HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) instructs web browsers to only use secure connections for all future requests when communicating with a web site. Doing so helps prevent SSL protocol attacks, SSL stripping, cookie hijacking, and other attempts to circumvent SSL protection.


To enable HSTS, you just need to create .htaccess and place the code inside

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

To check if the HSTS is working, you can use the checking tools here

If you see it was green on Strict-Transport-Security, then it was done correctly.

More detail info about HSTS : Wikipedia

Firefox: ocsp stapling

OCSP stands for Online Certificate Status Protocol. It’s basically a protocol that’s used to make sure that an SSL certificate is still valid and hasn’t been revoked.

Firefox appears to be the only browser that does an additional security check for OCSP and also does a hard fail. This is a security feature of Firefox.

If your SSL report is fail the OCSP stapling, then the site will unable to access by Mozilla Firefox. This is the message from Mozilla FireFox


How to get the SSL report, you can always use the SSL report tools

You could try disabling stapling support from Mozilla FireFox

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste ocsp and pause while the list is filtered

(3) Double-click the security.ssl.enable_ocsp_stapling preference to switch the value from true to false


ClamAV commands

There is some command to trigger ClamAV in Linux server which is more easy to use back-end.

To scan all the file in the path

clamscan -r path

To scan all directories and sub directories recursive

clamav -ril /home/user/clamav.log

To scan all the server and provide report

clamscan -ir / -l cscanreport

How to allow access only within country

The solution quite simple, just deny all the access and allow that country IP.

order deny,allow
deny from all
allow from country IP 

Or you want to deny only one or several country

order allow,deny
deny from country IP 
deny from country IP 
allow from all

How to check the that country IP range, you can get the detail from this Useful site

How to drop clean caches (Linux)

Command to drop cache

To free pagecache:

echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:

echo 3 > /proc/sys/vm/drop_caches

Strongly advise to run sync first before do that. You can use command as below

sync;echo 3 > /proc/sys/vm/drop_caches