• Table of Contents
  • Preparing Your Server
  • 1. Start With a “Blank Slate”
  • 2. Start With a Very Minimal and Restrictive Firewall
  • 3. Install All Available Patches
  • 4. Configure Automatic OS Patching
  • Install Minimal Apache Modules
  • Hide Apache Version Number
  • 5. Additional Suggestions for the Security­Minded
  • Using the Railo Installer
  • 1. Consider a Non­Standard Installation Directory
  • 2. Be Creative With Your Dedicated Railo System User
  • 3. Consider Using a Phrase as a Password
  • Locking Down Your Railo Stack
  • 2. Do Not Open Ports 8005 (Shutdown) or 8009 (AJP) to the Public
  • 3. Block Access to Railo Administrators Through Apache
  • 4. Lock down Apache and Railo Users
  • 5. Ensure the JVM is up to date
  • Locking Down Railo Server
  • 1. Disable Public Debugging Error Output
  • 2. Ensure All Administrators for All Contexts Have Passwords Assigned and Use Captcha
  • 3. Reduce Request Timeouts as Low as Possible
  • 4. Ensure Railo's “Script­Protect” feature is enabled
  • 5. Avoid Using System­Heavy Client Variables
  • 6. Set Session Timeouts to as Low as Possible
  • 7. Keep Datasource Permissions Simple
  • 8. Use a Separate DB User for Each DSN
  • 9. Consider Using a Web Application Firewall (like FuseGuard)