Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines on Securing Public Web Servers

Published

Author(s)

Miles C. Tracy, Wayne Jansen, Karen A. Scarfone, Theodore Winograd

Abstract

Web servers are often the most targeted and attacked hosts on organizations' networks. As a result, it is essential to secure Web servers and the network infrastructure that supports them. This document is intended to assist organizations in installing, configuring, and maintaining secure public Web servers. Practices described in detail include choosing Web server software and platforms, securing the underlying operating system and Web server software, deploying appropriate network protection mechanisms, and using, publicizing, and protecting information in a careful and systematic manner. The publication also provides recommendations for maintaining secure configurations through patching and upgrades, security testing, log monitoring, and backups of data and operating system files. [Supersedes SP 800-44 (October 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151268]
Citation
Special Publication (NIST SP) - 800-44 Ver 2
Report Number
800-44 Ver 2

Keywords

Web server, Web server security

Citation

Tracy, M. , Jansen, W. , Scarfone, K. and Winograd, T. (2007), Guidelines on Securing Public Web Servers, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=51222 (Accessed June 21, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 8, 2007, Updated October 12, 2021