facing a security problem. Since I am running Spring boot in my instance, I need to use port 8080. Should I allow anyone visits port 8080 directly(allow port 8080 in AWS…
I am developing a CMS and the tool I use for developing the CMS is almost entirely the CMS itself (almost entirely is not good enough, as I am developing tools within my CMS to automate everything I can). It…
I am building an application using JWT for authentication. I started doing some research and I am surprised by the lack of consensus about topics such as refresh tokens and storage for tokens. As far as I can see JWT…
I am currently implementing a Facebook Chat Extension which basically is just a web page displayed in a browser provided by the Facebook Messenger app. This web page communicates with a corporate backend over a REST API (implemented with Python/Flask).…
i m using magento 1.9.0.1 and there is a section in admin area >> system >> Configuration >> General > Design > Miscellaneous Scripts is there any way i can disable this area so no one can add any script…