Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines on Securing Public Web Servers

Published

Author(s)

Miles C. Tracy, Wayne Jansen, Mark McLarnon

Abstract

[Superseded by SP 800-44 Ver. 2 (September 2007): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51222] Web servers maintained for public use are normally the most targeted and attacked hosts on an organization's network. Thus, it is essential to secure Web servers and the network infrastructure that supports them. This document has been developed to assist federal departments and agencies, state agencies, and commercial organizations in installing, configuring, and maintaining secure public Web servers. It presents generic security principles and covers details specific to the various components of Web content, Web applications, and Web servers. It also includes examples that address two of the more popular Web server applications running respectively on Unix and Microsoft Windows operating systems: Apache and Internet Information Server.
Citation
Special Publication (NIST SP) - 800-44
Report Number
800-44

Keywords

security, web server

Citation

Tracy, M. , Jansen, W. and McLarnon, M. (2002), Guidelines on Securing Public Web Servers, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed June 13, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 8, 2002, Updated October 12, 2021