We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
It holds very lessmarket share in web serverworld but still widely used with WebSphere utility Server.
As an administrator, you should be aware of hardening the IHS configuration to secure the web applications.
In this article, I will explain how to make IHS production-ready environment to keep safe & secure.
Lets take a look at how non-exist (404) request response in the default configuration.
Lets verify by accessing a non-exist file.
You may also use HTTP Header tool to verify the response.
Much better!Now it doesnt give product, server and port information.
Disable Etag
Etag header may revealinode informationand can help hacker to execute NFS attacks.
By default IHS reveal the etag and here is how you’re free to remediate this vulnerability.
To limit the risk, you may create a dedicated user to run IHS instances.
Now, change the IHS folder ownership to ihsadmin so newly created user has full permission on it.
This will help IHS to start as ihsadmin user.
to get to implement this you must ensuremod_headers.sois enabled in httpd.conf.
Lets verify by accessing the URL, it should have X-Frame-Options as shown below.
Configure Listen Directive
This is applicable if you are having multiple Ethernet interface/IP on the server.
Its advisable to configure absolute IP and Port in Listen directive to avoid DNS requests getting forwarded.
This is often seen in shared environment.
By default, this is enabled and you might disable them with below parameter.
I hope the above tips help you harden the IBM HTTP Server for a production environment.
