Copy link to clipboard
Copied
The following are proposed changes our server team are suggesting for our Adobe Media Server. Before we make them, we're hoping to get so me feedback as to whether or not these changes might cause problems with the AMS. Has anyone done anything like this with your AMS or can anyone foresee any complications from making these changes?
For Apache HTTPD 2.4.10
These vulnerabilities can be resolved by performing the following 3 steps. The total estimated time to perform all of these steps is 2
hours 30 minutes.
Fix Apache Server mod_info is Publicly Accessible
Estimated time: 15 minutes
The configuration file for apache (httpd.conf), reads:
<Location /server-info>
SetHandler server-info
</Location>
To remove the feature from Apache, rewrite this to:
# comment everything out
#<Location /server-info>
# SetHandler server-info
#</Location>
To keep the feature, adding access control, rewrite it to:
# add access control
<Location/server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Once these changes have been made, the Apache server needs to be restarted.
This will address the following issue: Apache Server mod_info is Publicly Accessible (http-apache-0008).
Upgrade to the latest version of Apache HTTPD
Estimated time: 2 hours
Download and apply the upgrade from: http://archive.apache.org/dist/httpd/httpd-2.4.24.tar.gz
The latest version of Apache HTTPD is 2.4.24.
Many platforms and distributions provide pre-built binary packages for Apache HTTP server. These pre-built packages are usually
customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your
operating system.
This will address the following issue: Apache HTTPD: HTTP_PROXY environment variable "httpoxy" mitigation (CVE-2016-5387)
(apache-httpd-cve-2016-5387).
Fix Apache Server mod_status is Publicly Accessible
Estimated time: 15 minutes
The configuration file for apache (httpd.conf), reads:
<Location /server-status>
SetHandler server-status
</Location>
To remove the feature from Apache, rewrite this to:
# comment everything out
#<Location /server-status>
# SetHandler server-status
#</Location>
To keep the feature, adding access control, rewrite this to:
# add access control
<Location/server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Once these changes have been made, the Apache server needs to be restarted.
This will address the following issue: Apache Server mod_status is Publicly Accessible (http-apache-0009).
Copy link to clipboard
Copied
If you can get apache to launch with your updated apache webserver, We do not perceive any further with Adobe media server functioning.However note that to compile and get apache server to launch form within AMS may be tricky at times.