XSS is a vulnerability of the application running on top of
web-server and browser, there's hardly a way to fix it on a
web-server level. But outdated web-server may have vulnerabilities
of its own.
Of the ways you listed #1 without #2 usually doesn't work; OTOH
#2 done comprehensively (with some library) usually helps. But it
has nothing to do with Apache.
--
With Best Regards,
Marat Khalili
On 02/05/17 06:24, Hagan, Mark wrote:
Hello
All,
Looking for some help to determine
if I can configure Apache 2.0.59 to address a couple Cross
Site Scripting (XSS) vulnerabilities. I'm not able to
upgrade to a later version, so I'm trying to understand if
there is functionality within this version to address the
XSS issue.
I have 2 specific issues:
1. Validating input (whitelisting
acceptable characters)
2. Sanitizing or encoding output
(For instance, the character < would be encoded as
< which would be displayed by the browser as the
“less-than” character instead of being interpreted as the
start
of an HTML tag.)
I am not an experienced apache
administrator, so any help would be most appreciated.
Thanks.
