It is very common to have Debian being used as a web server. Hence, we need to ensure it complies to web security checklist. This section guides you on how to harden all web servers used in the operating system.
These are the identified threats related to Debian software.
Some web application like Apache and Nginx exposes user level and system level files into web interface.
Web application is not listening to specific audience, thus serving everyone.
Web application log files' permissions are not configured according to specific audiences only.
Web application is not serving with SSL/TLS by default.
Web application has its own security audits to comply with.
Here are the list if actions to counter the issues.
SSL/TLS is a compulsory requirement. One must implements it no matter the cost.
You should disable the global settings at all cost. Then, slowly and surely, enable the specific path that is desired for hosting.
If available, try to set web server listening to certain network interface instead of all.
For all web server's log file, apply to specific read/write audiences.
Always build the web server's security checklist for security protection.
That's all for hardening Debian by hardening web servers.