Kamran Ahmed
2 years ago
parent
5e75026424
commit
dfc2d39427
3 changed files with 22 additions and 3 deletions
@ -1 +1,7 @@ |
|||||||
# Directory listings |
# Directory Listings |
||||||
|
|
||||||
|
> Turn off directory listings |
||||||
|
|
||||||
|
Directory listings are a feature of web servers that allow users to view the contents of a directory on a server. By default, web servers often have directory listings enabled, which means that anyone who has access to the server can see all the files and directories in a given folder. |
||||||
|
|
||||||
|
Turning off directory listings is important for API security because it prevents attackers from gaining access to sensitive files and directories on the server. If directory listings are enabled and an attacker gains access to the server, they can easily view and download any files that are not properly protected. By disabling directory listings, you can ensure that only authorized users can access the files and directories on the server. |
||||||
@ -1 +1,9 @@ |
|||||||
# Oauth redirect ui |
# redirect_uri |
||||||
|
|
||||||
|
> Validate `redirect_uri’ on server-side to prevent open redirect attacks. |
||||||
|
|
||||||
|
In OAuth, `redirect_uri` is a parameter that specifies the URI (Uniform Resource Identifier) that the authorization server should redirect the user to after authentication is complete. The `redirect_uri` is often used in the OAuth flow to return an authorization code or access token to the client application. |
||||||
|
|
||||||
|
It is important to validate the `redirect_uri` on the server-side to prevent attacks such as open redirection attacks. In an open redirection attack, an attacker can modify the `redirect_uri` parameter to redirect the user to a malicious website. By validating the `redirect_uri` on the server-side, you can ensure that the redirect URI is a valid and authorized URI for the client application. |
||||||
|
|
||||||
|
Validating the `redirect_uri` on the server-side can also prevent other types of attacks such as phishing attacks or cross-site request forgery (CSRF) attacks. By verifying that the `redirect_uri` matches a predefined list of authorized URIs, you can ensure that the user is redirected to a trusted site after authentication is complete. |
||||||
@ -1 +1,6 @@ |
|||||||
# Restrict private apis |
# Restrict Private APIs |
||||||
|
|
||||||
|
> Private APIs should only be accessible from safe listed IPs |
||||||
|
|
||||||
|
Private APIs should only be accessible from safe-listed IPs to ensure that only authorized users or systems can access the API. By restricting access to specific IP addresses, you can prevent unauthorized access from external networks or malicious actors. This can help to protect sensitive data and prevent attacks such as DDoS or brute-force attacks. Additionally, restricting access to safe-listed IPs can help to ensure the reliability and performance of the API by preventing excessive traffic from unauthorized sources. |
||||||
|
|
||||||
|
|||||||
Loading…
Reference in new issue