Harden Debian by Hardening Web Servers

These are the identified threats related to Debian software.

Some web application like Apache and Nginx exposes user level and system level files into web interface.

Web application is not listening to specific audience, thus serving everyone.

Web application log files' permissions are not configured according to specific audiences only.

Web application is not serving with SSL/TLS by default.

Web application has its own security audits to comply with.

Here are the list if actions to counter the issues.

SSL/TLS is a compulsory requirement. One must implements it no matter the cost.

You should disable the global settings at all cost. Then, slowly and surely, enable the specific path that is desired for hosting.

If available, try to set web server listening to certain network interface instead of all.

For all web server's log file, apply to specific read/write audiences.

Always build the web server's security checklist for security protection.